9 files changed, 30 insertions, 18 deletions

diff --git a/docs/BOOT_LOADER_INTERFACE.md b/docs/BOOT_LOADER_INTERFACE.md
index cbd66876af..c0ed099845 100644
--- a/docs/BOOT_LOADER_INTERFACE.md
+++ b/docs/BOOT_LOADER_INTERFACE.md
@@ -71,7 +71,7 @@ variables. All EFI variables use the vendor UUID
   * `1 << 3` → The boot loader honours `LoaderEntryOneShot` when set.
   * `1 << 4` → The boot loader supports boot counting as described in [Automatic Boot Assessment](https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT).
   * `1 << 5` → The boot loader supports looking for boot menu entries in the Extended Boot Loader Partition.
-  * `1 << 6` → The boot loader spports passing a random seed to the OS.
+  * `1 << 6` → The boot loader supports passing a random seed to the OS.
 
 * The EFI variable `LoaderRandomSeed` contains a binary random seed if set. It
   is set by the boot loader to pass an entropy seed read from the ESP partition
diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md
index bf7ba3ea69..3b9b5e6c46 100644
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@@ -236,7 +236,7 @@ title: Coding Style
   p = foobar_unref(p);
   ```
 
-  which will always work regardless if `p` is initialized or not,x and
+  which will always work regardless if `p` is initialized or not, and
   guarantees that `p` is `NULL` afterwards, all in just one line.
 
 ## Error Handling
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index f40d9a010a..565acdd1cb 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -8,7 +8,7 @@ We welcome contributions from everyone. However, please follow the following gui
 
 ## Filing Issues
 
-* We use GitHub Issues **exclusively** for tracking **bugs** and **feature** **requests** of systemd. If you are looking for help, please contact our [mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) instead.
+* We use [GitHub Issues](https://github.com/systemd/systemd/issues) **exclusively** for tracking **bugs** and **feature** **requests** of systemd. If you are looking for help, please contact [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) instead.
 * We only track bugs in the **two** **most** **recently** **released** **versions** of systemd in the GitHub Issue tracker. If you are using an older version of systemd, please contact your distribution's bug tracker instead.
 * When filing an issue, specify the **systemd** **version** you are experiencing the issue with. Also, indicate which **distribution** you are using.
 * Please include an explanation how to reproduce the issue you are pointing out.
@@ -23,7 +23,7 @@ For older versions that are still supported by your distribution please use resp
 
 ## Security vulnerability reports
 
-If you discover a security vulnerability, we'd appreciate a non-public disclosure. The issue tracker and mailing list listed above are fully public. If you need to reach systemd developers in a non-public way, report the issue in one of the "big" distributions using systemd: [Fedora](https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=systemd) (be sure to check "Security Sensitive Bug" under "Show Advanced Fields"), [Ubuntu](https://launchpad.net/ubuntu/+source/systemd/+filebug) (be sure to change "This bug contains information that is" from "Public" to "Private Security"), or [Debian](mailto:security@debian.org). Various systemd developers are active distribution maintainers and will propagate the information about the bug to other parties.
+See [reporting of security vulnerabilities](SECURITY.md).
 
 ## Posting Pull Requests
 
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index 838cc7e4cf..83c2d25134 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -36,10 +36,13 @@ All tools:
 * `$SD_EVENT_PROFILE_DELAYS=1` — if set, the sd-event event loop implementation
   will print latency information at runtime.
 
-* `$SYSTEMD_PROC_CMDLINE` — if set, may contain a string that is used as kernel
-  command line instead of the actual one readable from /proc/cmdline. This is
-  useful for debugging, in order to test generators and other code against
-  specific kernel command lines.
+* `$SYSTEMD_PROC_CMDLINE` — if set, the contents are used as the kernel command
+  line instead of the actual one in /proc/cmdline. This is useful for
+  debugging, in order to test generators and other code against specific kernel
+  command lines.
+
+* `$SYSTEMD_EFI_OPTIONS` — if set, used instead of the string in SystemdOptions
+  EFI variable. Analogous to `$SYSTEMD_PROC_CMDLINE`.
 
 * `$SYSTEMD_IN_INITRD` — takes a boolean. If set, overrides initrd detection.
   This is useful for debugging and testing initrd-only programs in the main
@@ -70,8 +73,8 @@ systemctl:
 
 systemd-nspawn:
 
-* `$UNIFIED_CGROUP_HIERARCHY=1` — if set, force nspawn into unified cgroup
-  hierarchy mode.
+* `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1` — if set, force nspawn into unified
+  cgroup hierarchy mode.
 
 * `$SYSTEMD_NSPAWN_API_VFS_WRITABLE=1` — if set, make /sys and /proc/sys and
   friends writable in the container. If set to "network", leave only
diff --git a/docs/RANDOM_SEEDS.md b/docs/RANDOM_SEEDS.md
index 7edf7c2d6a..926238a3ae 100644
--- a/docs/RANDOM_SEEDS.md
+++ b/docs/RANDOM_SEEDS.md
@@ -190,12 +190,12 @@ boot, in order to ensure the entropy pool is filled up quickly.
    master images of an OS are created, and thus replicated into every
    installation. If OS image builders carefully reset the random seed file
    before generating the image it should be safe to credit entropy, which can
-   be enabled by setting the `$SYSTEMD_RANDOM_SEED` environment variable for
-   the service to `1`. Note however, that this service typically runs
-   relatively late during early boot: long after the initial RAM disk
-   (`initrd`) completed, and after the `/var/` file system became
-   writable. This is usually too late for many applications, it is hence not
-   advised to rely exclusively on this functionality to seed the kernel's
+   be enabled by setting the `$SYSTEMD_RANDOM_SEED_CREDIT` environment variable
+   for the service to `1` (or even `force`, see man page). Note however, that
+   this service typically runs relatively late during early boot: long after
+   the initial RAM disk (`initrd`) completed, and after the `/var/` file system
+   became writable. This is usually too late for many applications, it is hence
+   not advised to rely exclusively on this functionality to seed the kernel's
    entropy pool. Also note that this service synchronously waits until the
    kernel's entropy pool is initialized before completing start-up. It may thus
    be used by other services as synchronization point to order against, if they
diff --git a/docs/RELEASE.md b/docs/RELEASE.md
index d842afcd34..56debd68d2 100644
--- a/docs/RELEASE.md
+++ b/docs/RELEASE.md
@@ -16,4 +16,4 @@ title: Steps to a Successful Release
 10. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
 11. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
 12. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released`)
-13. [After final release] Also push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:v${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).
+13. [After final release] Also push commits to stable, create an empty -stable branch: `git push systemd-stable origin/master:master origin/master:refs/heads/${version}-stable`, and change the default branch to latest release (https://github.com/systemd/systemd-stable/settings/branches).
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644
index 0000000000..93847dcd8e
--- /dev/null
+++ b/docs/SECURITY.md
@@ -0,0 +1,7 @@
+---
+title: Reporting of security vulnerabilities
+---
+
+# Reporting of security vulnerabilities
+
+If you discover a security vulnerability, we'd appreciate a non-public disclosure. The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public. If you need to reach systemd developers in a non-public way, report the issue to the [systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list. The disclosure will be coordinated with distributions.
diff --git a/docs/TRANSIENT-SETTINGS.md b/docs/TRANSIENT-SETTINGS.md
index 615342943d..05d6d4c068 100644
--- a/docs/TRANSIENT-SETTINGS.md
+++ b/docs/TRANSIENT-SETTINGS.md
@@ -226,6 +226,8 @@ All cgroup/resource control settings are available for transient units
 ✓ StartupCPUShares=
 ✓ CPUQuota=
 ✓ CPUQuotaPeriodSec=
+✓ AllowedCPUs=
+✓ AllowedMemoryNodes=
 ✓ MemoryAccounting=
 ✓ DefaultMemoryMin=
 ✓ MemoryMin=
diff --git a/docs/UIDS-GIDS.md b/docs/UIDS-GIDS.md
index 480ee231e7..1f3966f4c0 100644
--- a/docs/UIDS-GIDS.md
+++ b/docs/UIDS-GIDS.md
@@ -237,7 +237,7 @@ the artifacts the container manager persistently leaves in the system.
 |                 65535 | 16bit `(uid_t) -1`    | Linux         |                               |
 |          65536…524287 | Unused                |               |                               |
 |     524288…1879048191 | Container UID ranges  | `systemd`     | `nss-mymachines`              |
-| 1879048191…2147483647 | Unused                |               |                               |
+| 1879048192…2147483647 | Unused                |               |                               |
 | 2147483648…4294967294 | HIC SVNT LEONES       |               |                               |
 |            4294967295 | 32bit `(uid_t) -1`    | Linux         |                               |