9 files changed, 63 insertions, 36 deletions

diff --git a/man/systemd-mount.xml b/man/systemd-mount.xml
index ab85dc5640..8bba286787 100644
--- a/man/systemd-mount.xml
+++ b/man/systemd-mount.xml
@@ -250,7 +250,7 @@
 
       <varlistentry>
         <term><option>-u</option></term>
-        <term><option>--unmount</option></term>
+        <term><option>--umount</option></term>
 
         <listitem><para>Stop the mount and automount units corresponding to the specified mount points
         <replaceable>WHERE</replaceable>.</para>
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index a14992f0d9..82a981db2e 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -340,6 +340,21 @@
       </varlistentry>
 
       <varlistentry>
+        <term><option>--pivot-root=</option></term>
+
+        <listitem><para>Pivot the specified directory to <filename>/</filename> inside the container, and either unmount the
+        container's old root, or pivot it to another specified directory. Takes one of: a path argument — in which case the
+        specified path will be pivoted to <filename>/</filename> and the old root will be unmounted; or a colon-separated pair
+        of new root path and pivot destination for the old root. The new root path will be pivoted to <filename>/</filename>,
+        and the old <filename>/</filename> will be pivoted to the other directory. Both paths must be absolute, and are resolved
+        in the container's file system namespace.</para>
+
+        <para>This is for containers which have several bootable directories in them; for example, several
+        <ulink url="https://ostree.readthedocs.io/en/latest/">OSTree</ulink> deployments. It emulates the behavior of the boot
+        loader and initial RAM disk which normally select which directory to mount as root and start the container's PID 1 in.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>-u</option></term>
         <term><option>--user=</option></term>
 
@@ -1086,6 +1101,12 @@
       <programlisting># chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
 # systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh</programlisting>
     </example>
+
+    <example>
+      <title>Run a container with an OSTree deployment</title>
+
+      <programlisting># systemd-nspawn -b -i ~/image.raw --pivot-root=/ostree/deploy/$OS/deploy/$CHECKSUM:/sysroot --bind=+/sysroot/ostree/deploy/$OS/var:/var</programlisting>
+    </example>
   </refsect1>
 
   <refsect1>
diff --git a/man/systemd-run.xml b/man/systemd-run.xml
index 1ac5124aa3..5e44b1523d 100644
--- a/man/systemd-run.xml
+++ b/man/systemd-run.xml
@@ -250,7 +250,7 @@
         command. See <varname>OnActiveSec=</varname>, <varname>OnBootSec=</varname>, <varname>OnStartupSec=</varname>,
         <varname>OnUnitActiveSec=</varname> and <varname>OnUnitInactiveSec=</varname> in
         <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
-        details. These options may not be combined with <option>--scope</option>.</para>
+        details. These options may not be combined with <option>--scope</option> or <option>--pty</option>.</para>
         </listitem>
       </varlistentry>
 
@@ -259,7 +259,7 @@
 
         <listitem><para>Defines a calendar timer for starting the specified command. See <varname>OnCalendar=</varname>
         in <citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>. This
-        option may not be combined with <option>--scope</option>.</para>
+        option may not be combined with <option>--scope</option> or <option>--pty</option>.</para>
         </listitem>
       </varlistentry>
 
diff --git a/man/systemd-socket-proxyd.xml b/man/systemd-socket-proxyd.xml
index a86b13daa8..b8a7800b82 100644
--- a/man/systemd-socket-proxyd.xml
+++ b/man/systemd-socket-proxyd.xml
@@ -135,8 +135,7 @@ server {
       </example>
       <example>
         <title>Enabling the proxy</title>
-        <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
-# systemctl start proxy-to-nginx.socket
+        <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
 $ curl http://localhost:80/]]></programlisting>
       </example>
     </refsect2>
@@ -176,8 +175,7 @@ server {
       </example>
       <example>
         <title>Enabling the proxy</title>
-        <programlisting><![CDATA[# systemctl enable proxy-to-nginx.socket
-# systemctl start proxy-to-nginx.socket
+        <programlisting><![CDATA[# systemctl enable --now proxy-to-nginx.socket
 $ curl http://localhost:80/]]></programlisting>
       </example>
     </refsect2>
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index e95321f3c9..2ce0c7d246 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1579,11 +1579,10 @@
         <citerefentry><refentrytitle>setns</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls, taking
         the specified flags parameters into account. Note that — if this option is used — in addition to restricting
         creation and switching of the specified types of namespaces (or all of them, if true) access to the
-        <function>setns()</function> system call with a zero flags parameter is prohibited.
-        If running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant>
-        capability (e.g. setting <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname>
-        is implied.
-        </para></listitem>
+        <function>setns()</function> system call with a zero flags parameter is prohibited.  This setting is only
+        supported on x86, x86-64, s390 and s390x, and enforces no restrictions on other architectures. If running in user
+        mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
+        <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname> is implied.  </para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -1632,22 +1631,20 @@
         <term><varname>MemoryDenyWriteExecute=</varname></term>
 
         <listitem><para>Takes a boolean argument. If set, attempts to create memory mappings that are writable and
-        executable at the same time, or to change existing memory mappings to become executable, or mapping shared memory
-        segments as executable are prohibited.
-        Specifically, a system call filter is added that rejects
-        <citerefentry><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-        system calls with both <constant>PROT_EXEC</constant> and <constant>PROT_WRITE</constant> set,
-        <citerefentry><refentrytitle>mprotect</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-        system calls with <constant>PROT_EXEC</constant> set and
-        <citerefentry><refentrytitle>shmat</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-        system calls with <constant>SHM_EXEC</constant> set. Note that this option is incompatible with programs
-        that generate program code dynamically at runtime, such as JIT execution engines, or programs compiled making
-        use of the code "trampoline" feature of various C compilers. This option improves service security, as it makes
-        harder for software exploits to change running code dynamically.
-        If running in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant>
-        capability (e.g. setting <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname>
-        is implied.
-        </para></listitem>
+        executable at the same time, or to change existing memory mappings to become executable, or mapping shared
+        memory segments as executable are prohibited.  Specifically, a system call filter is added that rejects
+        <citerefentry><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls with both
+        <constant>PROT_EXEC</constant> and <constant>PROT_WRITE</constant> set,
+        <citerefentry><refentrytitle>mprotect</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls with
+        <constant>PROT_EXEC</constant> set and
+        <citerefentry><refentrytitle>shmat</refentrytitle><manvolnum>2</manvolnum></citerefentry> system calls with
+        <constant>SHM_EXEC</constant> set. Note that this option is incompatible with programs that generate program
+        code dynamically at runtime, such as JIT execution engines, or programs compiled making use of the code
+        "trampoline" feature of various C compilers. This option improves service security, as it makes harder for
+        software exploits to change running code dynamically. Note that this feature is fully available on x86-64, and
+        partially on x86. Specifically, the <function>shmat()</function> protection is not available on x86. If running
+        in user mode, or in system mode, but without the <constant>CAP_SYS_ADMIN</constant> capability (e.g. setting
+        <varname>User=</varname>), <varname>NoNewPrivileges=yes</varname> is implied.  </para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml
index 7143188356..4f3f052911 100644
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@@ -202,6 +202,15 @@
       </varlistentry>
 
       <varlistentry>
+        <term><varname>PivotRoot=</varname></term>
+
+        <listitem><para>Selects a directory to pivot to <filename>/</filename> inside the container when starting up.
+        Takes a single path, or a pair of two paths separated by a colon. Both paths must be absolute, and are resolved
+        in the container's file system namespace. This corresponds to the <option>--pivot-root=</option> command line
+        switch.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><varname>Capability=</varname></term>
         <term><varname>DropCapability=</varname></term>
 
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 420ae4e7b5..627176750f 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -136,9 +136,10 @@
     process it supervises. A number of options that may be used in
     this section are shared with other unit types. These options are
     documented in
-    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+    <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>
     and
-    <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+    <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
     The options specific to the <literal>[Service]</literal> section
     of service units are the following:</para>
 
diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml
index cf4e1ba839..33349eb0b1 100644
--- a/man/systemd.swap.xml
+++ b/man/systemd.swap.xml
@@ -94,10 +94,10 @@
     dependencies on the device units or the mount units of the files
     they are activated from.</para>
 
-    <para>Swap units with <varname>DefaultDependencies=</varname> in the <literal>[Unit]</literal> section enabled
-    implicitly acquire a <varname>Conflicts=</varname> and an <varname>After=</varname> dependency on
-    <filename>umount.target</filename> so that they are deactivated at shutdown, unless
-    <varname>DefaultDependencies=no</varname> is specified.</para>
+    <para>Swap units with <varname>DefaultDependencies=</varname> set to its default <option>yes</option> value in the
+    <literal>[Unit]</literal> section enabled implicitly acquire a <varname>Conflicts=</varname> and a
+    <varname>Before=</varname> dependency on <filename>umount.target</filename> so that they are deactivated at
+    shutdown as well as a <varname>Before=swap.target</varname> dependency.</para>
 
     <para>Additional implicit dependencies may be added as result of
     execution and resource control parameters as documented in
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index dbb0dc7bd7..eb00a2e88e 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -203,7 +203,8 @@
     <filename>/run/systemd/system</filename> directories. Drop-in files in <filename>/etc</filename>
     take precedence over those in <filename>/run</filename> which in turn take precedence over those
     in <filename>/usr/lib</filename>. Drop-in files under any of these directories take precedence
-    over unit files wherever located.</para>
+    over unit files wherever located. Multiple drop-in files with different names are applied in
+    lexicographic order, regardless of which of the directories they reside in.</para>
 
     <!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
          people to use .d/ drop-ins instead. -->
@@ -1343,7 +1344,7 @@ ExecStart=/usr/sbin/foo-daemon
       file <filename><replaceable>name</replaceable>.conf</filename>
       there that only changes the specific settings one is interested
       in. Note that multiple such drop-in files are read if
-      present.</para>
+      present, processed in lexicographic order of their filename.</para>
 
       <para>The advantage of the first method is that one easily
       overrides the complete unit, the vendor unit is not parsed at