12 files changed, 71 insertions, 13 deletions

diff --git a/hwdb/60-keyboard.hwdb b/hwdb/60-keyboard.hwdb
index ffd06f040c..48665ca744 100644
--- a/hwdb/60-keyboard.hwdb
+++ b/hwdb/60-keyboard.hwdb
@@ -495,6 +495,11 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHP*ProBook*4*:pvr*
 # HP ZBook
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPZBook*:pvr*
  KEYBOARD_KEY_81=f20                                    # Fn+F8; Microphone mute button, should be micmute
+# HP Folio 1040g2
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBookFolio1040G2:pvr*
+ KEYBOARD_KEY_81=f20                                    # Fn+F8; Microphone mute button, should be micmute
+ KEYBOARD_KEY_d8=!f23                                   # touchpad off
+ KEYBOARD_KEY_d9=!f22                                   # touchpad on
 
 # HP ProBook 6555b
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard:pnHPProBook6555b:*
diff --git a/src/core/service.h b/src/core/service.h
index a5ced215e4..cd9e41646e 100644
--- a/src/core/service.h
+++ b/src/core/service.h
@@ -80,7 +80,7 @@ typedef enum NotifyState {
 
 typedef enum ServiceResult {
         SERVICE_SUCCESS,
-        SERVICE_FAILURE_RESOURCES,
+        SERVICE_FAILURE_RESOURCES, /* a bit of a misnomer, just our catch-all error for errnos we didn't expect */
         SERVICE_FAILURE_TIMEOUT,
         SERVICE_FAILURE_EXIT_CODE,
         SERVICE_FAILURE_SIGNAL,
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 4dd1b39d02..901bd8fb68 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -217,8 +217,10 @@ int journal_file_set_offline(JournalFile *f, bool wait) {
         if (!(f->fd >= 0 && f->header))
                 return -EINVAL;
 
-        if (f->header->state != STATE_ONLINE)
-                return 0;
+        /* An offlining journal is implicitly online and may modify f->header->state,
+         * we must also join any potentially lingering offline thread when not online. */
+        if (!journal_file_is_offlining(f) && f->header->state != STATE_ONLINE)
+                return journal_file_set_offline_thread_join(f);
 
         /* Restart an in-flight offline thread and wait if needed, or join a lingering done one. */
         restarted = journal_file_set_offline_try_restart(f);
diff --git a/src/libsystemd/sd-netlink/rtnl-message.c b/src/libsystemd/sd-netlink/rtnl-message.c
index 255526bf32..f251536a89 100644
--- a/src/libsystemd/sd-netlink/rtnl-message.c
+++ b/src/libsystemd/sd-netlink/rtnl-message.c
@@ -402,7 +402,6 @@ int sd_rtnl_message_new_link(sd_netlink *rtnl, sd_netlink_message **ret,
         int r;
 
         assert_return(rtnl_message_type_is_link(nlmsg_type), -EINVAL);
-        assert_return(nlmsg_type != RTM_DELLINK || index > 0, -EINVAL);
         assert_return(ret, -EINVAL);
 
         r = message_new(rtnl, ret, nlmsg_type);
diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c
index 73f5112c4d..b764bc43a0 100644
--- a/src/machine/image-dbus.c
+++ b/src/machine/image-dbus.c
@@ -137,6 +137,8 @@ int bus_image_method_clone(
                 return 1; /* Will call us back */
 
         r = image_clone(image, new_name, read_only);
+        if (r == -EOPNOTSUPP)
+                return sd_bus_reply_method_errnof(message, r, "Image cloning is currently only supported on btrfs file systems.");
         if (r < 0)
                 return r;
 
diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index 7f9a7268cc..429319da6b 100644
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -67,16 +67,15 @@ int address_new_static(Network *network, unsigned section, Address **ret) {
         if (r < 0)
                 return r;
 
-        address->network = network;
-
-        LIST_APPEND(addresses, network->static_addresses, address);
-
         if (section) {
                 address->section = section;
                 hashmap_put(network->addresses_by_section,
                             UINT_TO_PTR(address->section), address);
         }
 
+        address->network = network;
+        LIST_APPEND(addresses, network->static_addresses, address);
+
         *ret = address;
         address = NULL;
 
diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
index ab9b777d9a..bda2707e6d 100644
--- a/src/network/networkd-route.c
+++ b/src/network/networkd-route.c
@@ -68,15 +68,15 @@ int route_new_static(Network *network, unsigned section, Route **ret) {
         route->protocol = RTPROT_STATIC;
 
         if (section) {
+                route->section = section;
+
                 r = hashmap_put(network->routes_by_section, UINT_TO_PTR(route->section), route);
                 if (r < 0)
                         return r;
-
-                route->section = section;
         }
 
-        LIST_PREPEND(routes, network->static_routes, route);
         route->network = network;
+        LIST_PREPEND(routes, network->static_routes, route);
 
         *ret = route;
         route = NULL;
diff --git a/src/nspawn/nspawn-network.c b/src/nspawn/nspawn-network.c
index 74a0ae865b..f2b7e4dd79 100644
--- a/src/nspawn/nspawn-network.c
+++ b/src/nspawn/nspawn-network.c
@@ -538,3 +538,50 @@ int veth_extra_parse(char ***l, const char *p) {
         a = b = NULL;
         return 0;
 }
+
+static int remove_one_veth_link(sd_netlink *rtnl, const char *name) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+        int r;
+
+        if (isempty(name))
+                return 0;
+
+        r = sd_rtnl_message_new_link(rtnl, &m, RTM_DELLINK, 0);
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate netlink message: %m");
+
+        r = sd_netlink_message_append_string(m, IFLA_IFNAME, name);
+        if (r < 0)
+                return log_error_errno(r, "Failed to add netlink interface name: %m");
+
+        r = sd_netlink_call(rtnl, m, 0, NULL);
+        if (r == -ENODEV) /* Already gone */
+                return 0;
+        if (r < 0)
+                return log_error_errno(r, "Failed to remove veth interface %s: %m", name);
+
+        return 1;
+}
+
+int remove_veth_links(const char *primary, char **pairs) {
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+        char **a, **b;
+        int r;
+
+        /* In some cases the kernel might pin the veth links between host and container even after the namespace
+         * died. Hence, let's better remove them explicitly too. */
+
+        if (isempty(primary) && strv_isempty(pairs))
+                return 0;
+
+        r = sd_netlink_open(&rtnl);
+        if (r < 0)
+                return log_error_errno(r, "Failed to connect to netlink: %m");
+
+        remove_one_veth_link(rtnl, primary);
+
+        STRV_FOREACH_PAIR(a, b, pairs)
+                remove_one_veth_link(rtnl, *a);
+
+        return 0;
+}
diff --git a/src/nspawn/nspawn-network.h b/src/nspawn/nspawn-network.h
index 9ab1606d1c..c5036ab470 100644
--- a/src/nspawn/nspawn-network.h
+++ b/src/nspawn/nspawn-network.h
@@ -34,3 +34,5 @@ int setup_ipvlan(const char *machine_name, pid_t pid, char **ifaces);
 int move_network_interfaces(pid_t pid, char **ifaces);
 
 int veth_extra_parse(char ***l, const char *p);
+
+int remove_veth_links(const char *primary, char **pairs);
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index e1d37d383a..d687df8a09 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3713,6 +3713,7 @@ int main(int argc, char *argv[]) {
                 }
 
                 expose_port_flush(arg_expose_ports, &exposed);
+                (void) remove_veth_links(veth_name, arg_network_veth_extra);
         }
 
 finish:
@@ -3745,6 +3746,7 @@ finish:
         }
 
         expose_port_flush(arg_expose_ports, &exposed);
+        (void) remove_veth_links(veth_name, arg_network_veth_extra);
 
         free(arg_directory);
         free(arg_template);
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index da479aec8d..2b755cea28 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -684,7 +684,7 @@ static int bus_job_get_service_result(BusWaitForJobs *d, char **result) {
 static const struct {
         const char *result, *explanation;
 } explanations [] = {
-        { "resources",   "a configured resource limit was exceeded" },
+        { "resources",   "of unavailable resources or another system error" },
         { "timeout",     "a timeout was exceeded" },
         { "exit-code",   "the control process exited with error code" },
         { "signal",      "a fatal signal was delivered to the control process" },
diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index 3710c595ca..685baab21d 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -15,7 +15,7 @@ After=machine.slice
 [Service]
 ExecStart=@rootlibexecdir@/systemd-machined
 BusName=org.freedesktop.machine1
-CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID
+CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
 WatchdogSec=3min
 
 # Note that machined cannot be placed in a mount namespace, since it