7 files changed, 87 insertions, 47 deletions

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index dbbf9890c8..cd0a90d82f 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -740,21 +740,19 @@
         <term><option>--bind=</option></term>
         <term><option>--bind-ro=</option></term>
 
-        <listitem><para>Bind mount a file or directory from the host
-        into the container. Takes one of: a path argument — in which
-        case the specified path will be mounted from the host to the
-        same path in the container —, or a colon-separated pair of
-        paths — in which case the first specified path is the source
-        in the host, and the second path is the destination in the
-        container —, or a colon-separated triple of source path,
-        destination path and mount options. Mount options are
-        comma-separated and currently, only "rbind" and "norbind"
-        are allowed. Defaults to "rbind". Backslash escapes are interpreted, so
-        <literal>\:</literal> may be used to embed colons in either path.
-        This option may be specified multiple times for
-        creating multiple independent bind mount points. The
-        <option>--bind-ro=</option> option creates read-only bind
-        mounts.</para></listitem>
+        <listitem><para>Bind mount a file or directory from the host into the container. Takes one of: a path
+        argument — in which case the specified path will be mounted from the host to the same path in the container, or
+        a colon-separated pair of paths — in which case the first specified path is the source in the host, and the
+        second path is the destination in the container, or a colon-separated triple of source path, destination path
+        and mount options. The source path may optionally be prefixed with a <literal>+</literal> character. If so, the
+        source path is taken relative to the image's root directory. This permits setting up bind mounts within the
+        container image. The source path may be specified as empty string, in which case a temporary directory below
+        the host's <filename>/var/tmp</filename> directory is used. It is automatically removed when the container is
+        shut down. Mount options are comma-separated and currently, only <option>rbind</option> and
+        <option>norbind</option> are allowed, controlling whether to create a recursive or a regular bind
+        mount. Defaults to "rbind". Backslash escapes are interpreted, so <literal>\:</literal> may be used to embed
+        colons in either path.  This option may be specified multiple times for creating multiple independent bind
+        mount points. The <option>--bind-ro=</option> option creates read-only bind mounts.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -808,6 +806,14 @@
         point for the overlay file system in the container. At least
         two paths have to be specified.</para>
 
+        <para>The source paths may optionally be prefixed with <literal>+</literal> character. If so they are taken
+        relative to the image's root directory. The uppermost source path may also be specified as empty string, in
+        which case a temporary directory below the host's <filename>/var/tmp</filename> is used. The directory is
+        removed automatically when the container is shut down. This behaviour is useful in order to make read-only
+        container directories writable while the container is running. For example, use the
+        <literal>--overlay=+/var::/var</literal> option in order to automatically overlay a writable temporary
+        directory on a read-only <filename>/var</filename> directory.</para>
+
         <para>For details about overlay file systems, see <ulink
         url="https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt">overlayfs.txt</ulink>. Note
         that the semantics of overlay file systems are substantially
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index abc275aad0..ab83876eba 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1772,9 +1772,9 @@
         <listitem><para>Only defined for the service unit type, this environment variable is passed to all
         <varname>ExecStop=</varname> and <varname>ExecStopPost=</varname> processes, and encodes the service
         "result". Currently, the following values are defined: <literal>protocol</literal> (in case of a protocol
-        violation; if a service did not take the steps required by its configuration), <literal>timeout</literal> (in
-        case of an operation timeout), <literal>exit-code</literal> (if a service process exited with a non-zero exit
-        code; see <varname>$EXIT_CODE</varname> below for the actual exit code returned), <literal>signal</literal>
+        violation; if a service did not take the steps required by its unit configuration), <literal>timeout</literal>
+        (in case of an operation timeout), <literal>exit-code</literal> (if a service process exited with a non-zero
+        exit code; see <varname>$EXIT_CODE</varname> below for the actual exit code returned), <literal>signal</literal>
         (if a service process was terminated abnormally by a signal; see <varname>$EXIT_CODE</varname> below for the
         actual signal used for the termination), <literal>core-dump</literal> (if a service process terminated
         abnormally and dumped core), <literal>watchdog</literal> (if the watchdog keep-alive ping was enabled for the
diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index ffb66e735b..a549ec83bd 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -512,7 +512,9 @@
       <varlistentry>
         <term><varname>ARPProxy=</varname></term>
         <listitem>
-          <para>A boolean. When true, enables ARP proxying.</para>
+          <para>A boolean. When true bridge-connected VXLAN tunnel endpoint
+	  answers ARP requests from the local bridge on behalf of
+	  remote Distributed Overlay Virtual Ethernet (DOVE) clients.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml
index b1344d6c10..7143188356 100644
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@@ -335,6 +335,17 @@
       </varlistentry>
 
       <varlistentry>
+        <term><varname>Overlay=</varname></term>
+        <term><varname>OverlayReadOnly=</varname></term>
+
+        <listitem><para>Adds an overlay mount point. Takes a colon-separated list of paths.  This option may be used
+        multiple times to configure multiple overlay mounts. This option is equivalent to the command line switches
+        <option>--overlay=</option> and <option>--overlay-ro=</option>, see
+        <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> for details
+        about the specific options supported. This setting is privileged (see above).</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><varname>PrivateUsersChown=</varname></term>
 
         <listitem><para>Configures whether the ownership of the files and directories in the container tree shall be
diff --git a/man/systemd.offline-updates.xml b/man/systemd.offline-updates.xml
index 07a5225512..d673cf5db8 100644
--- a/man/systemd.offline-updates.xml
+++ b/man/systemd.offline-updates.xml
@@ -86,34 +86,44 @@
       </listitem>
 
       <listitem>
-        <para>The system now continues to boot into <filename>default.target</filename>, and thus
-        into <filename>system-update.target</filename>. This target pulls in the system update unit,
-        which starts the system update script after all file systems have been mounted.</para>
+        <para>The system now continues to boot into <filename>default.target</filename>, and
+        thus into <filename>system-update.target</filename>. This target pulls in all system
+        update units. Only one service should perform an update (see the next point), and all
+        the other ones should exit cleanly with a "success" return code and without doing
+        anything. Update services should be ordered after <filename>sysinit.target</filename>
+        so that the update starts after after all file systems have been mounted.</para>
       </listitem>
 
       <listitem>
-        <para>As the first step, the update script should check if the
+        <para>As the first step, an update service should check if the
         <filename>/system-update</filename> symlink points to the location used by that update
-        script. In case it does not exists or points to a different location, the script must exit
+        service. In case it does not exist or points to a different location, the service must exit
         without error. It is possible for multiple update services to be installed, and for multiple
-        update scripts to be launched in parallel, and only the one that corresponds to the tool
+        update services to be launched in parallel, and only the one that corresponds to the tool
         that <emphasis>created</emphasis> the symlink before reboot should perform any actions. It
         is unsafe to run multiple updates in parallel.</para>
       </listitem>
 
       <listitem>
-        <para>The update script should now do its job. If applicable and possible, it should
-        create a file system snapshot, then install all packages.
-        After completion (regardless whether the update succeeded or failed) the machine
-        must be rebooted, for example by calling <command>systemctl reboot</command>.
-        In addition, on failure the script should revert to the old file system snapshot
-        (without the symlink).</para>
+        <para>The update service should now do its job. If applicable and possible, it should
+        create a file system snapshot, then install all packages.  After completion (regardless
+        whether the update succeeded or failed) the machine must be rebooted, for example by
+        calling <command>systemctl reboot</command>. In addition, on failure the script should
+        revert to the old file system snapshot (without the symlink).</para>
       </listitem>
 
       <listitem>
-        <para>The system is rebooted. Since the <filename>/system-update</filename> symlink is gone,
-        the generator won't redirect <filename>default.target</filename> after reboot and the
-        system now boots into the default target again.</para>
+        <para>The upgrade scripts should exit only after the update is finished. It is expected
+        that the service which performs the upgrade will cause the machine to reboot after it
+        is done. If the <filename>system-update.target</filename> is successfully reached, i.e.
+        all update services have run, and the <filename>/system-update</filename> symlink still
+        exists, it will be removed and the machine rebooted as a safety measure.</para>
+      </listitem>
+
+      <listitem>
+        <para>After a reboot, now that the <filename>/system-update</filename> symlink is gone,
+        the generator won't redirect <filename>default.target</filename> anymore and the system
+        now boots into the default target again.</para>
       </listitem>
     </orderedlist>
   </refsect1>
@@ -150,7 +160,8 @@
 
       <listitem>
         <para>The update service should declare <varname>DefaultDependencies=false</varname>,
-        and pull in any services it requires explicitly.</para>
+        <varname>Requires=sysinit.target</varname>, <varname>After=sysinit.target</varname>,
+        and explicitly pull in any other services it requires.</para>
       </listitem>
     </orderedlist>
   </refsect1>
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 3ba6ab34db..67c68d2f8b 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -798,11 +798,14 @@
         notification socket, as accessible via the
         <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>
         call. Takes one of <option>none</option> (the default),
-        <option>main</option> or <option>all</option>. If
-        <option>none</option>, no daemon status updates are accepted
-        from the service processes, all status update messages are
-        ignored. If <option>main</option>, only service updates sent
-        from the main process of the service are accepted. If
+        <option>main</option>, <option>exec</option> or
+        <option>all</option>. If <option>none</option>, no daemon status
+        updates are accepted from the service processes, all status
+        update messages are ignored. If <option>main</option>, only
+        service updates sent from the main process of the service are
+        accepted. If <option>exec</option>, only service updates sent
+        from any of the control processes originating from one of the
+        <varname>Exec*=</varname> commands are accepted. If
         <option>all</option>, all services updates from all members of
         the service's control group are accepted. This option should
         be set to open access to the notification socket when using
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index d977298cd8..b513a13b5a 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -102,6 +102,7 @@
     <filename>sysinit.target</filename>,
     <filename>syslog.socket</filename>,
     <filename>system-update.target</filename>,
+    <filename>system-update-cleanup.service</filename>,
     <filename>time-sync.target</filename>,
     <filename>timers.target</filename>,
     <filename>umount.target</filename>,
@@ -608,15 +609,21 @@
       </varlistentry>
       <varlistentry>
         <term><filename>system-update.target</filename></term>
+        <term><filename>system-update-cleanup.service</filename></term>
         <listitem>
-          <para>A special target unit that is used for off-line system
-          updates.
+          <para>A special target unit that is used for offline system updates.
           <citerefentry><refentrytitle>systemd-system-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-          will redirect the boot process to this target if
-          <filename>/system-update</filename> exists. For more
-          information see the <ulink
-          url="http://freedesktop.org/wiki/Software/systemd/SystemUpdates">System
-          Updates Specification</ulink>.</para>
+          will redirect the boot process to this target if <filename>/system-update</filename>
+          exists. For more information see
+          <citerefentry><refentrytitle>systemd.offline-updates</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+          </para>
+
+          <para>Updates should happen before the <filename>system-update.target</filename> is
+          reached, and the services which implement them should cause the machine to reboot. As
+          a safety measure, if this does not happen, and <filename>/system-update</filename>
+          still exists after <filename>system-update.target</filename> is reached,
+          <filename>system-update-cleanup.service</filename> will remove this symlink and
+          reboot the machine.</para>
         </listitem>
       </varlistentry>
       <varlistentry>