6 files changed, 123 insertions, 54 deletions

diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index a7710dcb44..4fc1ef1b33 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -213,6 +213,18 @@
         (such as 127.0.0.1 or ::1), in order to avoid duplicate local caching.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>DNSStubListener=</varname></term>
+        <listitem><para>Takes a boolean argument or one of <literal>udp</literal> and <literal>tcp</literal>. If
+        <literal>udp</literal> (the default), a DNS stub resolver will listen for UDP requests on address 127.0.0.53
+        port 53. If <literal>tcp</literal>, the stub will listen for TCP requests on the same address and port. If
+        <literal>yes</literal>, the stub listens for both UDP and TCP requests.  If <literal>no</literal>, the stub
+        listener is disabled.</para>
+
+        <para>Note that the DNS stub listener is turned off implicitly when its listening address and port are already
+        in use.</para></listitem>
+      </varlistentry>
+
     </variablelist>
   </refsect1>
 
diff --git a/man/systemd-journal-remote.xml b/man/systemd-journal-remote.xml
index f208f8deb4..ee2d5c2486 100644
--- a/man/systemd-journal-remote.xml
+++ b/man/systemd-journal-remote.xml
@@ -250,20 +250,19 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>--compress</option></term>
-        <term><option>--no-compress</option></term>
+        <term><option>--compress</option> [<replaceable>BOOL</replaceable>]</term>
 
-        <listitem><para>Compress or not, respectively, the data in the
-        journal using XZ.</para></listitem>
+        <listitem><para>If this is set to <literal>yes</literal> then compress
+        the data in the journal using XZ. The default is <literal>yes</literal>.
+        </para></listitem>
       </varlistentry>
 
       <varlistentry>
-        <term><option>--seal</option></term>
-        <term><option>--no-seal</option></term>
+        <term><option>--seal</option> [<replaceable>BOOL</replaceable>]</term>
 
-        <listitem><para>Periodically sign or not, respectively, the
-        data in the journal using Forward Secure Sealing.
-        </para></listitem>
+        <listitem><para>If this is set to <literal>yes</literal> then
+        periodically sign the data in the journal using Forward Secure Sealing.
+        The default is <literal>no</literal>.</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index bf3860604c..5ac54df81a 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -405,35 +405,36 @@
         purposes (usually in the range beyond the host's UID/GID 65536). The parameter may be specified as follows:</para>
 
         <orderedlist>
-          <listitem><para>The value <literal>no</literal> turns off user namespacing. This is the default.</para></listitem>
-
-          <listitem><para>The value <literal>yes</literal> (or the omission of a parameter) turns on user
-          namespacing. The UID/GID range to use is determined automatically from the file ownership of the root
-          directory of the container's directory tree. To use this option, make sure to prepare the directory tree in
-          advance, and ensure that all files and directories in it are owned by UIDs/GIDs in the range you'd like to
-          use. Also, make sure that used file ACLs exclusively reference UIDs/GIDs in the appropriate range. If this
-          mode is used the number of UIDs/GIDs assigned to the container for use is 65536, and the UID/GID of the
-          root directory must be a multiple of 65536.</para></listitem>
-
-          <listitem><para>The value "pick" turns on user namespacing. In this case the UID/GID range is automatically
-          chosen. As first step, the file owner of the root directory of the container's directory tree is read, and it
-          is checked that it is currently not used by the system otherwise (in particular, that no other container is
-          using it). If this check is successful, the UID/GID range determined this way is used, similar to the
-          behaviour if "yes" is specified. If the check is not successful (and thus the UID/GID range indicated in the
-          root directory's file owner is already used elsewhere) a new – currently unused – UID/GID range of 65536
-          UIDs/GIDs is randomly chosen between the host UID/GIDs of 524288 and 1878982656, always starting at a
-          multiple of 65536. This setting implies <option>--private-users-chown</option> (see below), which has the
-          effect that the files and directories in the container's directory tree will be owned by the appropriate
-          users of the range picked. Using this option makes user namespace behaviour fully automatic. Note that the
-          first invocation of a previously unused container image might result in picking a new UID/GID range for it,
-          and thus in the (possibly expensive) file ownership adjustment operation. However, subsequent invocations of
-          the container will be cheap (unless of course the picked UID/GID range is assigned to a different use by
-          then).</para></listitem>
-
-          <listitem><para>Finally if one or two colon-separated numeric parameters are specified, user namespacing is
-          turned on, too. The first parameter specifies the first host UID/GID to assign to the container, the second
-          parameter specifies the number of host UIDs/GIDs to assign to the container. If the second parameter is
-          omitted, 65536 UIDs/GIDs are assigned.</para></listitem>
+          <listitem><para>If one or two colon-separated numers are specified, user namespacing is turned on. The first
+          parameter specifies the first host UID/GID to assign to the container, the second parameter specifies the
+          number of host UIDs/GIDs to assign to the container. If the second parameter is omitted, 65536 UIDs/GIDs are
+          assigned.</para></listitem>
+
+          <listitem><para>If the parameter is omitted, or true, user namespacing is turned on. The UID/GID range to
+          use is determined automatically from the file ownership of the root directory of the container's directory
+          tree. To use this option, make sure to prepare the directory tree in advance, and ensure that all files and
+          directories in it are owned by UIDs/GIDs in the range you'd like to use. Also, make sure that used file ACLs
+          exclusively reference UIDs/GIDs in the appropriate range. If this mode is used the number of UIDs/GIDs
+          assigned to the container for use is 65536, and the UID/GID of the root directory must be a multiple of
+          65536.</para></listitem>
+
+          <listitem><para>If the parameter is false, user namespacing is turned off. This is the default.</para>
+          </listitem>
+
+          <listitem><para>The special value <literal>pick</literal> turns on user namespacing. In this case the UID/GID
+          range is automatically chosen. As first step, the file owner of the root directory of the container's
+          directory tree is read, and it is checked that it is currently not used by the system otherwise (in
+          particular, that no other container is using it). If this check is successful, the UID/GID range determined
+          this way is used, similar to the behaviour if "yes" is specified. If the check is not successful (and thus
+          the UID/GID range indicated in the root directory's file owner is already used elsewhere) a new – currently
+          unused – UID/GID range of 65536 UIDs/GIDs is randomly chosen between the host UID/GIDs of 524288 and
+          1878982656, always starting at a multiple of 65536. This setting implies
+          <option>--private-users-chown</option> (see below), which has the effect that the files and directories in
+          the container's directory tree will be owned by the appropriate users of the range picked. Using this option
+          makes user namespace behaviour fully automatic. Note that the first invocation of a previously unused
+          container image might result in picking a new UID/GID range for it, and thus in the (possibly expensive) file
+          ownership adjustment operation. However, subsequent invocations of the container will be cheap (unless of
+          course the picked UID/GID range is assigned to a different use by then).</para></listitem>
         </orderedlist>
 
         <para>It is recommended to assign at least 65536 UIDs/GIDs to each container, so that the usable UID/GID range in the
@@ -454,17 +455,6 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>-U</option></term>
-
-        <listitem><para>If the kernel supports the user namespaces feature, equivalent to
-        <option>--private-users=pick</option>, otherwise equivalent to
-        <option>--private-users=no</option>.</para>
-
-        <para>Note that <option>-U</option> is the default if the <filename>systemd-nspawn@.service</filename> template unit
-        file is used.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
         <term><option>--private-users-chown</option></term>
 
         <listitem><para>If specified, all files and directories in the container's directory tree will adjusted so that
@@ -477,6 +467,23 @@
       </varlistentry>
 
       <varlistentry>
+        <term><option>-U</option></term>
+
+        <listitem><para>If the kernel supports the user namespaces feature, equivalent to
+        <option>--private-users=pick --private-users-chown</option>, otherwise equivalent to
+        <option>--private-users=no</option>.</para>
+
+        <para>Note that <option>-U</option> is the default if the
+        <filename>systemd-nspawn@.service</filename> template unit file is used.</para>
+
+        <para>Note: it is possible to undo the effect of <option>--private-users-chown</option> (or
+        <option>-U</option>) on the file system by redoing the operation with the first UID of 0:</para>
+
+        <programlisting>systemd-nspawn … --private-users=0 --private-users-chown</programlisting>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>--private-network</option></term>
 
         <listitem><para>Disconnect networking of the container from
diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index e378e61dd1..ffb66e735b 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -537,7 +537,7 @@
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><varname>UDPCheckSum=</varname></term>
+        <term><varname>UDPChecksum=</varname></term>
         <listitem>
           <para>A boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
         </listitem>
@@ -549,19 +549,19 @@
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><varname>UDP6ZeroCheckSumRx=</varname></term>
+        <term><varname>UDP6ZeroChecksumRx=</varname></term>
         <listitem>
           <para>A boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><varname>RemoteCheckSumTx=</varname></term>
+        <term><varname>RemoteChecksumTx=</varname></term>
         <listitem>
           <para>A boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><varname>RemoteCheckSumRx=</varname></term>
+        <term><varname>RemoteChecksumRx=</varname></term>
         <listitem>
           <para>A boolean. When true, remote receive checksum offload in VXLAN is turned on.</para>
         </listitem>
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 0af927db19..2fb4907634 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -695,6 +695,57 @@
             which is then configured to use them explicitly.</para>
           </listitem>
         </varlistentry>
+        <varlistentry>
+          <term><varname>HomeAddress=</varname></term>
+          <listitem>
+            <para>Takes a boolean argument. Designates this address the "home address" as defined in
+            <ulink url="https://tools.ietf.org/html/rfc6275">RFC 6275</ulink>.
+            Supported only on IPv6. Defaults to false.</para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><varname>DuplicateAddressDetection=</varname></term>
+          <listitem>
+            <para>Takes a boolean argument. Do not perform Duplicate Address Detection
+            <ulink url="https://tools.ietf.org/html/rfc4862">RFC 4862</ulink> when adding this address.
+            Supported only on IPv6. Defaults to false.</para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><varname>ManageTemporaryAddress=</varname></term>
+          <listitem>
+            <para>Takes a boolean argument. If true the kernel manage temporary addresses created
+            from this one as template on behalf of Privacy Extensions
+            <ulink url="https://tools.ietf.org/html/rfc3041">RFC 3041</ulink>.  For this to become
+            active, the use_tempaddr sysctl setting has to be set to a value greater than zero.
+            The given address needs to have a prefix length of 64. This flag allows to use privacy
+            extensions in a manually configured network, just like if stateless auto-configuration
+            was active. Defaults to false. </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><varname>PrefixRoute=</varname></term>
+          <listitem>
+            <para>Takes a boolean argument. When adding or modifying an IPv6 address, the userspace
+            application needs a way to suppress adding a prefix route. This is for example relevant
+            together with IFA_F_MANAGERTEMPADDR, where userspace creates autoconf generated addresses,
+            but depending on on-link, no route for the prefix should be added. Defaults to false.</para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><varname>AutoJoin=</varname></term>
+          <listitem>
+            <para>Takes a boolean argument. Joining multicast group on ethernet level via
+            <command>ip maddr</command> command would not work if we have an Ethernet switch that does
+            IGMP snooping since the switch would not replicate multicast packets on  ports that did not
+            have IGMP reports for the multicast addresses. Linux vxlan interfaces created via
+            <command>ip link add vxlan</command> or networkd's netdev kind vxlan have the group option
+            that enables then to do the required join. By extending ip address command with option
+            <literal>autojoin</literal> we can get similar functionality for openvswitch (OVS) vxlan
+            interfaces as well as other tunneling mechanisms that need to receive multicast traffic.
+            Defaults to <literal>no</literal>.</para>
+          </listitem>
+        </varlistentry>
       </variablelist>
   </refsect1>
 
diff --git a/man/systemd.xml b/man/systemd.xml
index e30333e209..7f24a874ed 100644
--- a/man/systemd.xml
+++ b/man/systemd.xml
@@ -272,7 +272,7 @@
     <title>Concepts</title>
 
     <para>systemd provides a dependency system between various
-    entities called "units" of 12 different types. Units encapsulate
+    entities called "units" of 11 different types. Units encapsulate
     various objects that are relevant for system boot-up and
     maintenance. The majority of units are configured in unit
     configuration files, whose syntax and basic set of options is