release: bump version to 1.23.1-dev after 1.22.0 release1.23.1-dev

After 1.22.0 is released, merge it back into master so that 1.22.0 is part of the history of master. That means, $ git log --first-parent master will also traverse 1.22.0 and 1.22-rc*. Also bump the micro version to 1.23.1-dev to indicate that this is after 1.22.0 is out.
author: Thomas Haller <thaller@redhat.com> 2019-12-17 09:58:12 +0100
committer: Thomas Haller <thaller@redhat.com> 2019-12-17 09:58:12 +0100
commit: bc2ca6e603002cef1f563fe1b3f0dca7af441baa (patch)
tree: 2a0fbac06d5d5579e71dceaa25daf623e3dd739e
parent: 7fe734f8bc0661ff476204a034eb987df43ee461 (diff)
parent: 5f9bcc91c79c67073c62cf4edebddac56d9a1dc1 (diff)
129 files changed, 3499 insertions, 1450 deletions
diff --git a/.gitignore b/.gitignore
index 7ef42f5c4b..8b8b7fad51 100644
--- a/.gitignore
+++ b/.gitignore
@@ -128,7 +128,7 @@ test-*.trs
 /examples/C/qt/monitor-nm-running
 /examples/C/qt/monitor-nm-running.moc
 
-/shared/nm-utils/tests/test-shared-general
+/shared/nm-glib-aux/tests/test-shared-general
 /shared/nm-version-macros.h
 
 /introspection/org.freedesktop.NetworkManager*.[ch]
@@ -325,6 +325,7 @@ test-*.trs
 /libnm/tests/test-general
 /policy/org.freedesktop.NetworkManager.policy
 /policy/org.freedesktop.NetworkManager.policy.in
+/shared/nm-utils/tests/test-shared-general
 /src/devices/tests/test-arping
 /src/devices/wifi/tests/test-general
 /src/devices/wifi/tests/test-wifi-ap-utils
diff --git a/Makefile.am b/Makefile.am
index 089af41726..abee1d13c5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -525,15 +525,52 @@ $(shared_nm_libnm_core_aux_libnm_libnm_core_aux_la_OBJECTS): $(libnm_core_lib_h_
 
 ###############################################################################
 
+noinst_LTLIBRARIES += shared/nm-libnm-aux/libnm-libnm-aux.la
+
+shared_nm_libnm_aux_libnm_libnm_aux_la_CPPFLAGS = \
+	$(dflt_cppflags) \
+	-I$(srcdir)/shared \
+	-I$(builddir)/shared \
+	-I$(srcdir)/libnm-core \
+	-I$(builddir)/libnm-core \
+	-I$(srcdir)/libnm \
+	-I$(builddir)/libnm \
+	$(CODE_COVERAGE_CFLAGS) \
+	$(GLIB_CFLAGS) \
+	$(SANITIZER_LIB_CFLAGS) \
+	-DG_LOG_DOMAIN=\""libnmc"\" \
+	-DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_CLIENT \
+	$(NULL)
+
+shared_nm_libnm_aux_libnm_libnm_aux_la_SOURCES = \
+	shared/nm-libnm-aux/nm-libnm-aux.c \
+	shared/nm-libnm-aux/nm-libnm-aux.h \
+	$(NULL)
+
+shared_nm_libnm_aux_libnm_libnm_aux_la_LDFLAGS = \
+	$(CODE_COVERAGE_LDFLAGS) \
+	$(SANITIZER_LIB_LDFLAGS) \
+	$(NULL)
+
+shared_nm_libnm_aux_libnm_libnm_aux_la_LIBADD = \
+	$(GLIB_LIBS) \
+	libnm/libnm.la \
+	$(NULL)
+
+$(shared_nm_libnm_aux_libnm_libnm_aux_la_OBJECTS): $(libnm_core_lib_h_pub_mkenums)
+$(shared_nm_libnm_aux_libnm_libnm_aux_la_OBJECTS): $(libnm_lib_h_pub_mkenums)
+
+###############################################################################
+
 EXTRA_DIST += \
-	shared/nm-utils/tests/meson.build \
+	shared/nm-glib-aux/tests/meson.build \
 	$(NULL)
 
 ###############################################################################
 
-check_programs += shared/nm-utils/tests/test-shared-general
+check_programs += shared/nm-glib-aux/tests/test-shared-general
 
-shared_nm_utils_tests_test_shared_general_CPPFLAGS = \
+shared_nm_glib_aux_tests_test_shared_general_CPPFLAGS = \
 	$(dflt_cppflags) \
 	-I$(srcdir)/shared \
 	-DNETWORKMANAGER_COMPILATION_TEST \
@@ -543,12 +580,12 @@ shared_nm_utils_tests_test_shared_general_CPPFLAGS = \
 	$(SANITIZER_LIB_CFLAGS) \
 	$(NULL)
 
-shared_nm_utils_tests_test_shared_general_LDFLAGS = \
+shared_nm_glib_aux_tests_test_shared_general_LDFLAGS = \
 	$(CODE_COVERAGE_LDFLAGS) \
 	$(SANITIZER_EXEC_LDFLAGS) \
 	$(NULL)
 
-shared_nm_utils_tests_test_shared_general_LDADD = \
+shared_nm_glib_aux_tests_test_shared_general_LDADD = \
 	shared/nm-glib-aux/libnm-glib-aux.la \
 	shared/systemd/libnm-systemd-logging-stub.la \
 	shared/nm-std-aux/libnm-std-aux.la \
@@ -1751,10 +1788,10 @@ shared_systemd_libnm_systemd_shared_la_SOURCES = \
 	shared/systemd/sd-adapt-shared/locale-util.h \
 	shared/systemd/sd-adapt-shared/memfd-util.h \
 	shared/systemd/sd-adapt-shared/missing_fs.h \
+	shared/systemd/sd-adapt-shared/missing_keyctl.h \
 	shared/systemd/sd-adapt-shared/missing_magic.h \
 	shared/systemd/sd-adapt-shared/missing_network.h \
 	shared/systemd/sd-adapt-shared/missing_sched.h \
-	shared/systemd/sd-adapt-shared/missing_syscall.h \
 	shared/systemd/sd-adapt-shared/missing_timerfd.h \
 	shared/systemd/sd-adapt-shared/mkdir.h \
 	shared/systemd/sd-adapt-shared/namespace-util.h \
@@ -1812,6 +1849,7 @@ shared_systemd_libnm_systemd_shared_la_SOURCES = \
 	shared/systemd/src/basic/missing_random.h \
 	shared/systemd/src/basic/missing_socket.h \
 	shared/systemd/src/basic/missing_stat.h \
+	shared/systemd/src/basic/missing_syscall.h \
 	shared/systemd/src/basic/missing_type.h \
 	shared/systemd/src/basic/parse-util.c \
 	shared/systemd/src/basic/parse-util.h \
@@ -1824,6 +1862,7 @@ shared_systemd_libnm_systemd_shared_la_SOURCES = \
 	shared/systemd/src/basic/random-util.c \
 	shared/systemd/src/basic/random-util.h \
 	shared/systemd/src/basic/set.h \
+	shared/systemd/src/basic/signal-util.c \
 	shared/systemd/src/basic/signal-util.h \
 	shared/systemd/src/basic/siphash24.h \
 	shared/systemd/src/basic/socket-util.c \
@@ -3073,6 +3112,7 @@ EXTRA_DIST += \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-open-ssid-long-hex \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-open-ssid-long-quoted \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-open-ssid-quoted \
+	src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-owe \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-sae \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wep \
 	src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-wep-104-ascii \
@@ -4178,6 +4218,7 @@ clients_nm_online_LDFLAGS = \
 	-Wl,--version-script="$(srcdir)/linker-script-binary.ver"
 
 clients_nm_online_LDADD = \
+	shared/nm-libnm-aux/libnm-libnm-aux.la \
 	libnm/libnm.la \
 	$(GLIB_LIBS)
 
@@ -4400,6 +4441,7 @@ clients_cli_nmcli_LDADD = \
 	shared/nm-glib-aux/libnm-glib-aux.la \
 	shared/nm-std-aux/libnm-std-aux.la \
 	shared/libcsiphash.la \
+	shared/nm-libnm-aux/libnm-libnm-aux.la \
 	libnm/libnm.la \
 	$(GLIB_LIBS) \
 	$(READLINE_LIBS)
@@ -4602,6 +4644,7 @@ clients_tui_nmtui_LDADD = \
 	clients/tui/newt/libnmt-newt.a \
 	clients/common/libnmc.la \
 	clients/common/libnmc-base.la \
+	shared/nm-libnm-aux/libnm-libnm-aux.la \
 	shared/nm-libnm-core-aux/libnm-libnm-core-aux.la \
 	shared/nm-libnm-core-intern/libnm-libnm-core-intern.la \
 	shared/nm-glib-aux/libnm-glib-aux.la \
@@ -4668,6 +4711,7 @@ clients_cloud_setup_nm_cloud_setup_LDFLAGS = \
 	$(NULL)
 
 clients_cloud_setup_nm_cloud_setup_LDADD = \
+	shared/nm-libnm-aux/libnm-libnm-aux.la \
 	shared/nm-libnm-core-aux/libnm-libnm-core-aux.la \
 	shared/nm-libnm-core-intern/libnm-libnm-core-intern.la \
 	shared/nm-glib-aux/libnm-glib-aux.la \
diff --git a/NEWS b/NEWS
index 2247f77414..c503c50237 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,14 @@
 =============================================
+NetworkManager-1.24
+Overview of changes since NetworkManager-1.22
+=============================================
+
+This is a snapshot of NetworkManager 1.24 development series.
+The API is subject to change and not guaranteed to be compatible
+with the later release.
+USE AT YOUR OWN RISK.  NOT RECOMMENDED FOR PRODUCTION USE!
+
+=============================================
 NetworkManager-1.22
 Overview of changes since NetworkManager-1.20
 =============================================
diff --git a/clients/cli/common.c b/clients/cli/common.c
index 04ccf8dc1f..b5e684cecb 100644
--- a/clients/cli/common.c
+++ b/clients/cli/common.c
@@ -13,6 +13,8 @@
 #include <readline/readline.h>
 #include <readline/history.h>
 
+#include "nm-libnm-aux/nm-libnm-aux.h"
+
 #include "nm-vpn-helpers.h"
 #include "nm-client-utils.h"
 
@@ -1216,17 +1218,22 @@ got_client (GObject *source_object, GAsyncResult *res, gpointer user_data)
 	CmdCall *call = user_data;
 	NmCli *nmc;
 
+	nm_assert (NM_IS_CLIENT (source_object));
+
 	task = g_steal_pointer (&call->task);
 	nmc = g_task_get_task_data (task);
 
 	nmc->should_wait--;
-	nmc->client = nm_client_new_finish (res, &error);
 
-	if (!nmc->client) {
+	if (!g_async_initable_init_finish (G_ASYNC_INITABLE (source_object),
+	                                   res,
+	                                   &error)) {
+		g_object_unref (source_object);
 		g_task_return_new_error (task, NMCLI_ERROR, NMC_RESULT_ERROR_UNKNOWN,
 		                         _("Error: Could not create NMClient object: %s."),
 		                         error->message);
 	} else {
+		nmc->client = NM_CLIENT (source_object);
 		call_cmd (nmc, g_steal_pointer (&task), call->cmd, call->argc, call->argv);
 	}
 
@@ -1259,7 +1266,11 @@ call_cmd (NmCli *nmc, GTask *task, const NMCCommand *cmd, int argc, char **argv)
 		call->argc = argc;
 		call->argv = argv;
 		call->task = task;
-		nm_client_new_async (NULL, got_client, call);
+		nmc_client_new_async (NULL,
+		                      got_client,
+		                      call,
+		                      NM_CLIENT_INSTANCE_FLAGS, (guint) NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS,
+		                      NULL);
 	}
 }
 
diff --git a/clients/cli/connections.c b/clients/cli/connections.c
index a77c2482ca..a4fbf6df3a 100644
--- a/clients/cli/connections.c
+++ b/clients/cli/connections.c
@@ -7927,7 +7927,7 @@ editor_menu_main (NmCli *nmc, NMConnection *connection, const char *connection_t
 					connection_changed = FALSE;
 				}
 
-				source = g_timeout_source_new (10 * NM_UTILS_MSEC_PER_SECOND);
+				source = g_timeout_source_new (10 * NM_UTILS_MSEC_PER_SEC);
 				g_source_set_callback (source, editor_save_timeout, &timeout, NULL);
 				g_source_attach (source, g_main_loop_get_context (loop));
 
diff --git a/clients/cli/devices.c b/clients/cli/devices.c
index c99efd0d64..0a7339bc2c 100644
--- a/clients/cli/devices.c
+++ b/clients/cli/devices.c
@@ -28,7 +28,7 @@
 static char *
 ap_wpa_rsn_flags_to_string (NM80211ApSecurityFlags flags)
 {
-	char *flags_str[13];
+	char *flags_str[14];
 	int i = 0;
 
 	if (flags & NM_802_11_AP_SEC_PAIR_WEP40)
@@ -53,6 +53,8 @@ ap_wpa_rsn_flags_to_string (NM80211ApSecurityFlags flags)
 		flags_str[i++] = "802.1X";
 	if (flags & NM_802_11_AP_SEC_KEY_MGMT_SAE)
 		flags_str[i++] = "sae";
+	if (flags & NM_802_11_AP_SEC_KEY_MGMT_OWE)
+		flags_str[i++] = "owe";
 	/* Make sure you grow flags_str when adding items here. */
 
 	if (i == 0)
@@ -1207,6 +1209,9 @@ fill_output_access_point (gpointer data, gpointer user_data)
 	if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) {
 		g_string_append (security_str, "WPA3 ");
 	}
+	if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE) {
+		g_string_append (security_str, "OWE ");
+	}
 	if (   (wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)
 	    || (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) {
 		g_string_append   (security_str, "802.1X ");
@@ -3078,7 +3083,7 @@ do_device_wifi_list (NmCli *nmc, int argc, char **argv)
 	}
 
 	if (rescan == NULL || strcmp (rescan, "auto") == 0) {
-		rescan_cutoff = NM_MAX (nm_utils_get_timestamp_msec () - 30 * NM_UTILS_MSEC_PER_SECOND, 0);
+		rescan_cutoff = NM_MAX (nm_utils_get_timestamp_msec () - 30 * NM_UTILS_MSEC_PER_SEC, 0);
 	} else if (strcmp (rescan, "no") == 0) {
 		rescan_cutoff = 0;
 	} else if (strcmp (rescan, "yes") == 0) {
@@ -3561,8 +3566,8 @@ do_device_wifi_connect (NmCli *nmc, int argc, char **argv)
 
 	/* Set password for WEP or WPA-PSK. */
 	if (   (ap_flags & NM_802_11_AP_FLAGS_PRIVACY)
-	    || ap_wpa_flags != NM_802_11_AP_SEC_NONE
-	    || ap_rsn_flags != NM_802_11_AP_SEC_NONE) {
+	    || (ap_wpa_flags != NM_802_11_AP_SEC_NONE && !(ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE))
+	    || (ap_rsn_flags != NM_802_11_AP_SEC_NONE && !(ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE))) {
 		const char *con_password = NULL;
 		NMSettingWirelessSecurity *s_wsec = NULL;
 
@@ -4234,6 +4239,9 @@ print_wifi_connection (const NmcConfig *nmc_config, NMConnection *connection)
 	           || strcmp (key_mgmt, "sae") == 0) {
 		type = "WPA";
 		g_print ("%s: WPA\n", _("Security"));
+	} else if (   strcmp (key_mgmt, "owe") == 0) {
+		type = "nopass";
+		g_print ("%s: OWE\n", _("Security"));
 	}
 
 	if (psk)
diff --git a/clients/cli/general.c b/clients/cli/general.c
index 123cc5b4fc..ccda0d52e3 100644
--- a/clients/cli/general.c
+++ b/clients/cli/general.c
@@ -22,6 +22,12 @@
 
 /*****************************************************************************/
 
+static void permission_changed (GObject *gobject,
+                                GParamSpec *pspec,
+                                NmCli *nmc);
+
+/*****************************************************************************/
+
 NM_UTILS_LOOKUP_STR_DEFINE_STATIC (nm_state_to_string, NMState,
 	NM_UTILS_LOOKUP_DEFAULT (N_("unknown")),
 	NM_UTILS_LOOKUP_ITEM (NM_STATE_ASLEEP,           N_("asleep")),
@@ -77,44 +83,8 @@ connectivity_to_color (NMConnectivityState connectivity)
 static const char *
 permission_to_string (NMClientPermission perm)
 {
-	switch (perm) {
-	case NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK:
-		return NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK;
-	case NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI:
-		return NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI;
-	case NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN:
-		return NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN;
-	case NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX:
-		return NM_AUTH_PERMISSION_ENABLE_DISABLE_WIMAX;
-	case NM_CLIENT_PERMISSION_SLEEP_WAKE:
-		return NM_AUTH_PERMISSION_SLEEP_WAKE;
-	case NM_CLIENT_PERMISSION_NETWORK_CONTROL:
-		return NM_AUTH_PERMISSION_NETWORK_CONTROL;
-	case NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED:
-		return NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED;
-	case NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN:
-		return NM_AUTH_PERMISSION_WIFI_SHARE_OPEN;
-	case NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM:
-		return NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM;
-	case NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN:
-		return NM_AUTH_PERMISSION_SETTINGS_MODIFY_OWN;
-	case NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME:
-		return NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME;
-	case NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS:
-		return NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS;
-	case NM_CLIENT_PERMISSION_RELOAD:
-		return NM_AUTH_PERMISSION_RELOAD;
-	case NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK:
-		return NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK;
-	case NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS:
-		return NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS;
-	case NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK:
-		return NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK;
-	case NM_CLIENT_PERMISSION_WIFI_SCAN:
-		return NM_AUTH_PERMISSION_WIFI_SCAN;
-	default:
-		return _("unknown");
-	}
+	return    nm_auth_permission_to_string (perm)
+	       ?: _("unknown");
 }
 
 NM_UTILS_LOOKUP_STR_DEFINE_STATIC (permission_result_to_string, NMClientPermissionResult,
@@ -534,30 +504,54 @@ timeout_cb (gpointer user_data)
 {
 	NmCli *nmc = (NmCli *) user_data;
 
+	g_signal_handlers_disconnect_by_func (nmc->client,
+	                                      G_CALLBACK (permission_changed),
+	                                      nmc);
+
 	g_string_printf (nmc->return_text, _("Error: Timeout %d sec expired."), nmc->timeout);
 	nmc->return_value = NMC_RESULT_ERROR_TIMEOUT_EXPIRED;
 	quit ();
 	return FALSE;
 }
 
-static int
+static void
 print_permissions (void *user_data)
 {
 	NmCli *nmc = user_data;
 	gs_free_error GError *error = NULL;
 	const char *fields_str = NULL;
-	NMClientPermission perm;
-	guint i;
-	gpointer permissions[NM_CLIENT_PERMISSION_LAST + 1];
+	gpointer permissions[G_N_ELEMENTS (nm_auth_permission_sorted) + 1];
+	gboolean is_running;
+	int i;
+
+	is_running = nm_client_get_nm_running (nmc->client);
+
+	if (   is_running
+	    && nm_client_get_permissions_state (nmc->client) != NM_TERNARY_TRUE) {
+		/* wait longer. Permissions are not up to date. */
+		return;
+	}
+
+	g_signal_handlers_disconnect_by_func (nmc->client,
+	                                      G_CALLBACK (permission_changed),
+	                                      nmc);
+
+	if (!is_running) {
+		/* NetworkManager quit while we were waiting. */
+		g_string_printf (nmc->return_text, _("NetworkManager is not running."));
+		nmc->return_value = NMC_RESULT_ERROR_NM_NOT_RUNNING;
+		quit ();
+		return;
+	}
 
 	if (!nmc->required_fields || strcasecmp (nmc->required_fields, "common") == 0) {
 	} else if (strcasecmp (nmc->required_fields, "all") == 0) {
 	} else
 		fields_str = nmc->required_fields;
 
-	for (i = 0, perm = NM_CLIENT_PERMISSION_NONE + 1; perm <= NM_CLIENT_PERMISSION_LAST; perm++)
-		permissions[i++] = GINT_TO_POINTER (perm);
-	permissions[i++] = NULL;
+	for (i = 0; i < (int) G_N_ELEMENTS (nm_auth_permission_sorted); i++)
+		permissions[i] = GINT_TO_POINTER (nm_auth_permission_sorted[i]);
+	permissions[i] = NULL;
 
 	nm_cli_spawn_pager (nmc);
 
@@ -573,59 +567,43 @@ print_permissions (void *user_data)
 	}
 
 	quit ();
-	return G_SOURCE_REMOVE;
-}
-
-static gboolean
-got_permissions (NmCli *nmc)
-{
-	NMClientPermission perm;
-
-	/* The server returns all the permissions at once, so if at least one is there
-	 * we already received the reply. */
-	for (perm = NM_CLIENT_PERMISSION_NONE + 1; perm <= NM_CLIENT_PERMISSION_LAST; perm++) {
-		if (nm_client_get_permission_result (nmc->client, perm) != NM_CLIENT_PERMISSION_RESULT_UNKNOWN)
-			return TRUE;
-	}
-
-	return FALSE;
 }
 
 static void
-permission_changed (NMClient *client,
-                    NMClientPermission permission,
-                    NMClientPermissionResult result,
+permission_changed (GObject *gobject,
+                    GParamSpec *pspec,
                     NmCli *nmc)
 {
-	if (got_permissions (nmc)) {
-		/* Defer the printing, so that we have a chance to process the other
-		 * permission-changed signals. */
-		g_signal_handlers_disconnect_by_func (nmc->client,
-		                                      G_CALLBACK (permission_changed),
-		                                      nmc);
-		g_idle_remove_by_data (nmc);
-		g_idle_add (print_permissions, nmc);
-	}
+	if (NM_IN_STRSET (pspec->name, NM_CLIENT_NM_RUNNING,
+	                               NM_CLIENT_PERMISSIONS_STATE))
+		print_permissions (nmc);
 }
 
 static gboolean
 show_nm_permissions (NmCli *nmc)
 {
-	/* The permissions are available now, just print them. */
-	if (got_permissions (nmc)) {
-		print_permissions (nmc);
-		return TRUE;
-	}
+	NMClientInstanceFlags instance_flags;
+
+	instance_flags = nm_client_get_instance_flags (nmc->client);
+	instance_flags &= ~NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS;
 
-	/* The client didn't get the permissions reply yet. Subscribe to changes. */
-	g_signal_connect (nmc->client, NM_CLIENT_PERMISSION_CHANGED,
-	                  G_CALLBACK (permission_changed), nmc);
+	g_object_set (nmc->client,
+	              NM_CLIENT_INSTANCE_FLAGS, (guint) instance_flags,
+	              NULL);
+
+	g_signal_connect (nmc->client,
+	                  "notify",
+	                  G_CALLBACK (permission_changed),
+	                  nmc);
 
 	if (nmc->timeout == -1)
 		nmc->timeout = 10;
 	g_timeout_add_seconds (nmc->timeout, timeout_cb, nmc);
 
 	nmc->should_wait++;
+
+	print_permissions (nmc);
+
 	return TRUE;
 }
 
diff --git a/clients/cli/meson.build b/clients/cli/meson.build
index 562020630d..1c8148920c 100644
--- a/clients/cli/meson.build
+++ b/clients/cli/meson.build
@@ -22,11 +22,11 @@ deps = [
   libnmc_base_dep,
   libnmc_dep,
   readline_dep,
+  libnm_libnm_aux_dep,
 ]
 
 if enable_polkit_agent
   sources += nm_polkit_listener
-
   deps += polkit_agent_dep
 endif
 
diff --git a/clients/cloud-setup/main.c b/clients/cloud-setup/main.c
index 8250945c47..743f931c0f 100644
--- a/clients/cloud-setup/main.c
+++ b/clients/cloud-setup/main.c
@@ -2,8 +2,9 @@
 
 #include "nm-default.h"
 
-#include "nm-cloud-setup-utils.h"
+#include "nm-libnm-aux/nm-libnm-aux.h"
 
+#include "nm-cloud-setup-utils.h"
 #include "nmcs-provider-ec2.h"
 #include "nm-libnm-core-intern/nm-libnm-core-utils.h"
 
@@ -122,58 +123,6 @@ out:
 
 /*****************************************************************************/
 
-typedef struct {
-	GMainLoop *main_loop;
-	NMClient *nmc;
-} ClientCreateData;
-
-static void
-_nmc_create_cb (GObject *source_object,
-                GAsyncResult *result,
-                gpointer user_data)
-{
-	gs_unref_object NMClient *nmc = NULL;
-	ClientCreateData *data = user_data;
-	gs_free_error GError *error = NULL;
-
-	nmc = nm_client_new_finish (result, &error);
-	if (!nmc) {
-		if (!nm_utils_error_is_cancelled (error, FALSE))
-			_LOGI ("failure to talk to NetworkManager: %s", error->message);
-		goto out;
-	}
-
-	if (!nm_client_get_nm_running (nmc)) {
-		_LOGI ("NetworkManager is not running");
-		goto out;
-	}
-
-	_LOGD ("NetworkManager is running");
-	nmcs_wait_for_objects_register (nmc);
-	nmcs_wait_for_objects_register (nm_client_get_context_busy_watcher (nmc));
-
-	data->nmc = g_steal_pointer (&nmc);
-out:
-	g_main_loop_quit (data->main_loop);
-}
-
-static NMClient *
-_nmc_create (GCancellable *sigterm_cancellable)
-{
-	nm_auto_unref_gmainloop GMainLoop *main_loop = g_main_loop_new (NULL, FALSE);
-	ClientCreateData data = {
-		.main_loop = main_loop,
-	};
-
-	nm_client_new_async (sigterm_cancellable, _nmc_create_cb, &data);
-
-	g_main_loop_run (main_loop);
-
-	return data.nmc;
-}
-
-/*****************************************************************************/
-
 static char **
 _nmc_get_hwaddrs (NMClient *nmc)
 {
@@ -593,6 +542,7 @@ main (int argc, const char *const*argv)
 	gs_unref_object NMCSProvider *provider = NULL;
 	gs_unref_object NMClient *nmc = NULL;
 	gs_unref_hashtable GHashTable *config_dict = NULL;
+	gs_free_error GError *error = NULL;
 
 	_nm_logging_enabled_init (g_getenv (NMCS_ENV_VARIABLE ("NM_CLOUD_SETUP_LOG")));
 
@@ -616,9 +566,25 @@ main (int argc, const char *const*argv)
 	if (!provider)
 		goto done;
 
-	nmc = _nmc_create (sigterm_cancellable);
-	if (!nmc)
+	nmc_client_new_waitsync (sigterm_cancellable,
+	                         &nmc,
+	                         &error,
+	                         NM_CLIENT_INSTANCE_FLAGS, (guint) NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS,
+	                         NULL);
+
+	nmcs_wait_for_objects_register (nmc);
+	nmcs_wait_for_objects_register (nm_client_get_context_busy_watcher (nmc));
+
+	if (error) {
+		if (!nm_utils_error_is_cancelled (error, FALSE))
+			_LOGI ("failure to talk to NetworkManager: %s", error->message);
 		goto done;
+	}
+
+	if (!nm_client_get_nm_running (nmc)) {
+		_LOGI ("NetworkManager is not running");
+		goto done;
+	}
 
 	config_dict = _get_config (sigterm_cancellable, provider, nmc);
 	if (!config_dict)
diff --git a/clients/cloud-setup/meson.build b/clients/cloud-setup/meson.build
index e9cd970a36..b0a6191c46 100644
--- a/clients/cloud-setup/meson.build
+++ b/clients/cloud-setup/meson.build
@@ -29,16 +29,15 @@ sources = files(
   'nmcs-provider.c',
 )
 
-deps = [
-  libnmc_base_dep,
-  libnmc_dep,
-  libcurl_dep,
-]
-
 executable(
   name,
   sources,
-  dependencies: deps,
+  dependencies: [
+    libnmc_base_dep,
+    libnmc_dep,
+    libcurl_dep,
+    libnm_libnm_aux_dep,
+  ],
   c_args: clients_c_flags +
           ['-DG_LOG_DOMAIN="@0@"'.format(name)],
   link_with: libnm_systemd_logging_stub,
diff --git a/clients/cloud-setup/nm-cloud-setup-utils.c b/clients/cloud-setup/nm-cloud-setup-utils.c
index 50a5989225..872ab44d3a 100644
--- a/clients/cloud-setup/nm-cloud-setup-utils.c
+++ b/clients/cloud-setup/nm-cloud-setup-utils.c
@@ -52,8 +52,8 @@ _nm_log_impl_cs (NMLogLevel level,
 	ts = nm_utils_clock_gettime_ns (CLOCK_BOOTTIME);
 
 	g_print ("[%"G_GINT64_FORMAT".%05"G_GINT64_FORMAT"] %s %s\n",
-	         ts / NM_UTILS_NS_PER_SECOND,
-	         (ts / (NM_UTILS_NS_PER_SECOND / 10000)) % 10000,
+	         ts / NM_UTILS_NSEC_PER_SEC,
+	         (ts / (NM_UTILS_NSEC_PER_SEC / 10000)) % 10000,
 	         level_str,
 	         msg);
 }
@@ -305,7 +305,7 @@ _poll_done_cb (GObject *source,
 		return;
 	}
 
-	now_ms = nm_utils_get_monotonic_timestamp_ms ();
+	now_ms = nm_utils_get_monotonic_timestamp_msec ();
 	if (poll_task_data->ratelimit_timeout_ms > 0)
 		wait_ms = (poll_task_data->last_poll_start_ms + poll_task_data->ratelimit_timeout_ms) - now_ms;
 	else
@@ -328,7 +328,7 @@ _poll_start_cb (gpointer user_data)
 
 	nm_clear_g_source_inst (&poll_task_data->source_next_poll);
 
-	poll_task_data->last_poll_start_ms = nm_utils_get_monotonic_timestamp_ms ();
+	poll_task_data->last_poll_start_ms = nm_utils_get_monotonic_timestamp_msec ();
 
 	g_object_ref (poll_task_data->task); /* balanced by _poll_done_cb() */
 
diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c
index 8e05c9bc5d..d28efa0753 100644
--- a/clients/common/nm-meta-setting-desc.c
+++ b/clients/common/nm-meta-setting-desc.c
@@ -7325,7 +7325,7 @@ static const NMMetaPropertyInfo *const property_infos_WIRELESS_SECURITY[] = {
 	PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
 	    .property_type =                &_pt_gobject_string,
 	    .property_typ_data = DEFINE_PROPERTY_TYP_DATA (
-	        .values_static =            NM_MAKE_STRV ("none", "ieee8021x", "wpa-psk", "wpa-eap", "sae"),
+	        .values_static =            NM_MAKE_STRV ("none", "ieee8021x", "wpa-psk", "wpa-eap", "sae", "owe"),
 	    ),
 	),
 	PROPERTY_INFO_WITH_DESC (NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX,
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
index 2bf69b20ae..ca9250ca6f 100644
--- a/clients/common/nm-secret-agent-simple.c
+++ b/clients/common/nm-secret-agent-simple.c
@@ -302,7 +302,7 @@ add_wireless_secrets (RequestData *request,
 	const char *key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wsec);
 	NMSecretAgentSimpleSecret *secret;
 
-	if (!key_mgmt)
+	if (!key_mgmt || nm_streq (key_mgmt, "owe"))
 		return FALSE;
 
 	if (NM_IN_STRSET (key_mgmt, "wpa-psk", "sae")) {
diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in
index f696ca826c..57e9ab2a48 100644
--- a/clients/common/settings-docs.h.in
+++ b/clients/common/settings-docs.h.in
@@ -24,7 +24,7 @@
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_AUTH_ALG N_("When WEP is used (ie, key-mgmt = \"none\" or \"ieee8021x\") indicate the 802.11 authentication algorithm required by the AP here.  One of \"open\" for Open System, \"shared\" for Shared Key, or \"leap\" for Cisco LEAP.  When using Cisco LEAP (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\") the \"leap-username\" and \"leap-password\" properties must be specified.")
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_FILS N_("Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for the connection.  One of NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) (use global default value), NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE (1) (disable FILS), NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (2) (enable FILS if the supplicant and the access point support it) or NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (3) (enable FILS and fail if not supported).  When set to NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) and no global default is set, FILS will be optionally enabled.")
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_GROUP N_("A list of group/broadcast encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list.  For maximum compatibility leave this property empty.  Each list element may be one of \"wep40\", \"wep104\", \"tkip\", or \"ccmp\".")
-#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_KEY_MGMT N_("Key management used for the connection.  One of \"none\" (WEP), \"ieee8021x\" (Dynamic WEP), \"wpa-psk\" (infrastructure WPA-PSK), \"sae\" (SAE) or \"wpa-eap\" (WPA-Enterprise).  This property must be set for any Wi-Fi connection that uses security.")
+#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_KEY_MGMT N_("Key management used for the connection.  One of \"none\" (WEP), \"ieee8021x\" (Dynamic WEP), \"wpa-psk\" (infrastructure WPA-PSK), \"sae\" (SAE), \"owe\" (Opportunistic Wireless Encryption) or \"wpa-eap\" (WPA-Enterprise).  This property must be set for any Wi-Fi connection that uses security.")
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD N_("The login password for legacy LEAP connections (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\").")
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS N_("Flags indicating how to handle the \"leap-password\" property.")
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_USERNAME N_("The login username for legacy LEAP connections (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\").")
@@ -140,9 +140,9 @@
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_ID N_("A human readable unique identifier for the connection, like \"Work Wi-Fi\" or \"T-Mobile 3G\".")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_INTERFACE_NAME N_("The name of the network interface this connection is bound to. If not set, then the connection can be attached to any interface of the appropriate type (subject to restrictions imposed by other settings). For software devices this specifies the name of the created device. For connection types where interface names cannot easily be made persistent (e.g. mobile broadband or USB Ethernet), this property should not be used. Setting this property restricts the interfaces a connection can be used with, and if interface names change or are reordered the connection may be applied to the wrong interface.")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_LLDP N_("Whether LLDP is enabled for the connection.")
-#define DESCRIBE_DOC_NM_SETTING_CONNECTION_LLMNR N_("Whether Link-Local Multicast Name Resolution (LLMNR) is enabled for the connection. LLMNR is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. The permitted values are: yes: register hostname and resolving for the connection, no: disable LLMNR for the interface, resolve: do not register hostname but allow resolving of LLMNR host names. This feature requires a plugin which supports LLMNR. One such plugin is dns-systemd-resolved.")
+#define DESCRIBE_DOC_NM_SETTING_CONNECTION_LLMNR N_("Whether Link-Local Multicast Name Resolution (LLMNR) is enabled for the connection. LLMNR is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. The permitted values are: \"yes\" (2) register hostname and resolving for the connection, \"no\" (0) disable LLMNR for the interface, \"resolve\" (1) do not register hostname but allow resolving of LLMNR host names If unspecified, \"default\" ultimately depends on the DNS plugin (which for systemd-resolved currently means \"yes\"). This feature requires a plugin which supports LLMNR. Otherwise the setting has no effect. One such plugin is dns-systemd-resolved.")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_MASTER N_("Interface name of the master device or UUID of the master connection.")
-#define DESCRIBE_DOC_NM_SETTING_CONNECTION_MDNS N_("Whether mDNS is enabled for the connection. The permitted values are: yes: register hostname and resolving for the connection, no: disable mDNS for the interface, resolve: do not register hostname but allow resolving of mDNS host names. This feature requires a plugin which supports mDNS. One such plugin is dns-systemd-resolved.")
+#define DESCRIBE_DOC_NM_SETTING_CONNECTION_MDNS N_("Whether mDNS is enabled for the connection. The permitted values are: \"yes\" (2) register hostname and resolving for the connection, \"no\" (0) disable mDNS for the interface, \"resolve\" (1) do not register hostname but allow resolving of mDNS host names and \"default\" (-1) to allow lookup of a global default in NetworkManager.conf. If unspecified, \"default\" ultimately depends on the DNS plugin (which for systemd-resolved currently means \"no\"). This feature requires a plugin which supports mDNS. Otherwise the setting has no effect. One such plugin is dns-systemd-resolved.")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_METERED N_("Whether the connection is metered. When updating this property on a currently activated connection, the change takes effect immediately.")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_MULTI_CONNECT N_("Specifies whether the profile can be active multiple times at a particular moment. The value is of type NMConnectionMultiConnect.")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_PERMISSIONS N_("An array of strings defining what access a given user has to this connection.  If this is NULL or empty, all users are allowed to access this connection; otherwise users are allowed if and only if they are in this list.  When this is not empty, the connection can be active only when one of the specified users is logged into an active session.  Each entry is of the form \"[type]:[id]:[reserved]\"; for example, \"user:dcbw:blah\". At this time only the \"user\" [type] is allowed.  Any other values are ignored and reserved for future use.  [id] is the username that this permission refers to, which may not contain the \":\" character. Any [reserved] information present must be ignored and is reserved for future use.  All of [type], [id], and [reserved] must be valid UTF-8.")
diff --git a/clients/meson.build b/clients/meson.build
index 69e0bfef2b..8b2fa4421b 100644
--- a/clients/meson.build
+++ b/clients/meson.build
@@ -2,15 +2,14 @@ clients_c_flags = ['-DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_C
 
 name = 'nm-online'
 
-deps = [
-  libnm_dep,
-  libnm_nm_default_dep,
-]
-
 executable(
   name,
   name + '.c',
-  dependencies: deps,
+  dependencies: [
+    libnm_dep,
+    libnm_nm_default_dep,
+    libnm_libnm_aux_dep,
+  ],
   c_args: clients_c_flags + ['-DG_LOG_DOMAIN="@0@"'.format(name)],
   link_args: ldflags_linker_script_binary,
   link_depends: linker_script_binary,
diff --git a/clients/nm-online.c b/clients/nm-online.c
index de9c3794f0..9ea57641cb 100644
--- a/clients/nm-online.c
+++ b/clients/nm-online.c
@@ -23,6 +23,8 @@
 #include <getopt.h>
 #include <locale.h>
 
+#include "nm-libnm-aux/nm-libnm-aux.h"
+
 #define PROGRESS_STEPS 15
 
 #define EXIT_NONE               -1
@@ -198,13 +200,16 @@ got_client (GObject *source_object, GAsyncResult *res, gpointer user_data)
 {
 	OnlineData *data = user_data;
 	gs_free_error GError *error = NULL;
-	NMClient *client;
+
+	nm_assert (NM_IS_CLIENT (source_object));
+	nm_assert (NM_CLIENT (source_object) == data->client);
 
 	nm_clear_g_source (&data->client_new_timeout_id);
 	g_clear_object (&data->client_new_cancellable);
 
-	client = nm_client_new_finish (res, &error);
-	if (!client) {
+	if (!g_async_initable_init_finish (G_ASYNC_INITABLE (source_object),
+	                                   res,
+	                                   &error)) {
 		if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
 			return;
 		data->quiet = TRUE;
@@ -214,8 +219,6 @@ got_client (GObject *source_object, GAsyncResult *res, gpointer user_data)
 		return;
 	}
 
-	data->client = client;
-
 	if (quit_if_connected (data))
 		return;
 
@@ -285,7 +288,12 @@ main (int argc, char *argv[])
 	data.client_new_cancellable = g_cancellable_new ();
 
 	data.client_new_timeout_id = g_timeout_add_seconds (30, got_client_timeout, &data);
-	nm_client_new_async (data.client_new_cancellable, got_client, &data);
+
+	data.client = nmc_client_new_async (data.client_new_cancellable,
+	                                    got_client,
+	                                    &data,
+	                                    NM_CLIENT_INSTANCE_FLAGS, (guint) NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS,
+	                                    NULL);
 
 	g_main_loop_run (data.loop);
 
diff --git a/clients/tests/test-client.check-on-disk/test_001.expected b/clients/tests/test-client.check-on-disk/test_001.expected
index a7439bf183..25d4437bff 100644
--- a/clients/tests/test-client.check-on-disk/test_001.expected
+++ b/clients/tests/test-client.check-on-disk/test_001.expected
@@ -100,23 +100,23 @@ returncode: 0
 stdout: 1350 bytes
 >>>
 PERMISSION                                                        VALUE   
+org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
 org.freedesktop.NetworkManager.enable-disable-network             yes     
+org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
 org.freedesktop.NetworkManager.enable-disable-wifi                yes     
-org.freedesktop.NetworkManager.enable-disable-wwan                yes     
 org.freedesktop.NetworkManager.enable-disable-wimax               yes     
-org.freedesktop.NetworkManager.sleep-wake                         no      
+org.freedesktop.NetworkManager.enable-disable-wwan                yes     
 org.freedesktop.NetworkManager.network-control                    yes     
-org.freedesktop.NetworkManager.wifi.share.protected               yes     
-org.freedesktop.NetworkManager.wifi.share.open                    yes     
-org.freedesktop.NetworkManager.settings.modify.system             yes     
-org.freedesktop.NetworkManager.settings.modify.own                yes     
-org.freedesktop.NetworkManager.settings.modify.hostname           yes     
-org.freedesktop.NetworkManager.settings.modify.global-dns         no      
 org.freedesktop.NetworkManager.reload                             no      
-org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
-org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
+org.freedesktop.NetworkManager.settings.modify.global-dns         no      
+org.freedesktop.NetworkManager.settings.modify.hostname           yes     
+org.freedesktop.NetworkManager.settings.modify.own                yes     
+org.freedesktop.NetworkManager.settings.modify.system             yes     
+org.freedesktop.NetworkManager.sleep-wake                         no      
 org.freedesktop.NetworkManager.wifi.scan                          unknown 
+org.freedesktop.NetworkManager.wifi.share.open                    yes     
+org.freedesktop.NetworkManager.wifi.share.protected               yes     
 
 <<<
 size: 1513
@@ -127,23 +127,23 @@ returncode: 0
 stdout: 1368 bytes
 >>>
 PERMISSION                                                        VALUE    
+org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
 org.freedesktop.NetworkManager.enable-disable-network             tak      
+org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
 org.freedesktop.NetworkManager.enable-disable-wifi                tak      
-org.freedesktop.NetworkManager.enable-disable-wwan                tak      
 org.freedesktop.NetworkManager.enable-disable-wimax               tak      
-org.freedesktop.NetworkManager.sleep-wake                         nie      
+org.freedesktop.NetworkManager.enable-disable-wwan                tak      
 org.freedesktop.NetworkManager.network-control                    tak      
-org.freedesktop.NetworkManager.wifi.share.protected               tak      
-org.freedesktop.NetworkManager.wifi.share.open                    tak      
-org.freedesktop.NetworkManager.settings.modify.system             tak      
-org.freedesktop.NetworkManager.settings.modify.own                tak      
-org.freedesktop.NetworkManager.settings.modify.hostname           tak      
-org.freedesktop.NetworkManager.settings.modify.global-dns         nie      
 org.freedesktop.NetworkManager.reload                             nie      
-org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
-org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
+org.freedesktop.NetworkManager.settings.modify.global-dns         nie      
+org.freedesktop.NetworkManager.settings.modify.hostname           tak      
+org.freedesktop.NetworkManager.settings.modify.own                tak      
+org.freedesktop.NetworkManager.settings.modify.system             tak      
+org.freedesktop.NetworkManager.sleep-wake                         nie      
 org.freedesktop.NetworkManager.wifi.scan                          nieznane 
+org.freedesktop.NetworkManager.wifi.share.open                    tak      
+org.freedesktop.NetworkManager.wifi.share.protected               tak      
 
 <<<
 size: 1614
@@ -154,23 +154,23 @@ returncode: 0
 stdout: 1467 bytes
 >>>
 PERMISSION                                                        VALUE   
+org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
 org.freedesktop.NetworkManager.enable-disable-network             [32myes[0m     
+org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
 org.freedesktop.NetworkManager.enable-disable-wifi                [32myes[0m     
-org.freedesktop.NetworkManager.enable-disable-wwan                [32myes[0m     
 org.freedesktop.NetworkManager.enable-disable-wimax               [32myes[0m     
-org.freedesktop.NetworkManager.sleep-wake                         [31mno[0m      
+org.freedesktop.NetworkManager.enable-disable-wwan                [32myes[0m     
 org.freedesktop.NetworkManager.network-control                    [32myes[0m     
-org.freedesktop.NetworkManager.wifi.share.protected               [32myes[0m     
-org.freedesktop.NetworkManager.wifi.share.open                    [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.system             [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.own                [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.hostname           [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.global-dns         [31mno[0m      
 org.freedesktop.NetworkManager.reload                             [31mno[0m      
-org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
-org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
+org.freedesktop.NetworkManager.settings.modify.global-dns         [31mno[0m      
+org.freedesktop.NetworkManager.settings.modify.hostname           [32myes[0m     
+org.freedesktop.NetworkManager.settings.modify.own                [32myes[0m     
+org.freedesktop.NetworkManager.settings.modify.system             [32myes[0m     
+org.freedesktop.NetworkManager.sleep-wake                         [31mno[0m      
 org.freedesktop.NetworkManager.wifi.scan                          unknown 
+org.freedesktop.NetworkManager.wifi.share.open                    [32myes[0m     
+org.freedesktop.NetworkManager.wifi.share.protected               [32myes[0m     
 
 <<<
 size: 1642
@@ -181,23 +181,23 @@ returncode: 0
 stdout: 1485 bytes
 >>>
 PERMISSION                                                        VALUE    
+org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
 org.freedesktop.NetworkManager.enable-disable-network             [32mtak[0m      
+org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
 org.freedesktop.NetworkManager.enable-disable-wifi                [32mtak[0m      
-org.freedesktop.NetworkManager.enable-disable-wwan                [32mtak[0m      
 org.freedesktop.NetworkManager.enable-disable-wimax               [32mtak[0m      
-org.freedesktop.NetworkManager.sleep-wake                         [31mnie[0m      
+org.freedesktop.NetworkManager.enable-disable-wwan                [32mtak[0m      
 org.freedesktop.NetworkManager.network-control                    [32mtak[0m      
-org.freedesktop.NetworkManager.wifi.share.protected               [32mtak[0m      
-org.freedesktop.NetworkManager.wifi.share.open                    [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.system             [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.own                [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.hostname           [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.global-dns         [31mnie[0m      
 org.freedesktop.NetworkManager.reload                             [31mnie[0m      
-org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
-org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
+org.freedesktop.NetworkManager.settings.modify.global-dns         [31mnie[0m      
+org.freedesktop.NetworkManager.settings.modify.hostname           [32mtak[0m      
+org.freedesktop.NetworkManager.settings.modify.own                [32mtak[0m      
+org.freedesktop.NetworkManager.settings.modify.system             [32mtak[0m      
+org.freedesktop.NetworkManager.sleep-wake                         [31mnie[0m      
 org.freedesktop.NetworkManager.wifi.scan                          nieznane 
+org.freedesktop.NetworkManager.wifi.share.open                    [32mtak[0m      
+org.freedesktop.NetworkManager.wifi.share.protected               [32mtak[0m      
 
 <<<
 size: 1691
@@ -212,23 +212,23 @@ stdout: 1547 bytes
 ==============================
 PERMISSION                                                        VALUE   
 ---------------------------------------------------------------------------------------------------------
+org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
 org.freedesktop.NetworkManager.enable-disable-network             yes     
+org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
 org.freedesktop.NetworkManager.enable-disable-wifi                yes     
-org.freedesktop.NetworkManager.enable-disable-wwan                yes     
 org.freedesktop.NetworkManager.enable-disable-wimax               yes     
-org.freedesktop.NetworkManager.sleep-wake                         no      
+org.freedesktop.NetworkManager.enable-disable-wwan                yes     
 org.freedesktop.NetworkManager.network-control                    yes     
-org.freedesktop.NetworkManager.wifi.share.protected               yes     
-org.freedesktop.NetworkManager.wifi.share.open                    yes     
-org.freedesktop.NetworkManager.settings.modify.system             yes     
-org.freedesktop.NetworkManager.settings.modify.own                yes     
-org.freedesktop.NetworkManager.settings.modify.hostname           yes     
-org.freedesktop.NetworkManager.settings.modify.global-dns         no      
 org.freedesktop.NetworkManager.reload                             no      
-org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
-org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
+org.freedesktop.NetworkManager.settings.modify.global-dns         no      
+org.freedesktop.NetworkManager.settings.modify.hostname           yes     
+org.freedesktop.NetworkManager.settings.modify.own                yes     
+org.freedesktop.NetworkManager.settings.modify.system             yes     
+org.freedesktop.NetworkManager.sleep-wake                         no      
 org.freedesktop.NetworkManager.wifi.scan                          unknown 
+org.freedesktop.NetworkManager.wifi.share.open                    yes     
+org.freedesktop.NetworkManager.wifi.share.protected               yes     
 
 <<<
 size: 1749
@@ -243,23 +243,23 @@ stdout: 1595 bytes
 =====================================
 PERMISSION                                                        VALUE    
 -----------------------------------------------------------------------------------------------------------------
+org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
 org.freedesktop.NetworkManager.enable-disable-network             tak      
+org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
 org.freedesktop.NetworkManager.enable-disable-wifi                tak      
-org.freedesktop.NetworkManager.enable-disable-wwan                tak      
 org.freedesktop.NetworkManager.enable-disable-wimax               tak      
-org.freedesktop.NetworkManager.sleep-wake                         nie      
+org.freedesktop.NetworkManager.enable-disable-wwan                tak      
 org.freedesktop.NetworkManager.network-control                    tak      
-org.freedesktop.NetworkManager.wifi.share.protected               tak      
-org.freedesktop.NetworkManager.wifi.share.open                    tak      
-org.freedesktop.NetworkManager.settings.modify.system             tak      
-org.freedesktop.NetworkManager.settings.modify.own                tak      
-org.freedesktop.NetworkManager.settings.modify.hostname           tak      
-org.freedesktop.NetworkManager.settings.modify.global-dns         nie      
 org.freedesktop.NetworkManager.reload                             nie      
-org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
-org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
+org.freedesktop.NetworkManager.settings.modify.global-dns         nie      
+org.freedesktop.NetworkManager.settings.modify.hostname           tak      
+org.freedesktop.NetworkManager.settings.modify.own                tak      
+org.freedesktop.NetworkManager.settings.modify.system             tak      
+org.freedesktop.NetworkManager.sleep-wake                         nie      
 org.freedesktop.NetworkManager.wifi.scan                          nieznane 
+org.freedesktop.NetworkManager.wifi.share.open                    tak      
+org.freedesktop.NetworkManager.wifi.share.protected               tak      
 
 <<<
 size: 1820
@@ -274,23 +274,23 @@ stdout: 1664 bytes
 ==============================
 PERMISSION                                                        VALUE   
 ---------------------------------------------------------------------------------------------------------
+org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
 org.freedesktop.NetworkManager.enable-disable-network             [32myes[0m     
+org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
 org.freedesktop.NetworkManager.enable-disable-wifi                [32myes[0m     
-org.freedesktop.NetworkManager.enable-disable-wwan                [32myes[0m     
 org.freedesktop.NetworkManager.enable-disable-wimax               [32myes[0m     
-org.freedesktop.NetworkManager.sleep-wake                         [31mno[0m      
+org.freedesktop.NetworkManager.enable-disable-wwan                [32myes[0m     
 org.freedesktop.NetworkManager.network-control                    [32myes[0m     
-org.freedesktop.NetworkManager.wifi.share.protected               [32myes[0m     
-org.freedesktop.NetworkManager.wifi.share.open                    [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.system             [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.own                [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.hostname           [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.global-dns         [31mno[0m      
 org.freedesktop.NetworkManager.reload                             [31mno[0m      
-org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
-org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
+org.freedesktop.NetworkManager.settings.modify.global-dns         [31mno[0m      
+org.freedesktop.NetworkManager.settings.modify.hostname           [32myes[0m     
+org.freedesktop.NetworkManager.settings.modify.own                [32myes[0m     
+org.freedesktop.NetworkManager.settings.modify.system             [32myes[0m     
+org.freedesktop.NetworkManager.sleep-wake                         [31mno[0m      
 org.freedesktop.NetworkManager.wifi.scan                          unknown 
+org.freedesktop.NetworkManager.wifi.share.open                    [32myes[0m     
+org.freedesktop.NetworkManager.wifi.share.protected               [32myes[0m     
 
 <<<
 size: 1878
@@ -305,23 +305,23 @@ stdout: 1712 bytes
 =====================================
 PERMISSION                                                        VALUE    
 -----------------------------------------------------------------------------------------------------------------
+org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
 org.freedesktop.NetworkManager.enable-disable-network             [32mtak[0m      
+org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
 org.freedesktop.NetworkManager.enable-disable-wifi                [32mtak[0m      
-org.freedesktop.NetworkManager.enable-disable-wwan                [32mtak[0m      
 org.freedesktop.NetworkManager.enable-disable-wimax               [32mtak[0m      
-org.freedesktop.NetworkManager.sleep-wake                         [31mnie[0m      
+org.freedesktop.NetworkManager.enable-disable-wwan                [32mtak[0m      
 org.freedesktop.NetworkManager.network-control                    [32mtak[0m      
-org.freedesktop.NetworkManager.wifi.share.protected               [32mtak[0m      
-org.freedesktop.NetworkManager.wifi.share.open                    [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.system             [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.own                [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.hostname           [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.global-dns         [31mnie[0m      
 org.freedesktop.NetworkManager.reload                             [31mnie[0m      
-org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
-org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
+org.freedesktop.NetworkManager.settings.modify.global-dns         [31mnie[0m      
+org.freedesktop.NetworkManager.settings.modify.hostname           [32mtak[0m      
+org.freedesktop.NetworkManager.settings.modify.own                [32mtak[0m      
+org.freedesktop.NetworkManager.settings.modify.system             [32mtak[0m      
+org.freedesktop.NetworkManager.sleep-wake                         [31mnie[0m      
 org.freedesktop.NetworkManager.wifi.scan                          nieznane 
+org.freedesktop.NetworkManager.wifi.share.open                    [32mtak[0m      
+org.freedesktop.NetworkManager.wifi.share.protected               [32mtak[0m      
 
 <<<
 size: 1090
@@ -331,23 +331,23 @@ lang: C
 returncode: 0
 stdout: 948 bytes
 >>>
+org.freedesktop.NetworkManager.checkpoint-rollback:unknown
+org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
 org.freedesktop.NetworkManager.enable-disable-network:yes
+org.freedesktop.NetworkManager.enable-disable-statistics:unknown
 org.freedesktop.NetworkManager.enable-disable-wifi:yes
-org.freedesktop.NetworkManager.enable-disable-wwan:yes
 org.freedesktop.NetworkManager.enable-disable-wimax:yes
-org.freedesktop.NetworkManager.sleep-wake:no
+org.freedesktop.NetworkManager.enable-disable-wwan:yes
 org.freedesktop.NetworkManager.network-control:yes
-org.freedesktop.NetworkManager.wifi.share.protected:yes
-org.freedesktop.NetworkManager.wifi.share.open:yes
-org.freedesktop.NetworkManager.settings.modify.system:yes
-org.freedesktop.NetworkManager.settings.modify.own:yes
-org.freedesktop.NetworkManager.settings.modify.hostname:yes
-org.freedesktop.NetworkManager.settings.modify.global-dns:no
 org.freedesktop.NetworkManager.reload:no
-org.freedesktop.NetworkManager.checkpoint-rollback:unknown
-org.freedesktop.NetworkManager.enable-disable-statistics:unknown
-org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
+org.freedesktop.NetworkManager.settings.modify.global-dns:no
+org.freedesktop.NetworkManager.settings.modify.hostname:yes
+org.freedesktop.NetworkManager.settings.modify.own:yes
+org.freedesktop.NetworkManager.settings.modify.system:yes
+org.freedesktop.NetworkManager.sleep-wake:no
 org.freedesktop.NetworkManager.wifi.scan:unknown
+org.freedesktop.NetworkManager.wifi.share.open:yes
+org.freedesktop.NetworkManager.wifi.share.protected:yes
 
 <<<
 size: 1100
@@ -357,23 +357,23 @@ lang: pl_PL.UTF-8
 returncode: 0
 stdout: 948 bytes
 >>>
+org.freedesktop.NetworkManager.checkpoint-rollback:unknown
+org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
 org.freedesktop.NetworkManager.enable-disable-network:yes
+org.freedesktop.NetworkManager.enable-disable-statistics:unknown
 org.freedesktop.NetworkManager.enable-disable-wifi:yes
-org.freedesktop.NetworkManager.enable-disable-wwan:yes
 org.freedesktop.NetworkManager.enable-disable-wimax:yes
-org.freedesktop.NetworkManager.sleep-wake:no
+org.freedesktop.NetworkManager.enable-disable-wwan:yes
 org.freedesktop.NetworkManager.network-control:yes
-org.freedesktop.NetworkManager.wifi.share.protected:yes
-org.freedesktop.NetworkManager.wifi.share.open:yes
-org.freedesktop.NetworkManager.settings.modify.system:yes
-org.freedesktop.NetworkManager.settings.modify.own:yes
-org.freedesktop.NetworkManager.settings.modify.hostname:yes
-org.freedesktop.NetworkManager.settings.modify.global-dns:no
 org.freedesktop.NetworkManager.reload:no
-org.freedesktop.NetworkManager.checkpoint-rollback:unknown
-org.freedesktop.NetworkManager.enable-disable-statistics:unknown
-org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
+org.freedesktop.NetworkManager.settings.modify.global-dns:no
+org.freedesktop.NetworkManager.settings.modify.hostname:yes
+org.freedesktop.NetworkManager.settings.modify.own:yes
+org.freedesktop.NetworkManager.settings.modify.system:yes
+org.freedesktop.NetworkManager.sleep-wake:no
 org.freedesktop.NetworkManager.wifi.scan:unknown
+org.freedesktop.NetworkManager.wifi.share.open:yes
+org.freedesktop.NetworkManager.wifi.share.protected:yes
 
 <<<
 size: 1220
@@ -383,23 +383,23 @@ lang: C
 returncode: 0
 stdout: 1065 bytes
 >>>
+org.freedesktop.NetworkManager.checkpoint-rollback:unknown
+org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
 org.freedesktop.NetworkManager.enable-disable-network:[32myes[0m
+org.freedesktop.NetworkManager.enable-disable-statistics:unknown
 org.freedesktop.NetworkManager.enable-disable-wifi:[32myes[0m
-org.freedesktop.NetworkManager.enable-disable-wwan:[32myes[0m
 org.freedesktop.NetworkManager.enable-disable-wimax:[32myes[0m
-org.freedesktop.NetworkManager.sleep-wake:[31mno[0m
+org.freedesktop.NetworkManager.enable-disable-wwan:[32myes[0m
 org.freedesktop.NetworkManager.network-control:[32myes[0m
-org.freedesktop.NetworkManager.wifi.share.protected:[32myes[0m
-org.freedesktop.NetworkManager.wifi.share.open:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.system:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.own:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.hostname:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.global-dns:[31mno[0m
 org.freedesktop.NetworkManager.reload:[31mno[0m
-org.freedesktop.NetworkManager.checkpoint-rollback:unknown
-org.freedesktop.NetworkManager.enable-disable-statistics:unknown
-org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
+org.freedesktop.NetworkManager.settings.modify.global-dns:[31mno[0m
+org.freedesktop.NetworkManager.settings.modify.hostname:[32myes[0m
+org.freedesktop.NetworkManager.settings.modify.own:[32myes[0m
+org.freedesktop.NetworkManager.settings.modify.system:[32myes[0m
+org.freedesktop.NetworkManager.sleep-wake:[31mno[0m
 org.freedesktop.NetworkManager.wifi.scan:unknown
+org.freedesktop.NetworkManager.wifi.share.open:[32myes[0m
+org.freedesktop.NetworkManager.wifi.share.protected:[32myes[0m
 
 <<<
 size: 1230
@@ -409,23 +409,23 @@ lang: pl_PL.UTF-8
 returncode: 0
 stdout: 1065 bytes
 >>>
+org.freedesktop.NetworkManager.checkpoint-rollback:unknown
+org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
 org.freedesktop.NetworkManager.enable-disable-network:[32myes[0m
+org.freedesktop.NetworkManager.enable-disable-statistics:unknown
 org.freedesktop.NetworkManager.enable-disable-wifi:[32myes[0m
-org.freedesktop.NetworkManager.enable-disable-wwan:[32myes[0m
 org.freedesktop.NetworkManager.enable-disable-wimax:[32myes[0m
-org.freedesktop.NetworkManager.sleep-wake:[31mno[0m
+org.freedesktop.NetworkManager.enable-disable-wwan:[32myes[0m
 org.freedesktop.NetworkManager.network-control:[32myes[0m
-org.freedesktop.NetworkManager.wifi.share.protected:[32myes[0m
-org.freedesktop.NetworkManager.wifi.share.open:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.system:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.own:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.hostname:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.global-dns:[31mno[0m
 org.freedesktop.NetworkManager.reload:[31mno[0m
-org.freedesktop.NetworkManager.checkpoint-rollback:unknown
-org.freedesktop.NetworkManager.enable-disable-statistics:unknown
-org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
+org.freedesktop.NetworkManager.settings.modify.global-dns:[31mno[0m
+org.freedesktop.NetworkManager.settings.modify.hostname:[32myes[0m
+org.freedesktop.NetworkManager.settings.modify.own:[32myes[0m
+org.freedesktop.NetworkManager.settings.modify.system:[32myes[0m
+org.freedesktop.NetworkManager.sleep-wake:[31mno[0m
 org.freedesktop.NetworkManager.wifi.scan:unknown
+org.freedesktop.NetworkManager.wifi.share.open:[32myes[0m
+org.freedesktop.NetworkManager.wifi.share.protected:[32myes[0m
 
 <<<
 size: 1500
@@ -436,23 +436,23 @@ returncode: 0
 stdout: 1350 bytes
 >>>
 PERMISSION                                                        VALUE   
+org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
 org.freedesktop.NetworkManager.enable-disable-network             yes     
+org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
 org.freedesktop.NetworkManager.enable-disable-wifi                yes     
-org.freedesktop.NetworkManager.enable-disable-wwan                yes     
 org.freedesktop.NetworkManager.enable-disable-wimax               yes     
-org.freedesktop.NetworkManager.sleep-wake                         no      
+org.freedesktop.NetworkManager.enable-disable-wwan                yes     
 org.freedesktop.NetworkManager.network-control                    yes     
-org.freedesktop.NetworkManager.wifi.share.protected               yes     
-org.freedesktop.NetworkManager.wifi.share.open                    yes     
-org.freedesktop.NetworkManager.settings.modify.system             yes     
-org.freedesktop.NetworkManager.settings.modify.own                yes     
-org.freedesktop.NetworkManager.settings.modify.hostname           yes     
-org.freedesktop.NetworkManager.settings.modify.global-dns         no      
 org.freedesktop.NetworkManager.reload                             no      
-org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
-org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
+org.freedesktop.NetworkManager.settings.modify.global-dns         no      
+org.freedesktop.NetworkManager.settings.modify.hostname           yes     
+org.freedesktop.NetworkManager.settings.modify.own                yes     
+org.freedesktop.NetworkManager.settings.modify.system             yes     
+org.freedesktop.NetworkManager.sleep-wake                         no      
 org.freedesktop.NetworkManager.wifi.scan                          unknown 
+org.freedesktop.NetworkManager.wifi.share.open                    yes     
+org.freedesktop.NetworkManager.wifi.share.protected               yes     
 
 <<<
 size: 1528
@@ -463,23 +463,23 @@ returncode: 0
 stdout: 1368 bytes
 >>>
 PERMISSION                                                        VALUE    
+org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
 org.freedesktop.NetworkManager.enable-disable-network             tak      
+org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
 org.freedesktop.NetworkManager.enable-disable-wifi                tak      
-org.freedesktop.NetworkManager.enable-disable-wwan                tak      
 org.freedesktop.NetworkManager.enable-disable-wimax               tak      
-org.freedesktop.NetworkManager.sleep-wake                         nie      
+org.freedesktop.NetworkManager.enable-disable-wwan                tak      
 org.freedesktop.NetworkManager.network-control                    tak      
-org.freedesktop.NetworkManager.wifi.share.protected               tak      
-org.freedesktop.NetworkManager.wifi.share.open                    tak      
-org.freedesktop.NetworkManager.settings.modify.system             tak      
-org.freedesktop.NetworkManager.settings.modify.own                tak      
-org.freedesktop.NetworkManager.settings.modify.hostname           tak      
-org.freedesktop.NetworkManager.settings.modify.global-dns         nie      
 org.freedesktop.NetworkManager.reload                             nie      
-org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
-org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
+org.freedesktop.NetworkManager.settings.modify.global-dns         nie      
+org.freedesktop.NetworkManager.settings.modify.hostname           tak      
+org.freedesktop.NetworkManager.settings.modify.own                tak      
+org.freedesktop.NetworkManager.settings.modify.system             tak      
+org.freedesktop.NetworkManager.sleep-wake                         nie      
 org.freedesktop.NetworkManager.wifi.scan                          nieznane 
+org.freedesktop.NetworkManager.wifi.share.open                    tak      
+org.freedesktop.NetworkManager.wifi.share.protected               tak      
 
 <<<
 size: 1629
@@ -490,23 +490,23 @@ returncode: 0
 stdout: 1467 bytes
 >>>
 PERMISSION                                                        VALUE   
+org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
 org.freedesktop.NetworkManager.enable-disable-network             [32myes[0m     
+org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
 org.freedesktop.NetworkManager.enable-disable-wifi                [32myes[0m     
-org.freedesktop.NetworkManager.enable-disable-wwan                [32myes[0m     
 org.freedesktop.NetworkManager.enable-disable-wimax               [32myes[0m     
-org.freedesktop.NetworkManager.sleep-wake                         [31mno[0m      
+org.freedesktop.NetworkManager.enable-disable-wwan                [32myes[0m     
 org.freedesktop.NetworkManager.network-control                    [32myes[0m     
-org.freedesktop.NetworkManager.wifi.share.protected               [32myes[0m     
-org.freedesktop.NetworkManager.wifi.share.open                    [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.system             [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.own                [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.hostname           [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.global-dns         [31mno[0m      
 org.freedesktop.NetworkManager.reload                             [31mno[0m      
-org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
-org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
+org.freedesktop.NetworkManager.settings.modify.global-dns         [31mno[0m      
+org.freedesktop.NetworkManager.settings.modify.hostname           [32myes[0m     
+org.freedesktop.NetworkManager.settings.modify.own                [32myes[0m     
+org.freedesktop.NetworkManager.settings.modify.system             [32myes[0m     
+org.freedesktop.NetworkManager.sleep-wake                         [31mno[0m      
 org.freedesktop.NetworkManager.wifi.scan                          unknown 
+org.freedesktop.NetworkManager.wifi.share.open                    [32myes[0m     
+org.freedesktop.NetworkManager.wifi.share.protected               [32myes[0m     
 
 <<<
 size: 1657
@@ -517,23 +517,23 @@ returncode: 0
 stdout: 1485 bytes
 >>>
 PERMISSION                                                        VALUE    
+org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
 org.freedesktop.NetworkManager.enable-disable-network             [32mtak[0m      
+org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
 org.freedesktop.NetworkManager.enable-disable-wifi                [32mtak[0m      
-org.freedesktop.NetworkManager.enable-disable-wwan                [32mtak[0m      
 org.freedesktop.NetworkManager.enable-disable-wimax               [32mtak[0m      
-org.freedesktop.NetworkManager.sleep-wake                         [31mnie[0m      
+org.freedesktop.NetworkManager.enable-disable-wwan                [32mtak[0m      
 org.freedesktop.NetworkManager.network-control                    [32mtak[0m      
-org.freedesktop.NetworkManager.wifi.share.protected               [32mtak[0m      
-org.freedesktop.NetworkManager.wifi.share.open                    [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.system             [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.own                [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.hostname           [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.global-dns         [31mnie[0m      
 org.freedesktop.NetworkManager.reload                             [31mnie[0m      
-org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
-org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
+org.freedesktop.NetworkManager.settings.modify.global-dns         [31mnie[0m      
+org.freedesktop.NetworkManager.settings.modify.hostname           [32mtak[0m      
+org.freedesktop.NetworkManager.settings.modify.own                [32mtak[0m      
+org.freedesktop.NetworkManager.settings.modify.system             [32mtak[0m      
+org.freedesktop.NetworkManager.sleep-wake                         [31mnie[0m      
 org.freedesktop.NetworkManager.wifi.scan                          nieznane 
+org.freedesktop.NetworkManager.wifi.share.open                    [32mtak[0m      
+org.freedesktop.NetworkManager.wifi.share.protected               [32mtak[0m      
 
 <<<
 size: 1706
@@ -548,23 +548,23 @@ stdout: 1547 bytes
 ==============================
 PERMISSION                                                        VALUE   
 ---------------------------------------------------------------------------------------------------------
+org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
 org.freedesktop.NetworkManager.enable-disable-network             yes     
+org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
 org.freedesktop.NetworkManager.enable-disable-wifi                yes     
-org.freedesktop.NetworkManager.enable-disable-wwan                yes     
 org.freedesktop.NetworkManager.enable-disable-wimax               yes     
-org.freedesktop.NetworkManager.sleep-wake                         no      
+org.freedesktop.NetworkManager.enable-disable-wwan                yes     
 org.freedesktop.NetworkManager.network-control                    yes     
-org.freedesktop.NetworkManager.wifi.share.protected               yes     
-org.freedesktop.NetworkManager.wifi.share.open                    yes     
-org.freedesktop.NetworkManager.settings.modify.system             yes     
-org.freedesktop.NetworkManager.settings.modify.own                yes     
-org.freedesktop.NetworkManager.settings.modify.hostname           yes     
-org.freedesktop.NetworkManager.settings.modify.global-dns         no      
 org.freedesktop.NetworkManager.reload                             no      
-org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
-org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
+org.freedesktop.NetworkManager.settings.modify.global-dns         no      
+org.freedesktop.NetworkManager.settings.modify.hostname           yes     
+org.freedesktop.NetworkManager.settings.modify.own                yes     
+org.freedesktop.NetworkManager.settings.modify.system             yes     
+org.freedesktop.NetworkManager.sleep-wake                         no      
 org.freedesktop.NetworkManager.wifi.scan                          unknown 
+org.freedesktop.NetworkManager.wifi.share.open                    yes     
+org.freedesktop.NetworkManager.wifi.share.protected               yes     
 
 <<<
 size: 1764
@@ -579,23 +579,23 @@ stdout: 1595 bytes
 =====================================
 PERMISSION                                                        VALUE    
 -----------------------------------------------------------------------------------------------------------------
+org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
 org.freedesktop.NetworkManager.enable-disable-network             tak      
+org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
 org.freedesktop.NetworkManager.enable-disable-wifi                tak      
-org.freedesktop.NetworkManager.enable-disable-wwan                tak      
 org.freedesktop.NetworkManager.enable-disable-wimax               tak      
-org.freedesktop.NetworkManager.sleep-wake                         nie      
+org.freedesktop.NetworkManager.enable-disable-wwan                tak      
 org.freedesktop.NetworkManager.network-control                    tak      
-org.freedesktop.NetworkManager.wifi.share.protected               tak      
-org.freedesktop.NetworkManager.wifi.share.open                    tak      
-org.freedesktop.NetworkManager.settings.modify.system             tak      
-org.freedesktop.NetworkManager.settings.modify.own                tak      
-org.freedesktop.NetworkManager.settings.modify.hostname           tak      
-org.freedesktop.NetworkManager.settings.modify.global-dns         nie      
 org.freedesktop.NetworkManager.reload                             nie      
-org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
-org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
+org.freedesktop.NetworkManager.settings.modify.global-dns         nie      
+org.freedesktop.NetworkManager.settings.modify.hostname           tak      
+org.freedesktop.NetworkManager.settings.modify.own                tak      
+org.freedesktop.NetworkManager.settings.modify.system             tak      
+org.freedesktop.NetworkManager.sleep-wake                         nie      
 org.freedesktop.NetworkManager.wifi.scan                          nieznane 
+org.freedesktop.NetworkManager.wifi.share.open                    tak      
+org.freedesktop.NetworkManager.wifi.share.protected               tak      
 
 <<<
 size: 1835
@@ -610,23 +610,23 @@ stdout: 1664 bytes
 ==============================
 PERMISSION                                                        VALUE   
 ---------------------------------------------------------------------------------------------------------
+org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
 org.freedesktop.NetworkManager.enable-disable-network             [32myes[0m     
+org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
 org.freedesktop.NetworkManager.enable-disable-wifi                [32myes[0m     
-org.freedesktop.NetworkManager.enable-disable-wwan                [32myes[0m     
 org.freedesktop.NetworkManager.enable-disable-wimax               [32myes[0m     
-org.freedesktop.NetworkManager.sleep-wake                         [31mno[0m      
+org.freedesktop.NetworkManager.enable-disable-wwan                [32myes[0m     
 org.freedesktop.NetworkManager.network-control                    [32myes[0m     
-org.freedesktop.NetworkManager.wifi.share.protected               [32myes[0m     
-org.freedesktop.NetworkManager.wifi.share.open                    [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.system             [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.own                [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.hostname           [32myes[0m     
-org.freedesktop.NetworkManager.settings.modify.global-dns         [31mno[0m      
 org.freedesktop.NetworkManager.reload                             [31mno[0m      
-org.freedesktop.NetworkManager.checkpoint-rollback                unknown 
-org.freedesktop.NetworkManager.enable-disable-statistics          unknown 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  unknown 
+org.freedesktop.NetworkManager.settings.modify.global-dns         [31mno[0m      
+org.freedesktop.NetworkManager.settings.modify.hostname           [32myes[0m     
+org.freedesktop.NetworkManager.settings.modify.own                [32myes[0m     
+org.freedesktop.NetworkManager.settings.modify.system             [32myes[0m     
+org.freedesktop.NetworkManager.sleep-wake                         [31mno[0m      
 org.freedesktop.NetworkManager.wifi.scan                          unknown 
+org.freedesktop.NetworkManager.wifi.share.open                    [32myes[0m     
+org.freedesktop.NetworkManager.wifi.share.protected               [32myes[0m     
 
 <<<
 size: 1893
@@ -641,23 +641,23 @@ stdout: 1712 bytes
 =====================================
 PERMISSION                                                        VALUE    
 -----------------------------------------------------------------------------------------------------------------
+org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
+org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
 org.freedesktop.NetworkManager.enable-disable-network             [32mtak[0m      
+org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
 org.freedesktop.NetworkManager.enable-disable-wifi                [32mtak[0m      
-org.freedesktop.NetworkManager.enable-disable-wwan                [32mtak[0m      
 org.freedesktop.NetworkManager.enable-disable-wimax               [32mtak[0m      
-org.freedesktop.NetworkManager.sleep-wake                         [31mnie[0m      
+org.freedesktop.NetworkManager.enable-disable-wwan                [32mtak[0m      
 org.freedesktop.NetworkManager.network-control                    [32mtak[0m      
-org.freedesktop.NetworkManager.wifi.share.protected               [32mtak[0m      
-org.freedesktop.NetworkManager.wifi.share.open                    [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.system             [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.own                [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.hostname           [32mtak[0m      
-org.freedesktop.NetworkManager.settings.modify.global-dns         [31mnie[0m      
 org.freedesktop.NetworkManager.reload                             [31mnie[0m      
-org.freedesktop.NetworkManager.checkpoint-rollback                nieznane 
-org.freedesktop.NetworkManager.enable-disable-statistics          nieznane 
-org.freedesktop.NetworkManager.enable-disable-connectivity-check  nieznane 
+org.freedesktop.NetworkManager.settings.modify.global-dns         [31mnie[0m      
+org.freedesktop.NetworkManager.settings.modify.hostname           [32mtak[0m      
+org.freedesktop.NetworkManager.settings.modify.own                [32mtak[0m      
+org.freedesktop.NetworkManager.settings.modify.system             [32mtak[0m      
+org.freedesktop.NetworkManager.sleep-wake                         [31mnie[0m      
 org.freedesktop.NetworkManager.wifi.scan                          nieznane 
+org.freedesktop.NetworkManager.wifi.share.open                    [32mtak[0m      
+org.freedesktop.NetworkManager.wifi.share.protected               [32mtak[0m      
 
 <<<
 size: 1105
@@ -667,23 +667,23 @@ lang: C
 returncode: 0
 stdout: 948 bytes
 >>>
+org.freedesktop.NetworkManager.checkpoint-rollback:unknown
+org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
 org.freedesktop.NetworkManager.enable-disable-network:yes
+org.freedesktop.NetworkManager.enable-disable-statistics:unknown
 org.freedesktop.NetworkManager.enable-disable-wifi:yes
-org.freedesktop.NetworkManager.enable-disable-wwan:yes
 org.freedesktop.NetworkManager.enable-disable-wimax:yes
-org.freedesktop.NetworkManager.sleep-wake:no
+org.freedesktop.NetworkManager.enable-disable-wwan:yes
 org.freedesktop.NetworkManager.network-control:yes
-org.freedesktop.NetworkManager.wifi.share.protected:yes
-org.freedesktop.NetworkManager.wifi.share.open:yes
-org.freedesktop.NetworkManager.settings.modify.system:yes
-org.freedesktop.NetworkManager.settings.modify.own:yes
-org.freedesktop.NetworkManager.settings.modify.hostname:yes
-org.freedesktop.NetworkManager.settings.modify.global-dns:no
 org.freedesktop.NetworkManager.reload:no
-org.freedesktop.NetworkManager.checkpoint-rollback:unknown
-org.freedesktop.NetworkManager.enable-disable-statistics:unknown
-org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
+org.freedesktop.NetworkManager.settings.modify.global-dns:no
+org.freedesktop.NetworkManager.settings.modify.hostname:yes
+org.freedesktop.NetworkManager.settings.modify.own:yes
+org.freedesktop.NetworkManager.settings.modify.system:yes
+org.freedesktop.NetworkManager.sleep-wake:no
 org.freedesktop.NetworkManager.wifi.scan:unknown
+org.freedesktop.NetworkManager.wifi.share.open:yes
+org.freedesktop.NetworkManager.wifi.share.protected:yes
 
 <<<
 size: 1115
@@ -693,23 +693,23 @@ lang: pl_PL.UTF-8
 returncode: 0
 stdout: 948 bytes
 >>>
+org.freedesktop.NetworkManager.checkpoint-rollback:unknown
+org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
 org.freedesktop.NetworkManager.enable-disable-network:yes
+org.freedesktop.NetworkManager.enable-disable-statistics:unknown
 org.freedesktop.NetworkManager.enable-disable-wifi:yes
-org.freedesktop.NetworkManager.enable-disable-wwan:yes
 org.freedesktop.NetworkManager.enable-disable-wimax:yes
-org.freedesktop.NetworkManager.sleep-wake:no
+org.freedesktop.NetworkManager.enable-disable-wwan:yes
 org.freedesktop.NetworkManager.network-control:yes
-org.freedesktop.NetworkManager.wifi.share.protected:yes
-org.freedesktop.NetworkManager.wifi.share.open:yes
-org.freedesktop.NetworkManager.settings.modify.system:yes
-org.freedesktop.NetworkManager.settings.modify.own:yes
-org.freedesktop.NetworkManager.settings.modify.hostname:yes
-org.freedesktop.NetworkManager.settings.modify.global-dns:no
 org.freedesktop.NetworkManager.reload:no
-org.freedesktop.NetworkManager.checkpoint-rollback:unknown
-org.freedesktop.NetworkManager.enable-disable-statistics:unknown
-org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
+org.freedesktop.NetworkManager.settings.modify.global-dns:no
+org.freedesktop.NetworkManager.settings.modify.hostname:yes
+org.freedesktop.NetworkManager.settings.modify.own:yes
+org.freedesktop.NetworkManager.settings.modify.system:yes
+org.freedesktop.NetworkManager.sleep-wake:no
 org.freedesktop.NetworkManager.wifi.scan:unknown
+org.freedesktop.NetworkManager.wifi.share.open:yes
+org.freedesktop.NetworkManager.wifi.share.protected:yes
 
 <<<
 size: 1235
@@ -719,23 +719,23 @@ lang: C
 returncode: 0
 stdout: 1065 bytes
 >>>
+org.freedesktop.NetworkManager.checkpoint-rollback:unknown
+org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
 org.freedesktop.NetworkManager.enable-disable-network:[32myes[0m
+org.freedesktop.NetworkManager.enable-disable-statistics:unknown
 org.freedesktop.NetworkManager.enable-disable-wifi:[32myes[0m
-org.freedesktop.NetworkManager.enable-disable-wwan:[32myes[0m
 org.freedesktop.NetworkManager.enable-disable-wimax:[32myes[0m
-org.freedesktop.NetworkManager.sleep-wake:[31mno[0m
+org.freedesktop.NetworkManager.enable-disable-wwan:[32myes[0m
 org.freedesktop.NetworkManager.network-control:[32myes[0m
-org.freedesktop.NetworkManager.wifi.share.protected:[32myes[0m
-org.freedesktop.NetworkManager.wifi.share.open:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.system:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.own:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.hostname:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.global-dns:[31mno[0m
 org.freedesktop.NetworkManager.reload:[31mno[0m
-org.freedesktop.NetworkManager.checkpoint-rollback:unknown
-org.freedesktop.NetworkManager.enable-disable-statistics:unknown
-org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
+org.freedesktop.NetworkManager.settings.modify.global-dns:[31mno[0m
+org.freedesktop.NetworkManager.settings.modify.hostname:[32myes[0m
+org.freedesktop.NetworkManager.settings.modify.own:[32myes[0m
+org.freedesktop.NetworkManager.settings.modify.system:[32myes[0m
+org.freedesktop.NetworkManager.sleep-wake:[31mno[0m
 org.freedesktop.NetworkManager.wifi.scan:unknown
+org.freedesktop.NetworkManager.wifi.share.open:[32myes[0m
+org.freedesktop.NetworkManager.wifi.share.protected:[32myes[0m
 
 <<<
 size: 1245
@@ -745,23 +745,23 @@ lang: pl_PL.UTF-8
 returncode: 0
 stdout: 1065 bytes
 >>>
+org.freedesktop.NetworkManager.checkpoint-rollback:unknown
+org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
 org.freedesktop.NetworkManager.enable-disable-network:[32myes[0m
+org.freedesktop.NetworkManager.enable-disable-statistics:unknown
 org.freedesktop.NetworkManager.enable-disable-wifi:[32myes[0m
-org.freedesktop.NetworkManager.enable-disable-wwan:[32myes[0m
 org.freedesktop.NetworkManager.enable-disable-wimax:[32myes[0m
-org.freedesktop.NetworkManager.sleep-wake:[31mno[0m
+org.freedesktop.NetworkManager.enable-disable-wwan:[32myes[0m
 org.freedesktop.NetworkManager.network-control:[32myes[0m
-org.freedesktop.NetworkManager.wifi.share.protected:[32myes[0m
-org.freedesktop.NetworkManager.wifi.share.open:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.system:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.own:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.hostname:[32myes[0m
-org.freedesktop.NetworkManager.settings.modify.global-dns:[31mno[0m
 org.freedesktop.NetworkManager.reload:[31mno[0m
-org.freedesktop.NetworkManager.checkpoint-rollback:unknown
-org.freedesktop.NetworkManager.enable-disable-statistics:unknown
-org.freedesktop.NetworkManager.enable-disable-connectivity-check:unknown
+org.freedesktop.NetworkManager.settings.modify.global-dns:[31mno[0m
+org.freedesktop.NetworkManager.settings.modify.hostname:[32myes[0m
+org.freedesktop.NetworkManager.settings.modify.own:[32myes[0m
+org.freedesktop.NetworkManager.settings.modify.system:[32myes[0m
+org.freedesktop.NetworkManager.sleep-wake:[31mno[0m
 org.freedesktop.NetworkManager.wifi.scan:unknown
+org.freedesktop.NetworkManager.wifi.share.open:[32myes[0m
+org.freedesktop.NetworkManager.wifi.share.protected:[32myes[0m
 
 <<<
 size: 2460
@@ -771,40 +771,40 @@ lang: C
 returncode: 0
 stdout: 2308 bytes
 >>>
+PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:                                  unknown
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:                                  unknown
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-network
 VALUE:                                  yes
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:                                  unknown
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:                                  yes
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
-VALUE:                                  yes
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:                                  yes
-PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
-VALUE:                                  no
-PERMISSION:                             org.freedesktop.NetworkManager.network-control
-VALUE:                                  yes
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
 VALUE:                                  yes
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+PERMISSION:                             org.freedesktop.NetworkManager.network-control
 VALUE:                                  yes
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:                             org.freedesktop.NetworkManager.reload
+VALUE:                                  no
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:                                  no
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:                                  yes
 PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.own
 VALUE:                                  yes
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
 VALUE:                                  yes
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:                                  no
-PERMISSION:                             org.freedesktop.NetworkManager.reload
+PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
 VALUE:                                  no
-PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:                                  unknown
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
-VALUE:                                  unknown
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:                                  unknown
 PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
 VALUE:                                  unknown
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+VALUE:                                  yes
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:                                  yes
 
 <<<
 size: 2477
@@ -814,40 +814,40 @@ lang: pl_PL.UTF-8
 returncode: 0
 stdout: 2315 bytes
 >>>
+PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:                                  nieznane
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:                                  nieznane
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-network
 VALUE:                                  tak
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:                                  nieznane
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:                                  tak
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
-VALUE:                                  tak
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:                                  tak
-PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
-VALUE:                                  nie
-PERMISSION:                             org.freedesktop.NetworkManager.network-control
-VALUE:                                  tak
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
 VALUE:                                  tak
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+PERMISSION:                             org.freedesktop.NetworkManager.network-control
 VALUE:                                  tak
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:                             org.freedesktop.NetworkManager.reload
+VALUE:                                  nie
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:                                  nie
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:                                  tak
 PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.own
 VALUE:                                  tak
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
 VALUE:                                  tak
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:                                  nie
-PERMISSION:                             org.freedesktop.NetworkManager.reload
+PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
 VALUE:                                  nie
-PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:                                  nieznane
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
-VALUE:                                  nieznane
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:                                  nieznane
 PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
 VALUE:                                  nieznane
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+VALUE:                                  tak
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:                                  tak
 
 <<<
 size: 2589
@@ -857,40 +857,40 @@ lang: C
 returncode: 0
 stdout: 2425 bytes
 >>>
+PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:                                  unknown
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:                                  unknown
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-network
 VALUE:                                  [32myes[0m
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:                                  unknown
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:                                  [32myes[0m
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
-VALUE:                                  [32myes[0m
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:                                  [32myes[0m
-PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
-VALUE:                                  [31mno[0m
-PERMISSION:                             org.freedesktop.NetworkManager.network-control
-VALUE:                                  [32myes[0m
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
 VALUE:                                  [32myes[0m
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+PERMISSION:                             org.freedesktop.NetworkManager.network-control
 VALUE:                                  [32myes[0m
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:                             org.freedesktop.NetworkManager.reload
+VALUE:                                  [31mno[0m
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:                                  [31mno[0m
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:                                  [32myes[0m
 PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.own
 VALUE:                                  [32myes[0m
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
 VALUE:                                  [32myes[0m
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:                                  [31mno[0m
-PERMISSION:                             org.freedesktop.NetworkManager.reload
+PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
 VALUE:                                  [31mno[0m
-PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:                                  unknown
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
-VALUE:                                  unknown
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:                                  unknown
 PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
 VALUE:                                  unknown
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+VALUE:                                  [32myes[0m
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:                                  [32myes[0m
 
 <<<
 size: 2606
@@ -900,40 +900,40 @@ lang: pl_PL.UTF-8
 returncode: 0
 stdout: 2432 bytes
 >>>
+PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:                                  nieznane
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:                                  nieznane
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-network
 VALUE:                                  [32mtak[0m
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:                                  nieznane
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:                                  [32mtak[0m
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
-VALUE:                                  [32mtak[0m
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:                                  [32mtak[0m
-PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
-VALUE:                                  [31mnie[0m
-PERMISSION:                             org.freedesktop.NetworkManager.network-control
-VALUE:                                  [32mtak[0m
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
 VALUE:                                  [32mtak[0m
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+PERMISSION:                             org.freedesktop.NetworkManager.network-control
 VALUE:                                  [32mtak[0m
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:                             org.freedesktop.NetworkManager.reload
+VALUE:                                  [31mnie[0m
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:                                  [31mnie[0m
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:                                  [32mtak[0m
 PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.own
 VALUE:                                  [32mtak[0m
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
 VALUE:                                  [32mtak[0m
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:                                  [31mnie[0m
-PERMISSION:                             org.freedesktop.NetworkManager.reload
+PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
 VALUE:                                  [31mnie[0m
-PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:                                  nieznane
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
-VALUE:                                  nieznane
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:                                  nieznane
 PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
 VALUE:                                  nieznane
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+VALUE:                                  [32mtak[0m
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:                                  [32mtak[0m
 
 <<<
 size: 4042
@@ -946,56 +946,56 @@ stdout: 3881 bytes
 ===============================================================================
                           NetworkManager permissions
 ===============================================================================
+PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:                                  unknown
+-------------------------------------------------------------------------------
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:                                  unknown
+-------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-network
 VALUE:                                  yes
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
-VALUE:                                  yes
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:                                  unknown
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:                                  yes
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:                                  yes
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
-VALUE:                                  no
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
+VALUE:                                  yes
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.network-control
 VALUE:                                  yes
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
-VALUE:                                  yes
+PERMISSION:                             org.freedesktop.NetworkManager.reload
+VALUE:                                  no
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
-VALUE:                                  yes
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:                                  no
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:                                  yes
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.own
 VALUE:                                  yes
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
 VALUE:                                  yes
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:                                  no
--------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.reload
+PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
 VALUE:                                  no
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:                                  unknown
--------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
 VALUE:                                  unknown
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:                                  unknown
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+VALUE:                                  yes
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
-VALUE:                                  unknown
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:                                  yes
 -------------------------------------------------------------------------------
 
 <<<
@@ -1009,56 +1009,56 @@ stdout: 3893 bytes
 ===============================================================================
                        Uprawnienia usługi NetworkManager
 ===============================================================================
+PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:                                  nieznane
+-------------------------------------------------------------------------------
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:                                  nieznane
+-------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-network
 VALUE:                                  tak
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
-VALUE:                                  tak
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:                                  nieznane
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:                                  tak
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:                                  tak
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
-VALUE:                                  nie
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
+VALUE:                                  tak
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.network-control
 VALUE:                                  tak
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
-VALUE:                                  tak
+PERMISSION:                             org.freedesktop.NetworkManager.reload
+VALUE:                                  nie
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
-VALUE:                                  tak
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:                                  nie
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:                                  tak
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.own
 VALUE:                                  tak
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
 VALUE:                                  tak
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:                                  nie
--------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.reload
+PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
 VALUE:                                  nie
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:                                  nieznane
--------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
 VALUE:                                  nieznane
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:                                  nieznane
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+VALUE:                                  tak
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
-VALUE:                                  nieznane
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:                                  tak
 -------------------------------------------------------------------------------
 
 <<<
@@ -1072,56 +1072,56 @@ stdout: 3998 bytes
 ===============================================================================
                           NetworkManager permissions
 ===============================================================================
+PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:                                  unknown
+-------------------------------------------------------------------------------
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:                                  unknown
+-------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-network
 VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
-VALUE:                                  [32myes[0m
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:                                  unknown
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
-VALUE:                                  [31mno[0m
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
+VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.network-control
 VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
-VALUE:                                  [32myes[0m
+PERMISSION:                             org.freedesktop.NetworkManager.reload
+VALUE:                                  [31mno[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
-VALUE:                                  [32myes[0m
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:                                  [31mno[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.own
 VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
 VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:                                  [31mno[0m
--------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.reload
+PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
 VALUE:                                  [31mno[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:                                  unknown
--------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
 VALUE:                                  unknown
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:                                  unknown
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
-VALUE:                                  unknown
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:                                  [32myes[0m
 -------------------------------------------------------------------------------
 
 <<<
@@ -1135,56 +1135,56 @@ stdout: 4010 bytes
 ===============================================================================
                        Uprawnienia usługi NetworkManager
 ===============================================================================
+PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:                                  nieznane
+-------------------------------------------------------------------------------
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:                                  nieznane
+-------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-network
 VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
-VALUE:                                  [32mtak[0m
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:                                  nieznane
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
-VALUE:                                  [31mnie[0m
+PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-wwan
+VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.network-control
 VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
-VALUE:                                  [32mtak[0m
+PERMISSION:                             org.freedesktop.NetworkManager.reload
+VALUE:                                  [31mnie[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
-VALUE:                                  [32mtak[0m
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:                                  [31mnie[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
 PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.own
 VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.system
 VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:                                  [31mnie[0m
--------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.reload
+PERMISSION:                             org.freedesktop.NetworkManager.sleep-wake
 VALUE:                                  [31mnie[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:                                  nieznane
--------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-statistics
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
 VALUE:                                  nieznane
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:                                  nieznane
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.open
+VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
-PERMISSION:                             org.freedesktop.NetworkManager.wifi.scan
-VALUE:                                  nieznane
+PERMISSION:                             org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:                                  [32mtak[0m
 -------------------------------------------------------------------------------
 
 <<<
@@ -1195,40 +1195,40 @@ lang: C
 returncode: 0
 stdout: 1237 bytes
 >>>
+PERMISSION:org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:unknown
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-network
 VALUE:yes
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-wwan
-VALUE:yes
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.sleep-wake
-VALUE:no
-PERMISSION:org.freedesktop.NetworkManager.network-control
-VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.wifi.share.protected
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-wwan
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.wifi.share.open
+PERMISSION:org.freedesktop.NetworkManager.network-control
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:org.freedesktop.NetworkManager.reload
+VALUE:no
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:no
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:yes
 PERMISSION:org.freedesktop.NetworkManager.settings.modify.own
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.system
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:no
-PERMISSION:org.freedesktop.NetworkManager.reload
+PERMISSION:org.freedesktop.NetworkManager.sleep-wake
 VALUE:no
-PERMISSION:org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:unknown
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-statistics
-VALUE:unknown
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.wifi.scan
 VALUE:unknown
+PERMISSION:org.freedesktop.NetworkManager.wifi.share.open
+VALUE:yes
+PERMISSION:org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:yes
 
 <<<
 size: 1407
@@ -1238,40 +1238,40 @@ lang: pl_PL.UTF-8
 returncode: 0
 stdout: 1237 bytes
 >>>
+PERMISSION:org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:unknown
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-network
 VALUE:yes
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-wwan
-VALUE:yes
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.sleep-wake
-VALUE:no
-PERMISSION:org.freedesktop.NetworkManager.network-control
-VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.wifi.share.protected
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-wwan
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.wifi.share.open
+PERMISSION:org.freedesktop.NetworkManager.network-control
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:org.freedesktop.NetworkManager.reload
+VALUE:no
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:no
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:yes
 PERMISSION:org.freedesktop.NetworkManager.settings.modify.own
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.system
 VALUE:yes
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:no
-PERMISSION:org.freedesktop.NetworkManager.reload
+PERMISSION:org.freedesktop.NetworkManager.sleep-wake
 VALUE:no
-PERMISSION:org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:unknown
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-statistics
-VALUE:unknown
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.wifi.scan
 VALUE:unknown
+PERMISSION:org.freedesktop.NetworkManager.wifi.share.open
+VALUE:yes
+PERMISSION:org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:yes
 
 <<<
 size: 1526
@@ -1281,40 +1281,40 @@ lang: C
 returncode: 0
 stdout: 1354 bytes
 >>>
+PERMISSION:org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:unknown
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-network
 VALUE:[32myes[0m
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-wwan
-VALUE:[32myes[0m
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.sleep-wake
-VALUE:[31mno[0m
-PERMISSION:org.freedesktop.NetworkManager.network-control
-VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.wifi.share.protected
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-wwan
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.wifi.share.open
+PERMISSION:org.freedesktop.NetworkManager.network-control
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:org.freedesktop.NetworkManager.reload
+VALUE:[31mno[0m
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:[31mno[0m
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:[32myes[0m
 PERMISSION:org.freedesktop.NetworkManager.settings.modify.own
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.system
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:[31mno[0m
-PERMISSION:org.freedesktop.NetworkManager.reload
+PERMISSION:org.freedesktop.NetworkManager.sleep-wake
 VALUE:[31mno[0m
-PERMISSION:org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:unknown
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-statistics
-VALUE:unknown
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.wifi.scan
 VALUE:unknown
+PERMISSION:org.freedesktop.NetworkManager.wifi.share.open
+VALUE:[32myes[0m
+PERMISSION:org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:[32myes[0m
 
 <<<
 size: 1536
@@ -1324,39 +1324,39 @@ lang: pl_PL.UTF-8
 returncode: 0
 stdout: 1354 bytes
 >>>
+PERMISSION:org.freedesktop.NetworkManager.checkpoint-rollback
+VALUE:unknown
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-connectivity-check
+VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-network
 VALUE:[32myes[0m
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-statistics
+VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-wifi
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-wwan
-VALUE:[32myes[0m
 PERMISSION:org.freedesktop.NetworkManager.enable-disable-wimax
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.sleep-wake
-VALUE:[31mno[0m
-PERMISSION:org.freedesktop.NetworkManager.network-control
-VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.wifi.share.protected
+PERMISSION:org.freedesktop.NetworkManager.enable-disable-wwan
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.wifi.share.open
+PERMISSION:org.freedesktop.NetworkManager.network-control
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.system
+PERMISSION:org.freedesktop.NetworkManager.reload
+VALUE:[31mno[0m
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.global-dns
+VALUE:[31mno[0m
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.hostname
 VALUE:[32myes[0m
 PERMISSION:org.freedesktop.NetworkManager.settings.modify.own
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.hostname
+PERMISSION:org.freedesktop.NetworkManager.settings.modify.system
 VALUE:[32myes[0m
-PERMISSION:org.freedesktop.NetworkManager.settings.modify.global-dns
-VALUE:[31mno[0m
-PERMISSION:org.freedesktop.NetworkManager.reload
+PERMISSION:org.freedesktop.NetworkManager.sleep-wake
 VALUE:[31mno[0m
-PERMISSION:org.freedesktop.NetworkManager.checkpoint-rollback
-VALUE:unknown
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-statistics
-VALUE:unknown
-PERMISSION:org.freedesktop.NetworkManager.enable-disable-connectivity-check
-VALUE:unknown
 PERMISSION:org.freedesktop.NetworkManager.wifi.scan
 VALUE:unknown
+PERMISSION:org.freedesktop.NetworkManager.wifi.share.open
+VALUE:[32myes[0m
+PERMISSION:org.freedesktop.NetworkManager.wifi.share.protected
+VALUE:[32myes[0m
 
 <<<
diff --git a/clients/tui/meson.build b/clients/tui/meson.build
index 8948d6ff35..db6bd429fd 100644
--- a/clients/tui/meson.build
+++ b/clients/tui/meson.build
@@ -51,6 +51,7 @@ deps = [
   libnmc_base_dep,
   libnmc_dep,
   libnmt_newt_dep,
+  libnm_libnm_aux_dep,
 ]
 
 executable(
diff --git a/clients/tui/nm-editor-bindings.c b/clients/tui/nm-editor-bindings.c
index 00a34fbfbf..8e6c9600d7 100644
--- a/clients/tui/nm-editor-bindings.c
+++ b/clients/tui/nm-editor-bindings.c
@@ -595,6 +595,9 @@ get_security_type (NMEditorWirelessSecurityMethodBinding *binding)
 	if (!strcmp (key_mgmt, "sae"))
 		return "wpa3-personal";
 
+	if (!strcmp (key_mgmt, "owe"))
+		return "owe";
+
 	if (!strcmp (key_mgmt, "wpa-eap"))
 		return "wpa-enterprise";
 
@@ -705,6 +708,12 @@ wireless_security_target_changed (GObject    *object,
 		              NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, NULL,
 		              NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, NM_WEP_KEY_TYPE_UNKNOWN,
 		              NULL);
+	} else if (!strcmp (method, "owe")) {
+		g_object_set (binding->s_wsec,
+		              NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe",
+		              NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, NULL,
+		              NM_SETTING_WIRELESS_SECURITY_WEP_KEY_TYPE, NM_WEP_KEY_TYPE_UNKNOWN,
+		              NULL);
 	} else if (!strcmp (method, "wpa-enterprise")) {
 		g_object_set (binding->s_wsec,
 		              NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-eap",
diff --git a/clients/tui/nmt-page-wifi.c b/clients/tui/nmt-page-wifi.c
index 2e738ac695..9494423b77 100644
--- a/clients/tui/nmt-page-wifi.c
+++ b/clients/tui/nmt-page-wifi.c
@@ -72,6 +72,7 @@ static NmtNewtPopupEntry wifi_security[] = {
 	{ N_("WEP 128-bit Passphrase"),            "wep-passphrase" },
 	{ N_("Dynamic WEP (802.1x)"),              "dynamic-wep" },
 	{ N_("LEAP"),                              "leap" },
+	{ N_("Enhanced Open (OWE)"),                     "owe" },
 	{ NULL, NULL }
 };
 
diff --git a/clients/tui/nmtui.c b/clients/tui/nmtui.c
index e9d2ab506b..a6ea6f7f52 100644
--- a/clients/tui/nmtui.c
+++ b/clients/tui/nmtui.c
@@ -18,6 +18,8 @@
 #include <locale.h>
 #include <stdlib.h>
 
+#include "nm-libnm-aux/nm-libnm-aux.h"
+
 #include "nmt-newt.h"
 #include "nm-editor-bindings.h"
 
@@ -231,8 +233,11 @@ main (int argc, char **argv)
 
 	nm_editor_bindings_init ();
 
-	nm_client = nm_client_new (NULL, &error);
-	if (!nm_client) {
+	if (!nmc_client_new_waitsync (NULL,
+	                              &nm_client,
+	                              &error,
+	                              NM_CLIENT_INSTANCE_FLAGS, (guint) NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS,
+	                              NULL)) {
 		g_printerr (_("Could not contact NetworkManager: %s.\n"), error->message);
 		g_error_free (error);
 		exit (1);
diff --git a/config.h.meson b/config.h.meson
index 0a83f82568..a2874f7703 100644
--- a/config.h.meson
+++ b/config.h.meson
@@ -251,3 +251,7 @@
 
 /* Define to `int' if <sys/types.h> does not define. */
 #mesondefine pid_t
+
+#mesondefine HAVE_PIDFD_OPEN
+#mesondefine HAVE_PIDFD_SEND_SIGNAL
+#mesondefine HAVE_RT_SIGQUEUEINFO
diff --git a/configure.ac b/configure.ac
index 2579377775..24b3f7c435 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,8 +7,8 @@ dnl  - add corresponding NM_VERSION_x_y_z macros in
 dnl    "shared/nm-version-macros.h.in"
 dnl  - update number in meson.build
 m4_define([nm_major_version], [1])
-m4_define([nm_minor_version], [22])
-m4_define([nm_micro_version], [0])
+m4_define([nm_minor_version], [23])
+m4_define([nm_micro_version], [1])
 m4_define([nm_version],
           [nm_major_version.nm_minor_version.nm_micro_version])
 
@@ -91,6 +91,33 @@ AC_CHECK_DECLS([
 #include <sys/mman.h>
 ]])
 
+AC_CHECK_DECLS([
+	pidfd_open],
+	[], [], [[
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/wait.h>
+]])
+
+AC_CHECK_DECLS([
+	pidfd_send_signal],
+	[], [], [[
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/wait.h>
+]])
+
+AC_CHECK_DECLS([
+	rt_sigqueueinfo],
+	[], [], [[
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/wait.h>
+]])
+
 AC_CHECK_HEADERS(sys/auxv.h)
 
 AC_CHECK_DECLS([getrandom],
diff --git a/libnm-core/nm-core-internal.h b/libnm-core/nm-core-internal.h
index b7222df20a..1e5ee63790 100644
--- a/libnm-core/nm-core-internal.h
+++ b/libnm-core/nm-core-internal.h
@@ -389,15 +389,6 @@ GVariant *_nm_dbus_proxy_call_finish (GDBusProxy           *proxy,
                                       const GVariantType   *reply_type,
                                       GError              **error);
 
-GVariant *_nm_dbus_proxy_call_sync   (GDBusProxy           *proxy,
-                                      const char           *method_name,
-                                      GVariant             *parameters,
-                                      const GVariantType   *reply_type,
-                                      GDBusCallFlags        flags,
-                                      int                   timeout_msec,
-                                      GCancellable         *cancellable,
-                                      GError              **error);
-
 GVariant * _nm_dbus_connection_call_finish (GDBusConnection *dbus_connection,
                                             GAsyncResult *result,
                                             const GVariantType *reply_type,
diff --git a/libnm-core/nm-dbus-interface.h b/libnm-core/nm-dbus-interface.h
index 35f2335f56..3e4c1b616c 100644
--- a/libnm-core/nm-dbus-interface.h
+++ b/libnm-core/nm-dbus-interface.h
@@ -342,6 +342,8 @@ typedef enum { /*< underscore_name=nm_802_11_ap_flags, flags >*/
  * is supported
  * @NM_802_11_AP_SEC_KEY_MGMT_SAE: WPA/RSN Simultaneous Authentication of Equals is
  * supported
+ * @NM_802_11_AP_SEC_KEY_MGMT_OWE: WPA/RSN Opportunistic Wireless Encryption is
+ * supported
  *
  * 802.11 access point security and authentication flags.  These flags describe
  * the current security requirements of an access point as determined from the
@@ -360,6 +362,7 @@ typedef enum { /*< underscore_name=nm_802_11_ap_security_flags, flags >*/
 	NM_802_11_AP_SEC_KEY_MGMT_PSK    = 0x00000100,
 	NM_802_11_AP_SEC_KEY_MGMT_802_1X = 0x00000200,
 	NM_802_11_AP_SEC_KEY_MGMT_SAE    = 0x00000400,
+	NM_802_11_AP_SEC_KEY_MGMT_OWE    = 0x00000800,
 } NM80211ApSecurityFlags;
 
 /**
@@ -1174,4 +1177,85 @@ typedef enum { /*< flags >*/
 	NM_DEVICE_INTERFACE_FLAG_CARRIER     = 0x10000,
 } NMDeviceInterfaceFlags;
 
+/**
+ * NMClientPermission:
+ * @NM_CLIENT_PERMISSION_NONE: unknown or no permission
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK: controls whether networking
+ *  can be globally enabled or disabled
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI: controls whether Wi-Fi can be
+ *  globally enabled or disabled
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN: controls whether WWAN (3G) can be
+ *  globally enabled or disabled
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX: controls whether WiMAX can be
+ *  globally enabled or disabled
+ * @NM_CLIENT_PERMISSION_SLEEP_WAKE: controls whether the client can ask
+ *  NetworkManager to sleep and wake
+ * @NM_CLIENT_PERMISSION_NETWORK_CONTROL: controls whether networking connections
+ *  can be started, stopped, and changed
+ * @NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED: controls whether a password
+ *  protected Wi-Fi hotspot can be created
+ * @NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN: controls whether an open Wi-Fi hotspot
+ *  can be created
+ * @NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM: controls whether connections
+ *  that are available to all users can be modified
+ * @NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN: controls whether connections
+ *  owned by the current user can be modified
+ * @NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME: controls whether the
+ *  persistent hostname can be changed
+ * @NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS: modify persistent global
+ *  DNS configuration
+ * @NM_CLIENT_PERMISSION_RELOAD: controls access to Reload.
+ * @NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK: permission to create checkpoints.
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS: controls whether device
+ *  statistics can be globally enabled or disabled
+ * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK: controls whether
+ *  connectivity check can be enabled or disabled
+ * @NM_CLIENT_PERMISSION_WIFI_SCAN: controls whether wifi scans can be performed
+ * @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
+ *
+ * #NMClientPermission values indicate various permissions that NetworkManager
+ * clients can obtain to perform certain tasks on behalf of the current user.
+ **/
+typedef enum {
+	NM_CLIENT_PERMISSION_NONE = 0,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK = 1,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI = 2,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN = 3,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX = 4,
+	NM_CLIENT_PERMISSION_SLEEP_WAKE = 5,
+	NM_CLIENT_PERMISSION_NETWORK_CONTROL = 6,
+	NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED = 7,
+	NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN = 8,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM = 9,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN = 10,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME = 11,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS = 12,
+	NM_CLIENT_PERMISSION_RELOAD = 13,
+	NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK = 14,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 15,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK = 16,
+	NM_CLIENT_PERMISSION_WIFI_SCAN = 17,
+
+	NM_CLIENT_PERMISSION_LAST = 17,
+} NMClientPermission;
+
+/**
+ * NMClientPermissionResult:
+ * @NM_CLIENT_PERMISSION_RESULT_UNKNOWN: unknown or no authorization
+ * @NM_CLIENT_PERMISSION_RESULT_YES: the permission is available
+ * @NM_CLIENT_PERMISSION_RESULT_AUTH: authorization is necessary before the
+ *  permission is available
+ * @NM_CLIENT_PERMISSION_RESULT_NO: permission to perform the operation is
+ *  denied by system policy
+ *
+ * #NMClientPermissionResult values indicate what authorizations and permissions
+ * the user requires to obtain a given #NMClientPermission
+ **/
+typedef enum {
+	NM_CLIENT_PERMISSION_RESULT_UNKNOWN = 0,
+	NM_CLIENT_PERMISSION_RESULT_YES,
+	NM_CLIENT_PERMISSION_RESULT_AUTH,
+	NM_CLIENT_PERMISSION_RESULT_NO
+} NMClientPermissionResult;
+
 #endif /* __NM_DBUS_INTERFACE_H__ */
diff --git a/libnm-core/nm-dbus-utils.c b/libnm-core/nm-dbus-utils.c
index 8309294800..72b9fe1f44 100644
--- a/libnm-core/nm-dbus-utils.c
+++ b/libnm-core/nm-dbus-utils.c
@@ -221,52 +221,6 @@ _nm_dbus_proxy_call_finish (GDBusProxy          *proxy,
 	return variant;
 }
 
-/**
- * _nm_dbus_proxy_call_sync:
- * @proxy: A #GDBusProxy.
- * @method_name: Name of method to invoke.
- * @parameters: (allow-none): A #GVariant tuple with parameters for the signal
- *   or %NULL if not passing parameters.
- * @reply_type: (allow-none): the expected type of the reply, or %NULL
- * @flags: Flags from the #GDBusCallFlags enumeration.
- * @timeout_msec: The timeout in milliseconds (with %G_MAXINT meaning
- *   "infinite") or -1 to use the proxy default timeout.
- * @cancellable: (allow-none): A #GCancellable or %NULL.
- * @error: Return location for error or %NULL.
- *
- * Synchronously invokes the @method_name method on @proxy, as with
- * g_dbus_proxy_call_sync(), except that if @reply_type is non-%NULL, then the
- * reply to the call will be checked against it, and an error returned if it
- * does not match.
- *
- * Returns: %NULL if @error is set. Otherwise a #GVariant tuple with
- * return values. Free with g_variant_unref().
- */
-GVariant *
-_nm_dbus_proxy_call_sync (GDBusProxy          *proxy,
-                          const char          *method_name,
-                          GVariant            *parameters,
-                          const GVariantType  *reply_type,
-                          GDBusCallFlags       flags,
-                          int                  timeout_msec,
-                          GCancellable        *cancellable,
-                          GError             **error)
-{
-	GVariant *variant;
-
-	variant = g_dbus_proxy_call_sync (proxy,
-	                                  method_name,
-	                                  parameters,
-	                                  flags,
-	                                  timeout_msec,
-	                                  cancellable,
-	                                  error);
-	if (   variant
-	    && !_nm_dbus_typecheck_response (variant, reply_type, error))
-		nm_clear_pointer (&variant, g_variant_unref);
-	return variant;
-}
-
 GVariant *
 _nm_dbus_connection_call_finish (GDBusConnection *dbus_connection,
                                  GAsyncResult *result,
diff --git a/libnm-core/nm-setting-connection.c b/libnm-core/nm-setting-connection.c
index a13e3f237a..ef33ecc138 100644
--- a/libnm-core/nm-setting-connection.c
+++ b/libnm-core/nm-setting-connection.c
@@ -2173,13 +2173,16 @@ nm_setting_connection_class_init (NMSettingConnectionClass *klass)
 	 *
 	 * Whether mDNS is enabled for the connection.
 	 *
-	 * The permitted values are: yes: register hostname and resolving
-	 * for the connection, no: disable mDNS for the interface, resolve:
-	 * do not register hostname but allow resolving of mDNS host names.
-	 *
-	 * This feature requires a plugin which supports mDNS. One such
-	 * plugin is dns-systemd-resolved.
+	 * The permitted values are: "yes" (2) register hostname and resolving
+	 * for the connection, "no" (0) disable mDNS for the interface, "resolve"
+	 * (1) do not register hostname but allow resolving of mDNS host names
+	 * and "default" (-1) to allow lookup of a global default in NetworkManager.conf.
+	 * If unspecified, "default" ultimately depends on the DNS plugin (which
+	 * for systemd-resolved currently means "no").
 	 *
+	 * This feature requires a plugin which supports mDNS. Otherwise the
+	 * setting has no effect. One such plugin is dns-systemd-resolved.
+*
 	 * Since: 1.12
 	 **/
 	/* ---ifcfg-rh---
@@ -2206,12 +2209,14 @@ nm_setting_connection_class_init (NMSettingConnectionClass *klass)
 	 * System (DNS) packet format that allows both IPv4 and IPv6 hosts
 	 * to perform name resolution for hosts on the same local link.
 	 *
-	 * The permitted values are: yes: register hostname and resolving
-	 * for the connection, no: disable LLMNR for the interface, resolve:
-	 * do not register hostname but allow resolving of LLMNR host names.
+	 * The permitted values are: "yes" (2) register hostname and resolving
+	 * for the connection, "no" (0) disable LLMNR for the interface, "resolve"
+	 * (1) do not register hostname but allow resolving of LLMNR host names
+	 * If unspecified, "default" ultimately depends on the DNS plugin (which
+	 * for systemd-resolved currently means "yes").
 	 *
-	 * This feature requires a plugin which supports LLMNR. One such
-	 * plugin is dns-systemd-resolved.
+	 * This feature requires a plugin which supports LLMNR. Otherwise the
+	 * setting has no effect. One such plugin is dns-systemd-resolved.
 	 *
 	 * Since: 1.14
 	 **/
diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c
index a634546ded..b0b96f9957 100644
--- a/libnm-core/nm-setting-wireless-security.c
+++ b/libnm-core/nm-setting-wireless-security.c
@@ -865,7 +865,8 @@ need_secrets (NMSetting *setting)
 	}
 
 	if (   (strcmp (priv->key_mgmt, "ieee8021x") == 0)
-	    || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) {
+	    || (strcmp (priv->key_mgmt, "wpa-eap") == 0)
+	    || (strcmp (priv->key_mgmt, "owe") == 0)) {
 		/* Let caller check the 802.1x setting for secrets */
 		goto no_secrets;
 	}
@@ -884,7 +885,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 {
 	NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting);
 	NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
-	const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-psk", "wpa-eap", "sae", NULL };
+	const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-psk", "wpa-eap", "sae", "owe", NULL };
 	const char *valid_auth_algs[] = { "open", "shared", "leap", NULL };
 	const char *valid_protos[] = { "wpa", "rsn", NULL };
 	const char *valid_pairwise[] = { "tkip", "ccmp", NULL };
@@ -1054,7 +1055,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 	if (   NM_IN_SET (priv->pmf,
 	                  NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL,
 	                  NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)
-	    && !NM_IN_STRSET (priv->key_mgmt, "wpa-eap", "wpa-psk", "sae")) {
+	    && !NM_IN_STRSET (priv->key_mgmt, "wpa-eap", "wpa-psk", "sae", "owe")) {
 		g_set_error (error,
 		             NM_CONNECTION_ERROR,
 		             NM_CONNECTION_ERROR_INVALID_PROPERTY,
@@ -1429,7 +1430,8 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *klass)
 	 *
 	 * Key management used for the connection.  One of "none" (WEP),
 	 * "ieee8021x" (Dynamic WEP), "wpa-psk" (infrastructure WPA-PSK), "sae"
-	 * (SAE) or "wpa-eap" (WPA-Enterprise).  This property must be set for
+	 * (SAE), "owe" (Opportunistic Wireless Encryption) or "wpa-eap"
+	 * (WPA-Enterprise).  This property must be set for
 	 * any Wi-Fi connection that uses security.
 	 **/
 	/* ---ifcfg-rh---
diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c
index 1731673f9d..373a1a3b63 100644
--- a/libnm-core/nm-setting-wireless.c
+++ b/libnm-core/nm-setting-wireless.c
@@ -206,7 +206,8 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
 	/* WPA[2]-PSK and WPA[2] Enterprise */
 	if (   !strcmp (key_mgmt, "wpa-psk")
 	    || !strcmp (key_mgmt, "wpa-eap")
-	    || !strcmp (key_mgmt, "sae")) {
+	    || !strcmp (key_mgmt, "sae")
+	    || !strcmp (key_mgmt, "owe")) {
 
 		if (!strcmp (key_mgmt, "wpa-psk")) {
 			if (   !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK)
@@ -220,6 +221,10 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
 			if (   !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_SAE)
 			    && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_SAE))
 				return FALSE;
+		} else if (!strcmp (key_mgmt, "owe")) {
+			if (   !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_OWE)
+			    && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_OWE))
+				return FALSE;
 		}
 
 		// FIXME: should handle WPA and RSN separately here to ensure that
diff --git a/libnm-core/nm-utils.c b/libnm-core/nm-utils.c
index 4659734b6b..bb79476fa1 100644
--- a/libnm-core/nm-utils.c
+++ b/libnm-core/nm-utils.c
@@ -1120,6 +1120,7 @@ nm_utils_ap_mode_security_valid (NMUtilsSecurityType type,
 	case NMU_SEC_WPA_PSK:
 	case NMU_SEC_WPA2_PSK:
 	case NMU_SEC_SAE:
+	case NMU_SEC_OWE:
 		return TRUE;
 	default:
 		break;
@@ -1300,6 +1301,16 @@ nm_utils_security_valid (NMUtilsSecurityType type,
 			return FALSE;
 		}
 		break;
+	case NMU_SEC_OWE:
+		if (adhoc)
+			return FALSE;
+		if (!(wifi_caps & NM_WIFI_DEVICE_CAP_RSN))
+			return FALSE;
+		if (have_ap) {
+			if (!(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_OWE))
+				return FALSE;
+		}
+		break;
 	default:
 		good = FALSE;
 		break;
diff --git a/libnm-core/nm-utils.h b/libnm-core/nm-utils.h
index 5418a1e69d..4cbf24abad 100644
--- a/libnm-core/nm-utils.h
+++ b/libnm-core/nm-utils.h
@@ -51,6 +51,7 @@ char *      nm_utils_ssid_to_utf8  (const guint8 *ssid, gsize len);
  * @NMU_SEC_WPA2_PSK: WPA2/RSN is used with Pre-Shared Keys (PSK)
  * @NMU_SEC_WPA2_ENTERPRISE: WPA2 is used with 802.1x authentication
  * @NMU_SEC_SAE: is used with WPA3 Enterprise
+ * @NMU_SEC_OWE: is used with Enhanced Open
  *
  * Describes generic security mechanisms that 802.11 access points may offer.
  * Used with nm_utils_security_valid() for checking whether a given access
@@ -67,6 +68,7 @@ typedef enum {
 	NMU_SEC_WPA2_PSK,
 	NMU_SEC_WPA2_ENTERPRISE,
 	NMU_SEC_SAE,
+	NMU_SEC_OWE,
 } NMUtilsSecurityType;
 
 gboolean nm_utils_security_valid (NMUtilsSecurityType type,
diff --git a/libnm-core/nm-version.h b/libnm-core/nm-version.h
index 3180c7e26a..e8a94db648 100644
--- a/libnm-core/nm-version.h
+++ b/libnm-core/nm-version.h
@@ -215,6 +215,20 @@
 # define NM_AVAILABLE_IN_1_22
 #endif
 
+#if NM_VERSION_MIN_REQUIRED >= NM_VERSION_1_24
+# define NM_DEPRECATED_IN_1_24           G_DEPRECATED
+# define NM_DEPRECATED_IN_1_24_FOR(f)    G_DEPRECATED_FOR(f)
+#else
+# define NM_DEPRECATED_IN_1_24
+# define NM_DEPRECATED_IN_1_24_FOR(f)
+#endif
+
+#if NM_VERSION_MAX_ALLOWED < NM_VERSION_1_24
+# define NM_AVAILABLE_IN_1_24            G_UNAVAILABLE(1,24)
+#else
+# define NM_AVAILABLE_IN_1_24
+#endif
+
 /*
  * Synchronous API for calling D-Bus in libnm is deprecated. See
  * https://developer.gnome.org/libnm/stable/usage.html#sync-api
diff --git a/libnm/libnm.ver b/libnm/libnm.ver
index fb5a4f64df..d2af078d8d 100644
--- a/libnm/libnm.ver
+++ b/libnm/libnm.ver
@@ -1652,3 +1652,10 @@ global:
 	nm_setting_gsm_get_auto_config;
 	nm_setting_ip_config_get_dhcp_hostname_flags;
 } libnm_1_20_0;
+
+libnm_1_24_0 {
+global:
+	nm_client_get_instance_flags;
+	nm_client_get_permissions_state;
+	nm_client_instance_flags_get_type;
+} libnm_1_22_0;
diff --git a/libnm/meson.build b/libnm/meson.build
index 51ca46d2bc..7680b9ebe0 100644
--- a/libnm/meson.build
+++ b/libnm/meson.build
@@ -278,3 +278,21 @@ endif
 if enable_tests
   subdir('tests')
 endif
+
+libnm_libnm_aux = static_library(
+  'nm-libnm-aux',
+  sources: nm_libnm_aux_source,
+  c_args: [
+    '-DG_LOG_DOMAIN="@0@"'.format('libnmc'),
+    '-DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_CLIENT',
+  ],
+  dependencies: [
+    libnm_core_nm_default_dep,
+    libnm_dep,
+  ],
+)
+
+libnm_libnm_aux_dep = declare_dependency(
+  include_directories: [shared_inc],
+  link_with: [libnm_libnm_aux],
+)
diff --git a/libnm/nm-client.c b/libnm/nm-client.c
index 1a1ed25694..4dd0c222e1 100644
--- a/libnm/nm-client.c
+++ b/libnm/nm-client.c
@@ -195,6 +195,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMClient,
 	PROP_DBUS_CONNECTION,
 	PROP_DBUS_NAME_OWNER,
 	PROP_VERSION,
+	PROP_INSTANCE_FLAGS,
 	PROP_STATE,
 	PROP_STARTUP,
 	PROP_NM_RUNNING,
@@ -222,6 +223,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMClient,
 	PROP_DNS_RC_MANAGER,
 	PROP_DNS_CONFIGURATION,
 	PROP_CHECKPOINTS,
+	PROP_PERMISSIONS_STATE,
 );
 
 enum {
@@ -278,7 +280,7 @@ typedef struct {
 	NMLDBusObject *dbobj_settings;
 	NMLDBusObject *dbobj_dns_manager;
 
-	GHashTable *permissions;
+	guint8 *permissions;
 	GCancellable *permissions_cancellable;
 
 	char *name_owner;
@@ -290,6 +292,12 @@ typedef struct {
 	guint dbsid_nm_vpn_connection_state_changed;
 	guint dbsid_nm_check_permissions;
 
+	NMClientInstanceFlags instance_flags:3;
+
+	NMTernary permissions_state:3;
+
+	bool instance_flags_constructed:1;
+
 	bool udev_inited:1;
 	bool notify_event_lst_changed:1;
 	bool check_dbobj_visible_all:1;
@@ -3311,27 +3319,35 @@ _dbus_nm_vpn_connection_state_changed_cb (GDBusConnection *connection,
 
 static void
 _emit_permissions_changed (NMClient *self,
-                           GHashTable *permissions,
-                           gboolean force_unknown)
+                           const guint8 *old_permissions,
+                           const guint8 *permissions)
 {
-	GHashTableIter iter;
-	gpointer key;
-	gpointer value;
+	int i;
 
-	if (!permissions)
-		return;
 	if (self->obj_base.is_disposing)
 		return;
 
-	g_hash_table_iter_init (&iter, permissions);
-	while (g_hash_table_iter_next (&iter, &key, &value)) {
+	if (old_permissions == permissions)
+		return;
+
+	for (i = 0; i < (int) G_N_ELEMENTS (nm_auth_permission_sorted); i++) {
+		NMClientPermission perm = nm_auth_permission_sorted[i];
+		NMClientPermissionResult perm_result = NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
+		NMClientPermissionResult perm_result_old = NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
+
+		if (permissions)
+			perm_result = permissions[perm - 1];
+		if (old_permissions)
+			perm_result_old = old_permissions[perm - 1];
+
+		if (perm_result == perm_result_old)
+			continue;
+
 		g_signal_emit (self,
 		               signals[PERMISSION_CHANGED],
 		               0,
-		               GPOINTER_TO_UINT (key),
-		                 force_unknown
-		               ? (guint) NM_CLIENT_PERMISSION_NONE
-		               : GPOINTER_TO_UINT (value));
+		               (guint) perm,
+		               (guint) perm_result);
 	}
 }
 
@@ -3344,10 +3360,11 @@ _dbus_check_permissions_start_cb (GObject *source, GAsyncResult *result, gpointe
 	NMClientPrivate *priv;
 	gs_unref_variant GVariant *ret = NULL;
 	nm_auto_free_variant_iter GVariantIter *v_permissions = NULL;
-	gs_unref_hashtable GHashTable *old_permissions = NULL;
+	gs_free guint8 *old_permissions = NULL;
 	gs_free_error GError *error = NULL;
 	const char *pkey;
 	const char *pvalue;
+	int i;
 
 	ret = g_dbus_connection_call_finish (G_DBUS_CONNECTION (source), result, &error);
 	if (   !ret
@@ -3359,63 +3376,73 @@ _dbus_check_permissions_start_cb (GObject *source, GAsyncResult *result, gpointe
 
 	g_clear_object (&priv->permissions_cancellable);
 
+	old_permissions = g_steal_pointer (&priv->permissions);
+
 	if (!ret) {
+		/* when the call completes, we always pretend success. Even a failure means
+		 * that we fetched the permissions, however they are all unknown. */
 		NML_NMCLIENT_LOG_T (self, "GetPermissions call failed: %s", error->message);
-		return;
+		goto out;
 	}
 
 	NML_NMCLIENT_LOG_T (self, "GetPermissions call finished with success");
 
-	/* get list of old permissions for change notification */
-	old_permissions = g_steal_pointer (&priv->permissions);
-	priv->permissions = g_hash_table_new (nm_direct_hash, NULL);
-
 	g_variant_get (ret, "(a{ss})", &v_permissions);
 	while (g_variant_iter_next (v_permissions, "{&s&s}", &pkey, &pvalue)) {
 		NMClientPermission perm;
 		NMClientPermissionResult perm_result;
 
-		perm = nm_permission_to_client (pkey);
+		perm = nm_auth_permission_from_string (pkey);
 		if (perm == NM_CLIENT_PERMISSION_NONE)
 			continue;
 
-		perm_result = nm_permission_result_to_client (pvalue);
+		perm_result = nm_client_permission_result_from_string (pvalue);
 
-		g_hash_table_insert (priv->permissions,
-		                     GUINT_TO_POINTER (perm),
-		                     GUINT_TO_POINTER (perm_result));
-		if (old_permissions) {
-			g_hash_table_remove (old_permissions,
-			                     GUINT_TO_POINTER (perm));
+		if (!priv->permissions) {
+			if (perm_result == NM_CLIENT_PERMISSION_RESULT_UNKNOWN)
+				continue;
+			priv->permissions = g_new (guint8, G_N_ELEMENTS (nm_auth_permission_sorted));
+			for (i = 0; i < (int) G_N_ELEMENTS (nm_auth_permission_sorted); i++)
+				priv->permissions[i] = NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
 		}
+		priv->permissions[perm - 1] = perm_result;
 	}
 
+out:
+	priv->permissions_state = NM_TERNARY_TRUE;
+
 	dbus_context = nm_g_main_context_push_thread_default_if_necessary (priv->main_context);
-	_emit_permissions_changed (self, priv->permissions, FALSE);
-	_emit_permissions_changed (self, old_permissions, TRUE);
+	_emit_permissions_changed (self, old_permissions, priv->permissions);
+	_notify (self, PROP_PERMISSIONS_STATE);
 }
 
 static void
 _dbus_check_permissions_start (NMClient *self)
 {
 	NMClientPrivate *priv = NM_CLIENT_GET_PRIVATE (self);
+	gboolean fetch;
+
+	fetch = !NM_FLAGS_HAS ((NMClientInstanceFlags) priv->instance_flags,
+	                       NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS);
 
 	nm_clear_g_cancellable (&priv->permissions_cancellable);
-	priv->permissions_cancellable = g_cancellable_new ();
 
-	NML_NMCLIENT_LOG_T (self, "GetPermissions() call started...");
+	if (fetch) {
+		NML_NMCLIENT_LOG_T (self, "GetPermissions() call started...");
 
-	_nm_client_dbus_call_simple (self,
-	                             priv->permissions_cancellable,
-	                             NM_DBUS_PATH,
-	                             NM_DBUS_INTERFACE,
-	                             "GetPermissions",
-	                             g_variant_new ("()"),
-	                             G_VARIANT_TYPE ("(a{ss})"),
-	                             G_DBUS_CALL_FLAGS_NONE,
-	                             NM_DBUS_DEFAULT_TIMEOUT_MSEC,
-	                             _dbus_check_permissions_start_cb,
-	                             self);
+		priv->permissions_cancellable = g_cancellable_new ();
+		_nm_client_dbus_call_simple (self,
+		                             priv->permissions_cancellable,
+		                             NM_DBUS_PATH,
+		                             NM_DBUS_INTERFACE,
+		                             "GetPermissions",
+		                             g_variant_new ("()"),
+		                             G_VARIANT_TYPE ("(a{ss})"),
+		                             G_DBUS_CALL_FLAGS_NONE,
+		                             NM_DBUS_DEFAULT_TIMEOUT_MSEC,
+		                             _dbus_check_permissions_start_cb,
+		                             self);
+	}
 }
 
 static void
@@ -3428,6 +3455,7 @@ _dbus_nm_check_permissions_cb (GDBusConnection *connection,
                                gpointer user_data)
 {
 	NMClient *self = user_data;
+	NMClientPrivate *priv = NM_CLIENT_GET_PRIVATE (self);
 
 	if (!g_variant_is_of_type (parameters, G_VARIANT_TYPE ("()"))) {
 		NML_NMCLIENT_LOG_E (self, "ignore CheckPermissions signal with unexpected signature %s",
@@ -3436,6 +3464,10 @@ _dbus_nm_check_permissions_cb (GDBusConnection *connection,
 	}
 
 	_dbus_check_permissions_start (self);
+
+	if (priv->permissions_state == NM_TERNARY_TRUE)
+		priv->permissions_state = NM_TERNARY_FALSE;
+	_notify (self, PROP_PERMISSIONS_STATE);
 }
 
 /*****************************************************************************/
@@ -3749,6 +3781,22 @@ _request_wait_finish (NMClient *client,
 /*****************************************************************************/
 
 /**
+ * nm_client_get_instance_flags:
+ * @self: the #NMClient instance.
+ *
+ * Returns: the #NMClientInstanceFlags flags.
+ *
+ * Since: 1.24
+ */
+NMClientInstanceFlags
+nm_client_get_instance_flags (NMClient *self)
+{
+	g_return_val_if_fail (NM_IS_CLIENT (self), NM_CLIENT_INSTANCE_FLAGS_NONE);
+
+	return NM_CLIENT_GET_PRIVATE (self)->instance_flags;
+}
+
+/**
  * nm_client_get_dbus_connection:
  * @client: a #NMClient
  *
@@ -4271,18 +4319,39 @@ NMClientPermissionResult
 nm_client_get_permission_result (NMClient *client, NMClientPermission permission)
 {
 	NMClientPrivate *priv;
-	gpointer result;
+	NMClientPermissionResult result = NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
 
 	g_return_val_if_fail (NM_IS_CLIENT (client), NM_CLIENT_PERMISSION_RESULT_UNKNOWN);
 
-	priv = NM_CLIENT_GET_PRIVATE (client);
-	if (   !priv->permissions
-	    || !g_hash_table_lookup_extended (priv->permissions,
-	                                      GUINT_TO_POINTER (permission),
-	                                      NULL,
-	                                      &result))
-		return NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
-	return GPOINTER_TO_UINT (result);
+	if (   permission > NM_CLIENT_PERMISSION_NONE
+	    && permission <= NM_CLIENT_PERMISSION_LAST) {
+		priv = NM_CLIENT_GET_PRIVATE (client);
+		if (priv->permissions)
+			result = priv->permissions[permission - 1];
+	}
+
+	return result;
+}
+
+/**
+ * nm_client_get_permissions_state:
+ * @self: the #NMClient instance
+ *
+ * Returns: the state of the cached permissions. %NM_TERNARY_DEFAULT
+ *   means that no permissions result was yet received. All permissions
+ *   are unknown. %NM_TERNARY_TRUE means that the permissions got received
+ *   and are cached. %%NM_TERNARY_FALSE means that permissions are cached,
+ *   but they are invalided as as "CheckPermissions" signal was received
+ *   in the meantime.
+ *
+ * Since: 1.24
+ */
+NMTernary
+nm_client_get_permissions_state (NMClient *self)
+{
+	g_return_val_if_fail (NM_IS_CLIENT (self), NM_TERNARY_DEFAULT);
+
+	return NM_CLIENT_GET_PRIVATE (self)->permissions_state;
 }
 
 /**
@@ -6533,6 +6602,7 @@ _init_release_all (NMClient *self)
 	CList **dbus_objects_lst_heads;
 	NMLDBusObject *dbobj;
 	int i;
+	gboolean permissions_state_changed = FALSE;
 
 	NML_NMCLIENT_LOG_D (self, "release all");
 
@@ -6552,12 +6622,20 @@ _init_release_all (NMClient *self)
 	nm_clear_g_dbus_connection_signal (priv->dbus_connection,
 	                                   &priv->dbsid_nm_check_permissions);
 
+	if (priv->permissions_state != NM_TERNARY_DEFAULT) {
+		priv->permissions_state = NM_TERNARY_DEFAULT;
+		permissions_state_changed = TRUE;
+	}
+
 	if (priv->permissions) {
-		gs_unref_hashtable GHashTable *old_permissions = g_steal_pointer (&priv->permissions);
+		gs_free guint8 *old_permissions = g_steal_pointer (&priv->permissions);
 
-		_emit_permissions_changed (self, old_permissions, TRUE);
+		_emit_permissions_changed (self, old_permissions, NULL);
 	}
 
+	if (permissions_state_changed)
+		_notify (self, PROP_PERMISSIONS_STATE);
+
 	nm_assert (c_list_is_empty (&priv->obj_changed_lst_head));
 
 	dbus_objects_lst_heads = ((CList *[]) {
@@ -6927,6 +7005,9 @@ get_property (GObject *object, guint prop_id,
 	NMClientPrivate *priv = NM_CLIENT_GET_PRIVATE (object);
 
 	switch (prop_id) {
+	case PROP_INSTANCE_FLAGS:
+		g_value_set_uint (value, priv->instance_flags);
+		break;
 	case PROP_DBUS_CONNECTION:
 		g_value_set_object (value, priv->dbus_connection);
 		break;
@@ -7001,6 +7082,9 @@ get_property (GObject *object, guint prop_id,
 	case PROP_CHECKPOINTS:
 		g_value_take_boxed (value, _nm_utils_copy_object_array (nm_client_get_checkpoints (self)));
 		break;
+	case PROP_PERMISSIONS_STATE:
+		g_value_set_enum (value, priv->permissions_state);
+		break;
 
 	/* Settings properties. */
 	case PROP_CONNECTIONS:
@@ -7039,8 +7123,38 @@ set_property (GObject *object, guint prop_id,
 	NMClient *self = NM_CLIENT (object);
 	NMClientPrivate *priv = NM_CLIENT_GET_PRIVATE (self);
 	gboolean b;
+	guint v_uint;
 
 	switch (prop_id) {
+
+	case PROP_INSTANCE_FLAGS:
+		/* construct */
+
+		v_uint = g_value_get_uint (value);
+		g_return_if_fail (!NM_FLAGS_ANY (v_uint, ~((guint) NM_CLIENT_INSTANCE_FLAGS_ALL)));
+		v_uint &= ((guint) NM_CLIENT_INSTANCE_FLAGS_ALL);
+
+		if (!priv->instance_flags_constructed) {
+			priv->instance_flags_constructed = TRUE;
+			priv->instance_flags = v_uint;
+			nm_assert ((guint) priv->instance_flags == v_uint);
+		} else {
+			NMClientInstanceFlags flags = v_uint;
+
+			/* After object construction, we only allow to toggle certain flags and
+			 * ignore all other flags. */
+
+			if ((priv->instance_flags ^ flags) & NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS) {
+				if (NM_FLAGS_HAS (flags, NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS))
+					priv->instance_flags |= NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS;
+				else
+					priv->instance_flags &= ~NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS;
+				if (priv->dbsid_nm_check_permissions != 0)
+					_dbus_check_permissions_start (self);
+			}
+		}
+		break;
+
 	case PROP_DBUS_CONNECTION:
 		/* construct-only */
 		priv->dbus_connection = g_value_dup_object (value);
@@ -7223,6 +7337,8 @@ nm_client_init (NMClient *self)
 {
 	NMClientPrivate *priv = NM_CLIENT_GET_PRIVATE (self);
 
+	priv->permissions_state = NM_TERNARY_DEFAULT;
+
 	priv->context_busy_watcher = g_object_new (G_TYPE_OBJECT, NULL);
 
 	c_list_init (&self->obj_base.queue_notify_lst);
@@ -7372,7 +7488,7 @@ dispose (GObject *object)
 	nm_clear_pointer (&priv->dbus_context, g_main_context_unref);
 	nm_clear_pointer (&priv->main_context, g_main_context_unref);
 
-	nm_clear_pointer (&priv->permissions, g_hash_table_unref);
+	nm_clear_g_free (&priv->permissions);
 
 	g_clear_object (&priv->dbus_connection);
 
@@ -7474,6 +7590,30 @@ nm_client_class_init (NMClientClass *client_class)
 	                         G_PARAM_STATIC_STRINGS);
 
 	/**
+	 * NMClient:instance-flags:
+	 *
+	 * #NMClientInstanceFlags for the instance. These affect behavior of #NMClient.
+	 * This is a construct property and you may only set most flags only during
+	 * construction.
+	 *
+	 * The flag %NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS can be toggled any time,
+	 * even after constructing the instance. Note that you may want to watch NMClient:permissions-state
+	 * property to know whether permissions are ready. Note that permissions are only fetched
+	 * when NMClient has a D-Bus name owner.
+	 *
+	 * Since: 1.24
+	 */
+	obj_properties[PROP_INSTANCE_FLAGS] =
+	    g_param_spec_uint (NM_CLIENT_INSTANCE_FLAGS, "", "",
+	                       0,
+	                       G_MAXUINT32,
+	                       0,
+	                       G_PARAM_READABLE |
+	                       G_PARAM_WRITABLE |
+	                       G_PARAM_CONSTRUCT |
+	                       G_PARAM_STATIC_STRINGS);
+
+	/**
 	 * NMClient:dbus-name-owner:
 	 *
 	 * The name owner of the NetworkManager D-Bus service.
@@ -7832,6 +7972,32 @@ nm_client_class_init (NMClientClass *client_class)
 	                        G_PARAM_READABLE |
 	                        G_PARAM_STATIC_STRINGS);
 
+	/**
+	 * NMClient:permissions-state:
+	 *
+	 * The state of the cached permissions. The value %NM_TERNARY_DEFAULT
+	 * means that no permissions are yet received (or not yet requested).
+	 * %NM_TERNARY_TRUE means that permissions are received, cached and up
+	 * to date. %NM_TERNARY_FALSE means that permissions were received and are
+	 * cached, but in the meantime a "CheckPermissions" signal was received
+	 * that invalidated the cached permissions.
+	 * Note that NMClient will always emit a notify::permissions-state signal
+	 * when a "CheckPermissions" signal got received or after new permissions
+	 * got received (that is regardless whether the value of the permission state
+	 * actually changed). With this you can watch the permissions-state property
+	 * to know whether the permissions are ready. Note that while NMClient has
+	 * no D-Bus name owner, no permissions are fetched (and this property won't
+	 * change).
+	 *
+	 * Since: 1.24
+	 */
+	obj_properties[PROP_PERMISSIONS_STATE] =
+	    g_param_spec_enum (NM_CLIENT_PERMISSIONS_STATE, "", "",
+	                       NM_TYPE_TERNARY,
+	                       NM_TERNARY_DEFAULT,
+	                       G_PARAM_READABLE |
+	                       G_PARAM_STATIC_STRINGS);
+
 	_nml_dbus_meta_class_init_with_properties (object_class, &_nml_dbus_meta_iface_nm,
 	                                                         &_nml_dbus_meta_iface_nm_settings,
 	                                                         &_nml_dbus_meta_iface_nm_dnsmanager);
diff --git a/libnm/nm-client.h b/libnm/nm-client.h
index ad17bf3892..37bac38b8b 100644
--- a/libnm/nm-client.h
+++ b/libnm/nm-client.h
@@ -15,6 +15,23 @@
 
 G_BEGIN_DECLS
 
+/**
+ * NMClientInstanceFlags:
+ * @NM_CLIENT_INSTANCE_FLAGS_NONE: special value to indicate no flags.
+ * @NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS: by default, NMClient
+ *   will fetch the permissions via "GetPermissions" and refetch them when
+ *   "CheckPermissions" signal gets received. By setting this flag, this behavior
+ *   can be disabled. You can toggle this flag to enable and disable automatic
+ *   fetching of the permissions. Watch also nm_client_get_permissions_state()
+ *   to know whether the permissions are up to date.
+ *
+ * Since: 1.24
+ */
+typedef enum { /*< flags >*/
+	NM_CLIENT_INSTANCE_FLAGS_NONE                      = 0,
+	NM_CLIENT_INSTANCE_FLAGS_NO_AUTO_FETCH_PERMISSIONS = 1,
+} NMClientInstanceFlags;
+
 #define NM_TYPE_CLIENT            (nm_client_get_type ())
 #define NM_CLIENT(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_CLIENT, NMClient))
 #define NM_CLIENT_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_CLIENT, NMClientClass))
@@ -28,6 +45,7 @@ G_BEGIN_DECLS
 #define NM_CLIENT_NM_RUNNING      "nm-running"
 #define NM_CLIENT_DBUS_CONNECTION "dbus-connection"
 #define NM_CLIENT_DBUS_NAME_OWNER "dbus-name-owner"
+#define NM_CLIENT_INSTANCE_FLAGS  "instance-flags"
 
 _NM_DEPRECATED_SYNC_WRITABLE_PROPERTY
 #define NM_CLIENT_NETWORKING_ENABLED "networking-enabled"
@@ -63,6 +81,7 @@ _NM_DEPRECATED_SYNC_WRITABLE_PROPERTY
 #define NM_CLIENT_DNS_RC_MANAGER "dns-rc-manager"
 #define NM_CLIENT_DNS_CONFIGURATION "dns-configuration"
 #define NM_CLIENT_CHECKPOINTS "checkpoints"
+#define NM_CLIENT_PERMISSIONS_STATE "permissions-state"
 
 #define NM_CLIENT_DEVICE_ADDED "device-added"
 #define NM_CLIENT_DEVICE_REMOVED "device-removed"
@@ -75,87 +94,6 @@ _NM_DEPRECATED_SYNC_WRITABLE_PROPERTY
 #define NM_CLIENT_ACTIVE_CONNECTION_REMOVED "active-connection-removed"
 
 /**
- * NMClientPermission:
- * @NM_CLIENT_PERMISSION_NONE: unknown or no permission
- * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK: controls whether networking
- *  can be globally enabled or disabled
- * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI: controls whether Wi-Fi can be
- *  globally enabled or disabled
- * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN: controls whether WWAN (3G) can be
- *  globally enabled or disabled
- * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX: controls whether WiMAX can be
- *  globally enabled or disabled
- * @NM_CLIENT_PERMISSION_SLEEP_WAKE: controls whether the client can ask
- *  NetworkManager to sleep and wake
- * @NM_CLIENT_PERMISSION_NETWORK_CONTROL: controls whether networking connections
- *  can be started, stopped, and changed
- * @NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED: controls whether a password
- *  protected Wi-Fi hotspot can be created
- * @NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN: controls whether an open Wi-Fi hotspot
- *  can be created
- * @NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM: controls whether connections
- *  that are available to all users can be modified
- * @NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN: controls whether connections
- *  owned by the current user can be modified
- * @NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME: controls whether the
- *  persistent hostname can be changed
- * @NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS: modify persistent global
- *  DNS configuration
- * @NM_CLIENT_PERMISSION_RELOAD: controls access to Reload.
- * @NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK: permission to create checkpoints.
- * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS: controls whether device
- *  statistics can be globally enabled or disabled
- * @NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK: controls whether
- *  connectivity check can be enabled or disabled
- * @NM_CLIENT_PERMISSION_WIFI_SCAN: controls whether wifi scans can be performed
- * @NM_CLIENT_PERMISSION_LAST: a reserved boundary value
- *
- * #NMClientPermission values indicate various permissions that NetworkManager
- * clients can obtain to perform certain tasks on behalf of the current user.
- **/
-typedef enum {
-	NM_CLIENT_PERMISSION_NONE = 0,
-	NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK = 1,
-	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI = 2,
-	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN = 3,
-	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX = 4,
-	NM_CLIENT_PERMISSION_SLEEP_WAKE = 5,
-	NM_CLIENT_PERMISSION_NETWORK_CONTROL = 6,
-	NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED = 7,
-	NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN = 8,
-	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM = 9,
-	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN = 10,
-	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME = 11,
-	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS = 12,
-	NM_CLIENT_PERMISSION_RELOAD = 13,
-	NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK = 14,
-	NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS = 15,
-	NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK = 16,
-	NM_CLIENT_PERMISSION_WIFI_SCAN = 17,
-
-	NM_CLIENT_PERMISSION_LAST = 17,
-} NMClientPermission;
-
-/**
- * NMClientPermissionResult:
- * @NM_CLIENT_PERMISSION_RESULT_UNKNOWN: unknown or no authorization
- * @NM_CLIENT_PERMISSION_RESULT_YES: the permission is available
- * @NM_CLIENT_PERMISSION_RESULT_AUTH: authorization is necessary before the
- *  permission is available
- * @NM_CLIENT_PERMISSION_RESULT_NO: permission to perform the operation is
- *  denied by system policy
- *
- * #NMClientPermissionResult values indicate what authorizations and permissions
- * the user requires to obtain a given #NMClientPermission
- **/
-typedef enum {
-	NM_CLIENT_PERMISSION_RESULT_UNKNOWN = 0,
-	NM_CLIENT_PERMISSION_RESULT_YES,
-	NM_CLIENT_PERMISSION_RESULT_AUTH,
-	NM_CLIENT_PERMISSION_RESULT_NO
-} NMClientPermissionResult;
-
-/**
  * NMClientError:
  * @NM_CLIENT_ERROR_FAILED: unknown or unclassified error
  * @NM_CLIENT_ERROR_MANAGER_NOT_RUNNING: an operation that requires NetworkManager
@@ -214,6 +152,10 @@ void      nm_client_new_async  (GCancellable         *cancellable,
 NMClient *nm_client_new_finish (GAsyncResult         *result,
                                 GError              **error);
 
+
+NM_AVAILABLE_IN_1_24
+NMClientInstanceFlags nm_client_get_instance_flags (NMClient *self);
+
 NM_AVAILABLE_IN_1_22
 GDBusConnection *nm_client_get_dbus_connection (NMClient *client);
 
@@ -294,6 +236,9 @@ gboolean nm_client_set_logging (NMClient *client,
 NMClientPermissionResult nm_client_get_permission_result (NMClient *client,
                                                           NMClientPermission permission);
 
+NM_AVAILABLE_IN_1_24
+NMTernary nm_client_get_permissions_state (NMClient *self);
+
 NMConnectivityState nm_client_get_connectivity          (NMClient *client);
 
 _NM_DEPRECATED_SYNC_METHOD
diff --git a/libnm/nm-libnm-utils.c b/libnm/nm-libnm-utils.c
index 73de75e36b..f223545c78 100644
--- a/libnm/nm-libnm-utils.c
+++ b/libnm/nm-libnm-utils.c
@@ -93,8 +93,8 @@ _nml_dbus_log (NMLDBusLogLevel level,
 
 	g_printerr ("libnm-dbus: %s[%"G_GINT64_FORMAT".%05"G_GINT64_FORMAT"] %s\n",
 	            prefix,
-	            ts / NM_UTILS_NS_PER_SECOND,
-	            (ts / (NM_UTILS_NS_PER_SECOND / 10000)) % 10000,
+	            ts / NM_UTILS_NSEC_PER_SEC,
+	            (ts / (NM_UTILS_NSEC_PER_SEC / 10000)) % 10000,
 	            msg);
 }
 
@@ -663,88 +663,6 @@ nm_utils_fixup_product_string (const char *desc)
 
 /*****************************************************************************/
 
-NMClientPermission
-nm_permission_to_client (const char *nm)
-{
-	static const struct {
-		const char *name;
-		NMClientPermission perm;
-	} list[] = {
-		{ NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK,               NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK               },
-		{ NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK, NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK },
-		{ NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK,            NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK            },
-		{ NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS,         NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS         },
-		{ NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI,               NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI               },
-		{ NM_AUTH_PERMISSION_ENABLE_DISABLE_WIMAX,              NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX              },
-		{ NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN,               NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN               },
-		{ NM_AUTH_PERMISSION_NETWORK_CONTROL,                   NM_CLIENT_PERMISSION_NETWORK_CONTROL                   },
-		{ NM_AUTH_PERMISSION_RELOAD,                            NM_CLIENT_PERMISSION_RELOAD                            },
-		{ NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS,        NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS        },
-		{ NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME,          NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME          },
-		{ NM_AUTH_PERMISSION_SETTINGS_MODIFY_OWN,               NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN               },
-		{ NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM,            NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM            },
-		{ NM_AUTH_PERMISSION_SLEEP_WAKE,                        NM_CLIENT_PERMISSION_SLEEP_WAKE                        },
-		{ NM_AUTH_PERMISSION_WIFI_SCAN,                         NM_CLIENT_PERMISSION_WIFI_SCAN                         },
-		{ NM_AUTH_PERMISSION_WIFI_SHARE_OPEN,                   NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN                   },
-		{ NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED,              NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED              },
-	};
-	gssize idx;
-
-#if NM_MORE_ASSERTS > 10
-	{
-		static gboolean checked = FALSE;
-		int i, j;
-
-		if (!checked) {
-			checked = TRUE;
-
-			for (i = 0; i < G_N_ELEMENTS (list); i++) {
-
-				nm_assert (list[i].perm != NM_CLIENT_PERMISSION_NONE);
-				nm_assert (list[i].name && list[i].name[0]);
-				if (i > 0) {
-					if (strcmp (list[i - 1].name, list[i].name) >= 0) {
-						g_error ("list is not sorted by name: #%d (%s) should be after #%d (%s)",
-						         i - 1, list[i - 1].name, i, list[i].name);
-					}
-				}
-				for (j = i + 1; j < G_N_ELEMENTS (list); j++) {
-					nm_assert (list[i].perm != list[j].perm);
-				}
-			}
-		}
-	}
-#endif
-
-	if (nm) {
-		idx = nm_utils_array_find_binary_search (list,
-		                                         sizeof (list[0]),
-		                                         G_N_ELEMENTS (list),
-		                                         &nm,
-		                                         nm_strcmp_p_with_data,
-		                                         NULL);
-		if (idx >= 0)
-			return list[idx].perm;
-	}
-	return NM_CLIENT_PERMISSION_NONE;
-}
-
-NMClientPermissionResult
-nm_permission_result_to_client (const char *nm)
-{
-	if (!nm)
-		return NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
-	if (nm_streq (nm, "yes"))
-		return NM_CLIENT_PERMISSION_RESULT_YES;
-	if (nm_streq (nm, "no"))
-		return NM_CLIENT_PERMISSION_RESULT_NO;
-	if (nm_streq (nm, "auth"))
-		return NM_CLIENT_PERMISSION_RESULT_AUTH;
-	return NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
-}
-
-/*****************************************************************************/
-
 const NMLDBusMetaIface *const _nml_dbus_meta_ifaces[] = {
 	&_nml_dbus_meta_iface_nm,
 	&_nml_dbus_meta_iface_nm_accesspoint,
diff --git a/libnm/nm-libnm-utils.h b/libnm/nm-libnm-utils.h
index 8ac05d7076..db6f55ec0e 100644
--- a/libnm/nm-libnm-utils.h
+++ b/libnm/nm-libnm-utils.h
@@ -30,12 +30,6 @@ gboolean nm_utils_g_param_spec_is_default (const GParamSpec *pspec);
 
 /*****************************************************************************/
 
-NMClientPermission nm_permission_to_client (const char *nm);
-
-NMClientPermissionResult nm_permission_result_to_client (const char *nm);
-
-/*****************************************************************************/
-
 typedef enum {
 	_NML_DBUS_LOG_LEVEL_INITIALIZED = 0x01,
 
@@ -185,6 +179,8 @@ typedef enum {
 
 /*****************************************************************************/
 
+#define NM_CLIENT_INSTANCE_FLAGS_ALL ((NMClientInstanceFlags) 0x1)
+
 typedef struct {
 	GType (*get_o_type_fcn) (void);
 
diff --git a/libnm/nm-secret-agent-old.c b/libnm/nm-secret-agent-old.c
index f0836b2427..03aa87140f 100644
--- a/libnm/nm-secret-agent-old.c
+++ b/libnm/nm-secret-agent-old.c
@@ -486,7 +486,7 @@ _register_should_retry (NMSecretAgentOldPrivate *priv,
 
 	if (priv->registering_try_count++ == 0)
 		timeout_msec = 0;
-	else if (nm_utils_get_monotonic_timestamp_ms () < priv->registering_timeout_msec)
+	else if (nm_utils_get_monotonic_timestamp_msec () < priv->registering_timeout_msec)
 		timeout_msec = 1ULL * (1ULL << NM_MIN (7, priv->registering_try_count));
 	else
 		return FALSE;
@@ -545,7 +545,7 @@ nm_secret_agent_old_register (NMSecretAgentOld *self,
 	                                       error))
 		return FALSE;
 
-	priv->registering_timeout_msec = nm_utils_get_monotonic_timestamp_ms () + REGISTER_RETRY_TIMEOUT_MSEC;
+	priv->registering_timeout_msec = nm_utils_get_monotonic_timestamp_msec () + REGISTER_RETRY_TIMEOUT_MSEC;
 	priv->registering_try_count = 0;
 
 	while (TRUE) {
@@ -777,7 +777,7 @@ nm_secret_agent_old_register_async (NMSecretAgentOld *self,
 	}
 
 	priv->suppress_auto = FALSE;
-	priv->registering_timeout_msec = nm_utils_get_monotonic_timestamp_ms () + REGISTER_RETRY_TIMEOUT_MSEC;
+	priv->registering_timeout_msec = nm_utils_get_monotonic_timestamp_msec () + REGISTER_RETRY_TIMEOUT_MSEC;
 	priv->registering_try_count = 0;
 
 	_LOGT ("register: starting asynchronous registration...");
diff --git a/libnm/tests/test-libnm.c b/libnm/tests/test-libnm.c
index 345fbb07b8..90d0cf0d3f 100644
--- a/libnm/tests/test-libnm.c
+++ b/libnm/tests/test-libnm.c
@@ -22,6 +22,7 @@
 #include "nm-libnm-utils.h"
 #include "nm-object.h"
 #include "nm-vpn-service-plugin.h"
+#include "nm-libnm-core-intern/nm-libnm-core-utils.h"
 
 #include "nm-utils/nm-test-utils.h"
 
@@ -3064,6 +3065,49 @@ test_dbus_meta_types (void)
 		g_assert (meta_iface->get_type_fcn() == d->gtype);
 	}
 }
+
+/*****************************************************************************/
+
+static void
+test_nm_auth_permissions (void)
+{
+	int i, j;
+
+	G_STATIC_ASSERT (G_N_ELEMENTS (nm_auth_permission_names_by_idx) == NM_CLIENT_PERMISSION_LAST);
+	G_STATIC_ASSERT (G_N_ELEMENTS (nm_auth_permission_sorted) == NM_CLIENT_PERMISSION_LAST);
+
+	for (i = 0; i < NM_CLIENT_PERMISSION_LAST; i++) {
+		g_assert (nm_auth_permission_names_by_idx[i]);
+		g_assert (NM_STR_HAS_PREFIX (nm_auth_permission_names_by_idx[i], "org.freedesktop.NetworkManager."));
+		g_assert_cmpint (nm_auth_permission_sorted[i], >, 0);
+		g_assert_cmpint (nm_auth_permission_sorted[i], <=, NM_CLIENT_PERMISSION_LAST);
+		for (j = i + 1; j < NM_CLIENT_PERMISSION_LAST; j++) {
+			g_assert_cmpint (nm_auth_permission_sorted[i], !=, nm_auth_permission_sorted[j]);
+			g_assert_cmpstr (nm_auth_permission_names_by_idx[i], !=, nm_auth_permission_names_by_idx[j]);
+		}
+	}
+	for (i = 1; i < NM_CLIENT_PERMISSION_LAST; i++) {
+		NMClientPermission a = nm_auth_permission_sorted[i - 1];
+		NMClientPermission b = nm_auth_permission_sorted[i];
+		const char *s_a = nm_auth_permission_names_by_idx[a - 1];
+		const char *s_b = nm_auth_permission_names_by_idx[b - 1];
+
+		g_assert_cmpstr (s_a, <, s_b);
+		g_assert (a != b);
+		g_assert (s_a != s_b);
+	}
+	for (i = 1; i <= NM_CLIENT_PERMISSION_LAST; i++) {
+		const char *s = nm_auth_permission_to_string (i);
+
+		g_assert_cmpstr (s, ==, nm_auth_permission_names_by_idx[i - 1]);
+		g_assert (s == nm_auth_permission_names_by_idx[i - 1]);
+		g_assert_cmpint (nm_auth_permission_from_string (s), ==, i);
+	}
+	return;
+	for (i = 0; i < NM_CLIENT_PERMISSION_LAST; i++)
+		g_assert_cmpint (nm_auth_permission_from_string (nm_auth_permission_names_by_idx[i]), ==, i + 1);
+}
+
 /*****************************************************************************/
 
 NMTST_DEFINE ();
@@ -3078,6 +3122,7 @@ int main (int argc, char **argv)
 	g_test_add_func ("/libnm/general/test_types", test_types);
 	g_test_add_func ("/libnm/general/test_nml_dbus_meta", test_nml_dbus_meta);
 	g_test_add_func ("/libnm/general/test_dbus_meta_types", test_dbus_meta_types);
+	g_test_add_func ("/libnm/general/test_nm_auth_permissions", test_nm_auth_permissions);
 
 	return g_test_run ();
 }
diff --git a/libnm/tests/test-remote-settings-client.c b/libnm/tests/test-remote-settings-client.c
index 8483eca838..429eecb235 100644
--- a/libnm/tests/test-remote-settings-client.c
+++ b/libnm/tests/test-remote-settings-client.c
@@ -454,12 +454,12 @@ test_save_hostname (void)
 
 	nm_client_save_hostname_async (gl.client, "example.com", NULL, save_hostname_cb, &done);
 
-	until_ts = nm_utils_get_monotonic_timestamp_ms () + 5000;
+	until_ts = nm_utils_get_monotonic_timestamp_msec () + 5000;
 	while (TRUE) {
 		g_main_context_iteration (NULL, FALSE);
 		if (done)
 			break;
-		if (nm_utils_get_monotonic_timestamp_ms () >= until_ts)
+		if (nm_utils_get_monotonic_timestamp_msec () >= until_ts)
 			g_assert_not_reached ();
 	}
 
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml
index c0c05147a0..6d78ab161c 100644
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@@ -677,9 +677,11 @@ ipv6.ip6-privacy=0
         </varlistentry>
         <varlistentry>
           <term><varname>connection.llmnr</varname></term>
+          <listitem><para>If unspecified, the ultimate default values depends on the DNS plugin. With systemd-resolved the default currently is "yes" (2) and for all other plugins "no" (0).</para></listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>connection.mdns</varname></term>
+          <listitem><para>If unspecified, the ultimate default values depends on the DNS plugin. With systemd-resolved the default currently is "no" (0) and for all other plugins also "no" (0).</para></listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>connection.stable-id</varname></term>
diff --git a/meson.build b/meson.build
index 0af69f35d1..136b8a383c 100644
--- a/meson.build
+++ b/meson.build
@@ -4,7 +4,7 @@ project(
 #  - add corresponding NM_VERSION_x_y_z macros in
 #    "shared/nm-version-macros.h.in"
 #  - update number in configure.ac
-  version: '1.22.0',
+  version: '1.23.1',
   license: 'GPL2+',
   default_options: [
     'buildtype=debugoptimized',
@@ -110,8 +110,18 @@ use_sys_random = cc.has_function('getrandom', prefix: '#include <sys/random.h>')
 config_h.set10('USE_SYS_RANDOM_H', use_sys_random)
 config_h.set10('HAVE_GETRANDOM', use_sys_random or cc.has_function('getrandom', prefix: '#include <linux/random.h>'))
 
-# functions
-# FIXME secure_getenv check is not useful?
+config_h.set10('HAVE_PIDFD_OPEN', cc.has_function('pidfd_open', prefix: '''#include <stdlib.h>
+                                                                           #include <unistd.h>
+                                                                           #include <signal.h>
+                                                                           #include <sys/wait.h>'''))
+config_h.set10('HAVE_PIDFD_SEND_SIGNAL', cc.has_function('pidfd_send_signal', prefix: '''#include <stdlib.h>
+                                                                                         #include <unistd.h>
+                                                                                         #include <signal.h>
+                                                                                         #include <sys/wait.h>'''))
+config_h.set10('HAVE_RT_SIGQUEUEINFO', cc.has_function('rt_sigqueueinfo', prefix: '''#include <stdlib.h>
+                                                                                     #include <unistd.h>
+                                                                                     #include <signal.h>
+                                                                                     #include <sys/wait.h>'''))
 config_h.set('HAVE_SECURE_GETENV', cc.has_function('secure_getenv'))
 config_h.set('HAVE___SECURE_GETENV', cc.has_function('__secure_getenv'))
 config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include <malloc.h>'))
diff --git a/shared/meson.build b/shared/meson.build
index 5f96d49dc6..dd350cd0aa 100644
--- a/shared/meson.build
+++ b/shared/meson.build
@@ -111,6 +111,8 @@ nm_libnm_core_aux_source = files('nm-libnm-core-aux/nm-libnm-core-aux.c')
 
 nm_libnm_core_utils_source = files('nm-libnm-core-intern/nm-libnm-core-utils.c')
 
+nm_libnm_aux_source = files('nm-libnm-aux/nm-libnm-aux.c')
+
 nm_meta_setting_source = files('nm-meta-setting.c')
 
 nm_test_utils_impl_source = files('nm-test-utils-impl.c')
@@ -168,15 +170,14 @@ libnm_utils_base_dep = declare_dependency(
   link_with: libnm_utils_base,
 )
 
-deps = [
-  glib_nm_default_dep,
-  libudev_dep,
-]
 
 libnm_udev_aux = static_library(
   'nm-udev-aux',
   sources: 'nm-udev-aux/nm-udev-utils.c',
-  dependencies: deps,
+  dependencies: [
+    glib_nm_default_dep,
+    libudev_dep,
+  ],
   c_args: c_flags,
 )
 
@@ -186,10 +187,11 @@ libnm_udev_aux_dep = declare_dependency(
 )
 
 sources = files(
+  'systemd/nm-sd-utils-shared.c',
   'systemd/src/basic/alloc-util.c',
-  'systemd/src/basic/escape.c',
   'systemd/src/basic/env-file.c',
   'systemd/src/basic/env-util.c',
+  'systemd/src/basic/escape.c',
   'systemd/src/basic/ether-addr-util.c',
   'systemd/src/basic/extract-word.c',
   'systemd/src/basic/fd-util.c',
@@ -209,6 +211,7 @@ sources = files(
   'systemd/src/basic/prioq.c',
   'systemd/src/basic/process-util.c',
   'systemd/src/basic/random-util.c',
+  'systemd/src/basic/signal-util.c',
   'systemd/src/basic/socket-util.c',
   'systemd/src/basic/stat-util.c',
   'systemd/src/basic/string-table.c',
@@ -220,7 +223,6 @@ sources = files(
   'systemd/src/basic/utf8.c',
   'systemd/src/basic/util.c',
   'systemd/src/shared/dns-domain.c',
-  'systemd/nm-sd-utils-shared.c',
 )
 
 incs = include_directories(
@@ -256,5 +258,5 @@ libnm_systemd_logging_stub = static_library(
 )
 
 if enable_tests
-  subdir('nm-utils/tests')
+  subdir('nm-glib-aux/tests')
 endif
diff --git a/shared/nm-glib-aux/nm-shared-utils.c b/shared/nm-glib-aux/nm-shared-utils.c
index 8e1c8b5806..d7581f9a65 100644
--- a/shared/nm-glib-aux/nm-shared-utils.c
+++ b/shared/nm-glib-aux/nm-shared-utils.c
@@ -2223,7 +2223,7 @@ nm_utils_str_utf8safe_escape_take (char *str, NMUtilsStrUtf8SafeFlags flags)
 /* taken from systemd's fd_wait_for_event(). Note that the timeout
  * is here in nano-seconds, not micro-seconds. */
 int
-nm_utils_fd_wait_for_event (int fd, int event, gint64 timeout_ns)
+nm_utils_fd_wait_for_event (int fd, int event, gint64 timeout_nsec)
 {
 	struct pollfd pollfd = {
 		.fd = fd,
@@ -2232,11 +2232,11 @@ nm_utils_fd_wait_for_event (int fd, int event, gint64 timeout_ns)
 	struct timespec ts, *pts;
 	int r;
 
-	if (timeout_ns < 0)
+	if (timeout_nsec < 0)
 		pts = NULL;
 	else {
-		ts.tv_sec = (time_t) (timeout_ns / NM_UTILS_NS_PER_SECOND);
-		ts.tv_nsec = (long int) (timeout_ns % NM_UTILS_NS_PER_SECOND);
+		ts.tv_sec = (time_t) (timeout_nsec / NM_UTILS_NSEC_PER_SEC);
+		ts.tv_nsec = (long int) (timeout_nsec % NM_UTILS_NSEC_PER_SEC);
 		pts = &ts;
 	}
 
@@ -3591,7 +3591,7 @@ nm_g_idle_source_new (int priority,
 }
 
 GSource *
-nm_g_timeout_source_new (guint timeout_ms,
+nm_g_timeout_source_new (guint timeout_msec,
                          int priority,
                          GSourceFunc func,
                          gpointer user_data,
@@ -3599,7 +3599,7 @@ nm_g_timeout_source_new (guint timeout_ms,
 {
 	GSource *source;
 
-	source = g_timeout_source_new (timeout_ms);
+	source = g_timeout_source_new (timeout_msec);
 	if (priority != G_PRIORITY_DEFAULT)
 		g_source_set_priority (source, priority);
 	g_source_set_callback (source, func, user_data, destroy_notify);
diff --git a/shared/nm-glib-aux/nm-shared-utils.h b/shared/nm-glib-aux/nm-shared-utils.h
index 3bd1afaea3..0af58c4b6d 100644
--- a/shared/nm-glib-aux/nm-shared-utils.h
+++ b/shared/nm-glib-aux/nm-shared-utils.h
@@ -978,7 +978,7 @@ GSource *nm_g_idle_source_new (int priority,
                                gpointer user_data,
                                GDestroyNotify destroy_notify);
 
-GSource *nm_g_timeout_source_new (guint timeout_ms,
+GSource *nm_g_timeout_source_new (guint timeout_msec,
                                   int priority,
                                   GSourceFunc func,
                                   gpointer user_data,
@@ -1182,14 +1182,19 @@ _nm_utils_strv_equal (char **strv1, char **strv2)
 
 /*****************************************************************************/
 
-#define NM_UTILS_NS_PER_SECOND   ((gint64) 1000000000)
-#define NM_UTILS_NS_PER_MSEC     ((gint64) 1000000)
-#define NM_UTILS_MSEC_PER_SECOND ((gint64) 1000)
-#define NM_UTILS_NS_TO_MSEC_CEIL(nsec)      (((nsec) + (NM_UTILS_NS_PER_MSEC - 1)) / NM_UTILS_NS_PER_MSEC)
+#define NM_UTILS_NSEC_PER_SEC  ((gint64) 1000000000)
+#define NM_UTILS_NSEC_PER_MSEC ((gint64) 1000000)
+#define NM_UTILS_MSEC_PER_SEC  ((gint64) 1000)
+
+static inline gint64
+NM_UTILS_NSEC_TO_MSEC_CEIL (gint64 nsec)
+{
+	return (nsec + (NM_UTILS_NSEC_PER_MSEC - 1)) / NM_UTILS_NSEC_PER_MSEC;
+}
 
 /*****************************************************************************/
 
-int nm_utils_fd_wait_for_event (int fd, int event, gint64 timeout_ns);
+int nm_utils_fd_wait_for_event (int fd, int event, gint64 timeout_nsec);
 ssize_t nm_utils_fd_read_loop (int fd, void *buf, size_t nbytes, bool do_poll);
 int nm_utils_fd_read_loop_exact (int fd, void *buf, size_t nbytes, bool do_poll);
 
diff --git a/shared/nm-glib-aux/nm-time-utils.c b/shared/nm-glib-aux/nm-time-utils.c
index 20d663bc02..6afaf05aa3 100644
--- a/shared/nm-glib-aux/nm-time-utils.c
+++ b/shared/nm-glib-aux/nm-time-utils.c
@@ -40,19 +40,19 @@ _t_init_global_state (void)
 	/* The only failure we tolerate is that CLOCK_BOOTTIME is not supported.
 	 * Other than that, we rely on kernel to not fail on this. */
 	g_assert (r == 0);
-	g_assert (tp.tv_nsec >= 0 && tp.tv_nsec < NM_UTILS_NS_PER_SECOND);
+	g_assert (tp.tv_nsec >= 0 && tp.tv_nsec < NM_UTILS_NSEC_PER_SEC);
 
 	/* Calculate an offset for the time stamp.
 	 *
 	 * We always want positive values, because then we can initialize
 	 * a timestamp with 0 and be sure, that it will be less then any
 	 * value nm_utils_get_monotonic_timestamp_*() might return.
-	 * For this to be true also for nm_utils_get_monotonic_timestamp_s() at
+	 * For this to be true also for nm_utils_get_monotonic_timestamp_sec() at
 	 * early boot, we have to shift the timestamp to start counting at
 	 * least from 1 second onward.
 	 *
 	 * Another advantage of shifting is, that this way we make use of the whole 31 bit
-	 * range of signed int, before the time stamp for nm_utils_get_monotonic_timestamp_s()
+	 * range of signed int, before the time stamp for nm_utils_get_monotonic_timestamp_sec()
 	 * wraps (~68 years).
 	 **/
 	offset_sec = (- ((gint64) tp.tv_sec)) + 1;
@@ -96,7 +96,7 @@ _t_init_global_state (void)
 		_r = clock_gettime (_p2->clk_id, _tp); \
 		\
 		nm_assert (_r == 0); \
-		nm_assert (_tp->tv_nsec >= 0 && _tp->tv_nsec < NM_UTILS_NS_PER_SECOND); \
+		nm_assert (_tp->tv_nsec >= 0 && _tp->tv_nsec < NM_UTILS_NSEC_PER_SEC); \
 		\
 		_p2; \
 	})
@@ -107,7 +107,7 @@ _t_init_global_state (void)
 /*****************************************************************************/
 
 /**
- * nm_utils_get_monotonic_timestamp_ns:
+ * nm_utils_get_monotonic_timestamp_nsec:
  *
  * Returns: a monotonically increasing time stamp in nanoseconds,
  * starting at an unspecified offset. See clock_gettime(), %CLOCK_BOOTTIME.
@@ -115,11 +115,11 @@ _t_init_global_state (void)
  * The returned value will start counting at an undefined point
  * in the past and will always be positive.
  *
- * All the nm_utils_get_monotonic_timestamp_*s functions return the same
+ * All the nm_utils_get_monotonic_timestamp_*sec functions return the same
  * timestamp but in different scales (nsec, usec, msec, sec).
  **/
 gint64
-nm_utils_get_monotonic_timestamp_ns (void)
+nm_utils_get_monotonic_timestamp_nsec (void)
 {
 	const GlobalState *p;
 	struct timespec tp;
@@ -130,12 +130,12 @@ nm_utils_get_monotonic_timestamp_ns (void)
 	 * integer, which makes it easier to calculate time differences (when
 	 * you want to subtract signed values).
 	 **/
-	return (((gint64) tp.tv_sec) + p->offset_sec) * NM_UTILS_NS_PER_SECOND +
+	return (((gint64) tp.tv_sec) + p->offset_sec) * NM_UTILS_NSEC_PER_SEC +
 	       tp.tv_nsec;
 }
 
 /**
- * nm_utils_get_monotonic_timestamp_us:
+ * nm_utils_get_monotonic_timestamp_usec:
  *
  * Returns: a monotonically increasing time stamp in microseconds,
  * starting at an unspecified offset. See clock_gettime(), %CLOCK_BOOTTIME.
@@ -143,11 +143,11 @@ nm_utils_get_monotonic_timestamp_ns (void)
  * The returned value will start counting at an undefined point
  * in the past and will always be positive.
  *
- * All the nm_utils_get_monotonic_timestamp_*s functions return the same
+ * All the nm_utils_get_monotonic_timestamp_*sec functions return the same
  * timestamp but in different scales (nsec, usec, msec, sec).
  **/
 gint64
-nm_utils_get_monotonic_timestamp_us (void)
+nm_utils_get_monotonic_timestamp_usec (void)
 {
 	const GlobalState *p;
 	struct timespec tp;
@@ -159,11 +159,11 @@ nm_utils_get_monotonic_timestamp_us (void)
 	 * you want to subtract signed values).
 	 **/
 	return (((gint64) tp.tv_sec) + p->offset_sec) * ((gint64) G_USEC_PER_SEC) +
-	       (tp.tv_nsec / (NM_UTILS_NS_PER_SECOND/G_USEC_PER_SEC));
+	       (tp.tv_nsec / (NM_UTILS_NSEC_PER_SEC/G_USEC_PER_SEC));
 }
 
 /**
- * nm_utils_get_monotonic_timestamp_ms:
+ * nm_utils_get_monotonic_timestamp_msec:
  *
  * Returns: a monotonically increasing time stamp in milliseconds,
  * starting at an unspecified offset. See clock_gettime(), %CLOCK_BOOTTIME.
@@ -171,11 +171,11 @@ nm_utils_get_monotonic_timestamp_us (void)
  * The returned value will start counting at an undefined point
  * in the past and will always be positive.
  *
- * All the nm_utils_get_monotonic_timestamp_*s functions return the same
+ * All the nm_utils_get_monotonic_timestamp_*sec functions return the same
  * timestamp but in different scales (nsec, usec, msec, sec).
  **/
 gint64
-nm_utils_get_monotonic_timestamp_ms (void)
+nm_utils_get_monotonic_timestamp_msec (void)
 {
 	const GlobalState *p;
 	struct timespec tp;
@@ -187,23 +187,23 @@ nm_utils_get_monotonic_timestamp_ms (void)
 	 * you want to subtract signed values).
 	 **/
 	return (((gint64) tp.tv_sec) + p->offset_sec) * ((gint64) 1000) +
-	       (tp.tv_nsec / (NM_UTILS_NS_PER_SECOND/1000));
+	       (tp.tv_nsec / (NM_UTILS_NSEC_PER_SEC/1000));
 }
 
 /**
- * nm_utils_get_monotonic_timestamp_s:
+ * nm_utils_get_monotonic_timestamp_sec:
  *
- * Returns: nm_utils_get_monotonic_timestamp_ms() in seconds (throwing
+ * Returns: nm_utils_get_monotonic_timestamp_msec() in seconds (throwing
  * away sub second parts). The returned value will always be positive.
  *
  * This value wraps after roughly 68 years which should be fine for any
  * practical purpose.
  *
- * All the nm_utils_get_monotonic_timestamp_*s functions return the same
+ * All the nm_utils_get_monotonic_timestamp_*sec functions return the same
  * timestamp but in different scales (nsec, usec, msec, sec).
  **/
 gint32
-nm_utils_get_monotonic_timestamp_s (void)
+nm_utils_get_monotonic_timestamp_sec (void)
 {
 	const GlobalState *p;
 	struct timespec tp;
@@ -216,13 +216,13 @@ nm_utils_get_monotonic_timestamp_s (void)
 /**
  * nm_utils_monotonic_timestamp_as_boottime:
  * @timestamp: the monotonic-timestamp that should be converted into CLOCK_BOOTTIME.
- * @timestamp_ns_per_tick: How many nanoseconds make one unit of @timestamp? E.g. if
- *   @timestamp is in unit seconds, pass %NM_UTILS_NS_PER_SECOND; if @timestamp is
- *   in nanoseconds, pass 1; if @timestamp is in milliseconds, pass %NM_UTILS_NS_PER_SECOND/1000.
- *   This must be a multiple of 10, and between 1 and %NM_UTILS_NS_PER_SECOND.
+ * @timestamp_nsec_per_tick: How many nanoseconds make one unit of @timestamp? E.g. if
+ *   @timestamp is in unit seconds, pass %NM_UTILS_NSEC_PER_SEC; if @timestamp is
+ *   in nanoseconds, pass 1; if @timestamp is in milliseconds, pass %NM_UTILS_NSEC_PER_SEC/1000.
+ *   This must be a multiple of 10, and between 1 and %NM_UTILS_NSEC_PER_SEC.
  *
  * Returns: the monotonic-timestamp as CLOCK_BOOTTIME, as returned by clock_gettime().
- *   The unit is the same as the passed in @timestamp based on @timestamp_ns_per_tick.
+ *   The unit is the same as the passed in @timestamp based on @timestamp_nsec_per_tick.
  *   E.g. if you passed @timestamp in as seconds, it will return boottime in seconds.
  *
  *   Note that valid monotonic-timestamps are always positive numbers (counting roughly since
@@ -234,16 +234,16 @@ nm_utils_get_monotonic_timestamp_s (void)
  * On older kernels that don't support CLOCK_BOOTTIME, the returned time is instead CLOCK_MONOTONIC.
  **/
 gint64
-nm_utils_monotonic_timestamp_as_boottime (gint64 timestamp, gint64 timestamp_ns_per_tick)
+nm_utils_monotonic_timestamp_as_boottime (gint64 timestamp, gint64 timestamp_nsec_per_tick)
 {
 	const GlobalState *p;
 	gint64 offset;
 
-	/* only support ns-per-tick being a multiple of 10. */
-	g_return_val_if_fail (timestamp_ns_per_tick == 1
-	                      || (timestamp_ns_per_tick > 0 &&
-	                          timestamp_ns_per_tick <= NM_UTILS_NS_PER_SECOND &&
-	                          timestamp_ns_per_tick % 10 == 0),
+	/* only support nsec-per-tick being a multiple of 10. */
+	g_return_val_if_fail (   timestamp_nsec_per_tick == 1
+	                      || (timestamp_nsec_per_tick > 0 &&
+	                          timestamp_nsec_per_tick <= NM_UTILS_NSEC_PER_SEC &&
+	                          timestamp_nsec_per_tick % 10 == 0),
 	                      -1);
 
 	/* if the caller didn't yet ever fetch a monotonic-timestamp, he cannot pass any meaningful
@@ -255,7 +255,7 @@ nm_utils_monotonic_timestamp_as_boottime (gint64 timestamp, gint64 timestamp_ns_
 	nm_assert (p->offset_sec <= 0);
 
 	/* calculate the offset of monotonic-timestamp to boottime. offset_s is <= 1. */
-	offset = p->offset_sec * (NM_UTILS_NS_PER_SECOND / timestamp_ns_per_tick);
+	offset = p->offset_sec * (NM_UTILS_NSEC_PER_SEC / timestamp_nsec_per_tick);
 
 	nm_assert (offset <= 0 && offset > G_MININT64);
 
@@ -270,9 +270,9 @@ nm_utils_monotonic_timestamp_as_boottime (gint64 timestamp, gint64 timestamp_ns_
  * @boottime: the timestamp from CLOCK_BOOTTIME (or CLOCK_MONOTONIC, if
  *   kernel does not support CLOCK_BOOTTIME and monotonic timestamps are based
  *   on CLOCK_MONOTONIC).
- * @timestamp_ns_per_tick: the scale in which @boottime is. If @boottime is in
+ * @timestamp_nsec_per_tick: the scale in which @boottime is. If @boottime is in
  *   nano seconds, this should be 1. If it is in milli seconds, this should be
- *   %NM_UTILS_NS_PER_SECOND/1000, etc.
+ *   %NM_UTILS_NSEC_PER_SEC/1000, etc.
  *
  * Returns: the same timestamp in monotonic timestamp scale.
  *
@@ -284,16 +284,16 @@ nm_utils_monotonic_timestamp_as_boottime (gint64 timestamp, gint64 timestamp_ns_
  * This is the inverse of nm_utils_monotonic_timestamp_as_boottime().
  */
 gint64
-nm_utils_monotonic_timestamp_from_boottime (guint64 boottime, gint64 timestamp_ns_per_tick)
+nm_utils_monotonic_timestamp_from_boottime (guint64 boottime, gint64 timestamp_nsec_per_tick)
 {
 	const GlobalState *p;
 	gint64 offset;
 
-	/* only support ns-per-tick being a multiple of 10. */
-	g_return_val_if_fail (timestamp_ns_per_tick == 1
-	                      || (timestamp_ns_per_tick > 0 &&
-	                          timestamp_ns_per_tick <= NM_UTILS_NS_PER_SECOND &&
-	                          timestamp_ns_per_tick % 10 == 0),
+	/* only support nsec-per-tick being a multiple of 10. */
+	g_return_val_if_fail (   timestamp_nsec_per_tick == 1
+	                      || (timestamp_nsec_per_tick > 0 &&
+	                          timestamp_nsec_per_tick <= NM_UTILS_NSEC_PER_SEC &&
+	                          timestamp_nsec_per_tick % 10 == 0),
 	                      -1);
 
 	p = _t_get_global_state ();
@@ -301,7 +301,7 @@ nm_utils_monotonic_timestamp_from_boottime (guint64 boottime, gint64 timestamp_n
 	nm_assert (p->offset_sec <= 0);
 
 	/* calculate the offset of monotonic-timestamp to boottime. offset_s is <= 1. */
-	offset = p->offset_sec * (NM_UTILS_NS_PER_SECOND / timestamp_ns_per_tick);
+	offset = p->offset_sec * (NM_UTILS_NSEC_PER_SEC / timestamp_nsec_per_tick);
 
 	nm_assert (offset <= 0 && offset > G_MININT64);
 
diff --git a/shared/nm-glib-aux/nm-time-utils.h b/shared/nm-glib-aux/nm-time-utils.h
index 8bf41b96a1..fe48be0aed 100644
--- a/shared/nm-glib-aux/nm-time-utils.h
+++ b/shared/nm-glib-aux/nm-time-utils.h
@@ -11,7 +11,7 @@
 static inline gint64
 nm_utils_timespec_to_ns (const struct timespec *ts)
 {
-	return   (((gint64) ts->tv_sec) * ((gint64) NM_UTILS_NS_PER_SECOND))
+	return   (((gint64) ts->tv_sec) * ((gint64) NM_UTILS_NSEC_PER_SEC))
 	       +  ((gint64) ts->tv_nsec);
 }
 
@@ -19,21 +19,21 @@ static inline gint64
 nm_utils_timespec_to_ms (const struct timespec *ts)
 {
 	return   (((gint64) ts->tv_sec)  * ((gint64) 1000))
-	       + (((gint64) ts->tv_nsec) / ((gint64) NM_UTILS_NS_PER_SECOND / 1000));
+	       + (((gint64) ts->tv_nsec) / ((gint64) NM_UTILS_NSEC_PER_SEC / 1000));
 }
 
-gint64 nm_utils_get_monotonic_timestamp_ns (void);
-gint64 nm_utils_get_monotonic_timestamp_us (void);
-gint64 nm_utils_get_monotonic_timestamp_ms (void);
-gint32 nm_utils_get_monotonic_timestamp_s (void);
-gint64 nm_utils_monotonic_timestamp_as_boottime (gint64 timestamp, gint64 timestamp_ticks_per_ns);
-gint64 nm_utils_monotonic_timestamp_from_boottime (guint64 boottime, gint64 timestamp_ns_per_tick);
+gint64 nm_utils_get_monotonic_timestamp_nsec (void);
+gint64 nm_utils_get_monotonic_timestamp_usec (void);
+gint64 nm_utils_get_monotonic_timestamp_msec (void);
+gint32 nm_utils_get_monotonic_timestamp_sec (void);
+gint64 nm_utils_monotonic_timestamp_as_boottime (gint64 timestamp, gint64 timestamp_ticks_per_nsec);
+gint64 nm_utils_monotonic_timestamp_from_boottime (guint64 boottime, gint64 timestamp_nsec_per_tick);
 
 static inline gint64
 nm_utils_get_monotonic_timestamp_ns_cached (gint64 *cache_now)
 {
 	return    (*cache_now)
-	       ?: (*cache_now = nm_utils_get_monotonic_timestamp_ns ());
+	       ?: (*cache_now = nm_utils_get_monotonic_timestamp_nsec ());
 }
 
 gint64 nm_utils_clock_gettime_ns (clockid_t clockid);
diff --git a/shared/nm-utils/tests/meson.build b/shared/nm-glib-aux/tests/meson.build
index 1ee5efff95..37c5c1b44d 100644
--- a/shared/nm-utils/tests/meson.build
+++ b/shared/nm-glib-aux/tests/meson.build
@@ -14,7 +14,7 @@ exe = executable(
 )
 
 test(
-  'shared/nm-utils/' + test_unit,
+  'shared/nm-glib-aux/' + test_unit,
   test_script,
   args: test_args + [exe.full_path()],
   timeout: default_test_timeout,
diff --git a/shared/nm-utils/tests/test-shared-general.c b/shared/nm-glib-aux/tests/test-shared-general.c
index 34da19b32f..a6721c362d 100644
--- a/shared/nm-utils/tests/test-shared-general.c
+++ b/shared/nm-glib-aux/tests/test-shared-general.c
@@ -44,7 +44,7 @@ test_gpid (void)
 static void
 test_monotonic_timestamp (void)
 {
-	g_assert (nm_utils_get_monotonic_timestamp_s () > 0);
+	g_assert (nm_utils_get_monotonic_timestamp_sec () > 0);
 }
 
 /*****************************************************************************/
diff --git a/shared/nm-libnm-aux/nm-libnm-aux.c b/shared/nm-libnm-aux/nm-libnm-aux.c
new file mode 100644
index 0000000000..169416b9c4
--- /dev/null
+++ b/shared/nm-libnm-aux/nm-libnm-aux.c
@@ -0,0 +1,146 @@
+// SPDX-License-Identifier: LGPL-2.1+
+
+#include "nm-default.h"
+
+#include "nm-libnm-aux.h"
+
+/*****************************************************************************/
+
+NMClient *
+nmc_client_new_async_valist (GCancellable *cancellable,
+                             GAsyncReadyCallback callback,
+                             gpointer user_data,
+                             const char *first_property_name,
+                             va_list ap)
+{
+	NMClient *nmc;
+
+	nmc = NM_CLIENT (g_object_new_valist (NM_TYPE_CLIENT, first_property_name, ap));
+	g_async_initable_init_async (G_ASYNC_INITABLE (nmc),
+	                             G_PRIORITY_DEFAULT,
+	                             cancellable,
+	                             callback,
+	                             user_data);
+	return nmc;
+}
+
+NMClient *
+nmc_client_new_async (GCancellable *cancellable,
+                      GAsyncReadyCallback callback,
+                      gpointer user_data,
+                      const char *first_property_name,
+                      ...)
+{
+	NMClient *nmc;
+	va_list ap;
+
+	va_start (ap, first_property_name);
+	nmc = nmc_client_new_async_valist (cancellable,
+	                                   callback,
+	                                   user_data,
+	                                   first_property_name,
+	                                   ap);
+	va_end (ap);
+	return nmc;
+}
+
+/*****************************************************************************/
+
+typedef struct {
+	GMainLoop *main_loop;
+	NMClient *nmc;
+	GError *error;
+} ClientCreateData;
+
+static void
+_nmc_client_new_waitsync_cb (GObject *source_object,
+                             GAsyncResult *result,
+                             gpointer user_data)
+{
+	ClientCreateData *data = user_data;
+
+	g_async_initable_init_finish (G_ASYNC_INITABLE (source_object),
+	                              result,
+	                              &data->error);
+	g_main_loop_quit (data->main_loop);
+}
+
+/**
+ * nmc_client_new:
+ * @cancellable: the cancellable to abort the creation.
+ * @out_nmc: (out): (transfer full): if give, transfers a reference
+ *   to the NMClient instance. Note that this never fails to create
+ *   the NMClient GObject, but depending on the return value,
+ *   the instance was successfully initialized or not.
+ * @error: the error if creation fails.
+ * @first_property_name: the name of the first property
+ * @...: the value of the first property, followed optionally by more
+ *  name/value pairs, followed by %NULL
+ *
+ * Returns: %TRUE, if the client was successfully initalized.
+ *
+ * This uses nm_client_new_async() to create a NMClient instance,
+ * but it iterates the current GMainContext until the client is
+ * ready. As such, it waits for the client creation to complete
+ * (like sync nm_client_new()) but it iterates the caller's GMainContext
+ * (unlike sync nm_client_new()). This is often preferable, because
+ * sync nm_client_new() needs to create an additional internal GMainContext
+ * that it can iterate instead. That has a performance overhead that
+ * is often unnecessary.
+ */
+gboolean
+nmc_client_new_waitsync (GCancellable *cancellable,
+                         NMClient **out_nmc,
+                         GError **error,
+                         const char *first_property_name,
+                         ...)
+{
+	gs_unref_object NMClient *nmc = NULL;
+	nm_auto_unref_gmainloop GMainLoop *main_loop = g_main_loop_new (g_main_context_get_thread_default (), FALSE);
+	ClientCreateData data = {
+		.main_loop = main_loop,
+	};
+	va_list ap;
+
+#if NM_MORE_ASSERTS > 10
+	/* The sync initialization of NMClient is generally a bad idea, because it
+	 * brings the overhead of an additional GMainContext. Anyway, since our own
+	 * code no longer uses that, we hardly test those code paths. But they should
+	 * work just the same. Randomly use instead the sync initialization in a debug
+	 * build... */
+	if ((g_random_int () % 2) == 0) {
+		gboolean success;
+
+		va_start (ap, first_property_name);
+		nmc = NM_CLIENT (g_object_new_valist (NM_TYPE_CLIENT, first_property_name, ap));
+		va_end (ap);
+
+		/* iterate the context at least once, just so that the behavior from POV of the
+		 * caller is roughly the same. */
+		g_main_context_iteration (nm_client_get_main_context (nmc), FALSE);
+
+		success = g_initable_init (G_INITABLE (nmc),
+		                           cancellable,
+		                           error);
+		NM_SET_OUT (out_nmc, g_steal_pointer (&nmc));
+		return success;
+	}
+#endif
+
+	va_start (ap, first_property_name);
+	nmc = nmc_client_new_async_valist (cancellable,
+	                                   _nmc_client_new_waitsync_cb,
+	                                   &data,
+	                                   first_property_name,
+	                                   ap);
+	va_end (ap);
+
+	g_main_loop_run (main_loop);
+
+	NM_SET_OUT (out_nmc, g_steal_pointer (&nmc));
+	if (data.error) {
+		g_propagate_error (error, data.error);
+		return FALSE;
+	}
+	return TRUE;
+}
diff --git a/shared/nm-libnm-aux/nm-libnm-aux.h b/shared/nm-libnm-aux/nm-libnm-aux.h
new file mode 100644
index 0000000000..a0aff19f28
--- /dev/null
+++ b/shared/nm-libnm-aux/nm-libnm-aux.h
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: LGPL-2.1+
+
+#ifndef __NM_LIBNM_AUX_H__
+#define __NM_LIBNM_AUX_H__
+
+NMClient *nmc_client_new_async_valist (GCancellable *cancellable,
+                                       GAsyncReadyCallback callback,
+                                       gpointer user_data,
+                                       const char *first_property_name,
+                                       va_list ap);
+
+NMClient *nmc_client_new_async (GCancellable *cancellable,
+                                GAsyncReadyCallback callback,
+                                gpointer user_data,
+                                const char *first_property_name,
+                                ...);
+
+gboolean nmc_client_new_waitsync (GCancellable *cancellable,
+                                  NMClient **out_nmc,
+                                  GError **error,
+                                  const char *first_property_name,
+                                  ...);
+
+#endif /* __NM_LIBNM_AUX_H__ */
diff --git a/shared/nm-libnm-core-intern/nm-libnm-core-utils.c b/shared/nm-libnm-core-intern/nm-libnm-core-utils.c
index 9bf0b1202e..df2f2e7769 100644
--- a/shared/nm-libnm-core-intern/nm-libnm-core-utils.c
+++ b/shared/nm-libnm-core-intern/nm-libnm-core-utils.c
@@ -4,6 +4,8 @@
 
 #include "nm-libnm-core-utils.h"
 
+#include "nm-common-macros.h"
+
 /*****************************************************************************/
 
 gboolean
@@ -59,3 +61,120 @@ nm_utils_vlan_priority_map_parse_str (NMVlanPriorityMap map_type,
 	NM_SET_OUT (out_has_wildcard_to, v2 < 0);
 	return TRUE;
 }
+
+/*****************************************************************************/
+
+const char *const nm_auth_permission_names_by_idx[NM_CLIENT_PERMISSION_LAST] = {
+	[NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK - 1]               = NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK,
+	[NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK - 1] = NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK,
+	[NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK - 1]            = NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK,
+	[NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS - 1]         = NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS,
+	[NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI - 1]               = NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI,
+	[NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX - 1]              = NM_AUTH_PERMISSION_ENABLE_DISABLE_WIMAX,
+	[NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN - 1]               = NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN,
+	[NM_CLIENT_PERMISSION_NETWORK_CONTROL - 1]                   = NM_AUTH_PERMISSION_NETWORK_CONTROL,
+	[NM_CLIENT_PERMISSION_RELOAD - 1]                            = NM_AUTH_PERMISSION_RELOAD,
+	[NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS - 1]        = NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS,
+	[NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME - 1]          = NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME,
+	[NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN - 1]               = NM_AUTH_PERMISSION_SETTINGS_MODIFY_OWN,
+	[NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM - 1]            = NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM,
+	[NM_CLIENT_PERMISSION_SLEEP_WAKE - 1]                        = NM_AUTH_PERMISSION_SLEEP_WAKE,
+	[NM_CLIENT_PERMISSION_WIFI_SCAN - 1]                         = NM_AUTH_PERMISSION_WIFI_SCAN,
+	[NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN - 1]                   = NM_AUTH_PERMISSION_WIFI_SHARE_OPEN,
+	[NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED - 1]              = NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED,
+};
+
+const NMClientPermission nm_auth_permission_sorted[NM_CLIENT_PERMISSION_LAST] = {
+	NM_CLIENT_PERMISSION_CHECKPOINT_ROLLBACK,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_NETWORK,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_STATISTICS,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIFI,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WIMAX,
+	NM_CLIENT_PERMISSION_ENABLE_DISABLE_WWAN,
+	NM_CLIENT_PERMISSION_NETWORK_CONTROL,
+	NM_CLIENT_PERMISSION_RELOAD,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_HOSTNAME,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN,
+	NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM,
+	NM_CLIENT_PERMISSION_SLEEP_WAKE,
+	NM_CLIENT_PERMISSION_WIFI_SCAN,
+	NM_CLIENT_PERMISSION_WIFI_SHARE_OPEN,
+	NM_CLIENT_PERMISSION_WIFI_SHARE_PROTECTED,
+};
+
+const char *
+nm_auth_permission_to_string (NMClientPermission permission)
+{
+	if (permission < 1)
+		return NULL;
+	if (permission > NM_CLIENT_PERMISSION_LAST)
+		return NULL;
+	return nm_auth_permission_names_by_idx[permission - 1];
+}
+
+#define AUTH_PERMISSION_PREFIX "org.freedesktop.NetworkManager."
+
+static int
+_nm_auth_permission_from_string_cmp (gconstpointer a, gconstpointer b, gpointer user_data)
+{
+	const NMClientPermission *const p = a;
+	const char *const needle = b;
+	const char *ss = nm_auth_permission_names_by_idx[*p - 1];
+
+	nm_assert (NM_STR_HAS_PREFIX (ss, AUTH_PERMISSION_PREFIX));
+	nm_assert (ss[NM_STRLEN (AUTH_PERMISSION_PREFIX)] != '\0');
+
+	return strcmp (&ss[NM_STRLEN (AUTH_PERMISSION_PREFIX)], needle);
+}
+
+NMClientPermission
+nm_auth_permission_from_string (const char *str)
+{
+	gssize idx;
+
+	if (!str)
+		return NM_CLIENT_PERMISSION_NONE;
+
+	if (!NM_STR_HAS_PREFIX (str, AUTH_PERMISSION_PREFIX))
+		return NM_CLIENT_PERMISSION_NONE;
+	idx = nm_utils_array_find_binary_search (nm_auth_permission_sorted,
+	                                         sizeof (nm_auth_permission_sorted[0]),
+	                                         G_N_ELEMENTS (nm_auth_permission_sorted),
+	                                         &str[NM_STRLEN (AUTH_PERMISSION_PREFIX)],
+	                                         _nm_auth_permission_from_string_cmp,
+	                                         NULL);
+	if (idx < 0)
+		return NM_CLIENT_PERMISSION_NONE;
+	return nm_auth_permission_sorted[idx];
+}
+
+/*****************************************************************************/
+
+NMClientPermissionResult
+nm_client_permission_result_from_string (const char *nm)
+{
+	if (!nm)
+		return NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
+	if (nm_streq (nm, "yes"))
+		return NM_CLIENT_PERMISSION_RESULT_YES;
+	if (nm_streq (nm, "no"))
+		return NM_CLIENT_PERMISSION_RESULT_NO;
+	if (nm_streq (nm, "auth"))
+		return NM_CLIENT_PERMISSION_RESULT_AUTH;
+	return NM_CLIENT_PERMISSION_RESULT_UNKNOWN;
+}
+
+const char *
+nm_client_permission_result_to_string (NMClientPermissionResult permission)
+{
+	switch (permission) {
+	case NM_CLIENT_PERMISSION_RESULT_YES:     return "yes";
+	case NM_CLIENT_PERMISSION_RESULT_NO:      return "no";
+	case NM_CLIENT_PERMISSION_RESULT_AUTH:    return "auth";
+	case NM_CLIENT_PERMISSION_RESULT_UNKNOWN: return "unknown";
+	}
+	nm_assert_not_reached ();
+	return NULL;
+}
diff --git a/shared/nm-libnm-core-intern/nm-libnm-core-utils.h b/shared/nm-libnm-core-intern/nm-libnm-core-utils.h
index 42e9fc6491..65a6e74ef0 100644
--- a/shared/nm-libnm-core-intern/nm-libnm-core-utils.h
+++ b/shared/nm-libnm-core-intern/nm-libnm-core-utils.h
@@ -95,4 +95,17 @@ nm_setting_ip_config_get_addr_family (NMSettingIPConfig *s_ip)
  * depends on other factors. */
 #define NM_INFINIBAND_MAX_MTU ((guint) 65520)
 
+/*****************************************************************************/
+
+extern const char *const nm_auth_permission_names_by_idx[NM_CLIENT_PERMISSION_LAST];
+extern const NMClientPermission nm_auth_permission_sorted[NM_CLIENT_PERMISSION_LAST];
+
+const char *nm_auth_permission_to_string (NMClientPermission permission);
+NMClientPermission nm_auth_permission_from_string (const char *str);
+
+/*****************************************************************************/
+
+NMClientPermissionResult nm_client_permission_result_from_string (const char *nm);
+const char *nm_client_permission_result_to_string (NMClientPermissionResult permission);
+
 #endif /* __NM_LIBNM_SHARED_UTILS_H__ */
diff --git a/shared/nm-utils/nm-test-utils.h b/shared/nm-utils/nm-test-utils.h
index f0ea11790d..fd90c3b5e7 100644
--- a/shared/nm-utils/nm-test-utils.h
+++ b/shared/nm-utils/nm-test-utils.h
@@ -622,7 +622,7 @@ __nmtst_init (int *argc, char ***argv, gboolean assert_logging, const char *log_
 
 #ifdef __NETWORKMANAGER_UTILS_H__
 	/* ensure that monotonic timestamp is called (because it initially logs a line) */
-	nm_utils_get_monotonic_timestamp_s ();
+	nm_utils_get_monotonic_timestamp_sec ();
 #endif
 
 #ifdef NM_UTILS_H
@@ -978,13 +978,13 @@ _nmtst_main_loop_run_timeout (gpointer user_data)
 }
 
 static inline gboolean
-nmtst_main_loop_run (GMainLoop *loop, guint timeout_ms)
+nmtst_main_loop_run (GMainLoop *loop, guint timeout_msec)
 {
 	nm_auto_unref_gsource GSource *source = NULL;
 	GMainLoop *loopx = loop;
 
-	if (timeout_ms > 0) {
-		source = g_timeout_source_new (timeout_ms);
+	if (timeout_msec > 0) {
+		source = g_timeout_source_new (timeout_msec);
 		g_source_set_callback (source, _nmtst_main_loop_run_timeout, &loopx, NULL);
 		g_source_attach (source, g_main_loop_get_context (loop));
 	}
@@ -1020,13 +1020,13 @@ _nmtst_main_context_iterate_until_timeout (gpointer user_data)
 	return G_SOURCE_CONTINUE;
 }
 
-#define nmtst_main_context_iterate_until(context, timeout_ms, condition) \
+#define nmtst_main_context_iterate_until(context, timeout_msec, condition) \
 	G_STMT_START { \
 		nm_auto_destroy_and_unref_gsource GSource *_source = NULL; \
 		GMainContext *_context = (context); \
 		gboolean _had_timeout = FALSE; \
 		\
-		_source = g_timeout_source_new (timeout_ms); \
+		_source = g_timeout_source_new (timeout_msec); \
 		g_source_set_callback (_source, _nmtst_main_context_iterate_until_timeout, &_had_timeout, NULL); \
 		g_source_attach (_source, _context); \
 		\
diff --git a/shared/nm-version-macros.h.in b/shared/nm-version-macros.h.in
index 961febb027..e97f506cb8 100644
--- a/shared/nm-version-macros.h.in
+++ b/shared/nm-version-macros.h.in
@@ -63,6 +63,7 @@
 #define NM_VERSION_1_18   (NM_ENCODE_VERSION (1, 18, 0))
 #define NM_VERSION_1_20   (NM_ENCODE_VERSION (1, 20, 0))
 #define NM_VERSION_1_22   (NM_ENCODE_VERSION (1, 22, 0))
+#define NM_VERSION_1_24   (NM_ENCODE_VERSION (1, 24, 0))
 
 /* For releases, NM_API_VERSION is equal to NM_VERSION.
  *
diff --git a/shared/systemd/sd-adapt-shared/missing_syscall.h b/shared/systemd/sd-adapt-shared/missing_keyctl.h
index 637892c2d6..637892c2d6 100644
--- a/shared/systemd/sd-adapt-shared/missing_syscall.h
+++ b/shared/systemd/sd-adapt-shared/missing_keyctl.h
diff --git a/shared/systemd/sd-adapt-shared/nm-sd-adapt-shared.h b/shared/systemd/sd-adapt-shared/nm-sd-adapt-shared.h
index 490cae9283..d4df97d6e5 100644
--- a/shared/systemd/sd-adapt-shared/nm-sd-adapt-shared.h
+++ b/shared/systemd/sd-adapt-shared/nm-sd-adapt-shared.h
@@ -122,6 +122,24 @@ static inline pid_t _nm_gettid(void) {
 #define HAVE_EXPLICIT_BZERO 0
 #endif
 
+#if defined(HAVE_DECL_PIDFD_OPEN) && HAVE_DECL_PIDFD_OPEN == 1
+#define HAVE_PIDFD_OPEN 1
+#else
+#define HAVE_PIDFD_OPEN 0
+#endif
+
+#if defined(HAVE_DECL_PIDFD_SEND_SIGNAL) && HAVE_DECL_PIDFD_SEND_SIGNAL == 1
+#define HAVE_PIDFD_SEND_SIGNAL 1
+#else
+#define HAVE_PIDFD_SEND_SIGNAL 0
+#endif
+
+#if defined(HAVE_DECL_RT_SIGQUEUEINFO) && HAVE_DECL_RT_SIGQUEUEINFO == 1
+#define HAVE_RT_SIGQUEUEINFO 1
+#else
+#define HAVE_RT_SIGQUEUEINFO 0
+#endif
+
 #endif /* (NETWORKMANAGER_COMPILATION) & NM_NETWORKMANAGER_COMPILATION_WITH_SYSTEMD */
 
 /*****************************************************************************/
diff --git a/shared/systemd/src/basic/errno-util.h b/shared/systemd/src/basic/errno-util.h
index 8f1be6c00e..65a6384eeb 100644
--- a/shared/systemd/src/basic/errno-util.h
+++ b/shared/systemd/src/basic/errno-util.h
@@ -101,3 +101,11 @@ static inline bool ERRNO_IS_PRIVILEGE(int r) {
                       EACCES,
                       EPERM);
 }
+
+/* Three difference errors for "not enough disk space" */
+static inline bool ERRNO_IS_DISK_SPACE(int r) {
+        return IN_SET(abs(r),
+                      ENOSPC,
+                      EDQUOT,
+                      EFBIG);
+}
diff --git a/shared/systemd/src/basic/fs-util.c b/shared/systemd/src/basic/fs-util.c
index e30f40fb80..5964639026 100644
--- a/shared/systemd/src/basic/fs-util.c
+++ b/shared/systemd/src/basic/fs-util.c
@@ -551,6 +551,7 @@ int get_files_in_directory(const char *path, char ***list) {
 
         return n;
 }
+#endif /* NM_IGNORED */
 
 static int getenv_tmp_dir(const char **ret_path) {
         const char *n;
@@ -622,6 +623,7 @@ static int tmp_dir_internal(const char *def, const char **ret) {
         return 0;
 }
 
+#if 0 /* NM_IGNORED */
 int var_tmp_dir(const char **ret) {
 
         /* Returns the location for "larger" temporary files, that is backed by physical storage if available, and thus
@@ -631,6 +633,7 @@ int var_tmp_dir(const char **ret) {
 
         return tmp_dir_internal("/var/tmp", ret);
 }
+#endif /* NM_IGNORED */
 
 int tmp_dir(const char **ret) {
 
@@ -640,6 +643,7 @@ int tmp_dir(const char **ret) {
         return tmp_dir_internal("/tmp", ret);
 }
 
+#if 0 /* NM_IGNORED */
 int unlink_or_warn(const char *filename) {
         if (unlink(filename) < 0 && errno != ENOENT)
                 /* If the file doesn't exist and the fs simply was read-only (in which
diff --git a/shared/systemd/src/basic/macro.h b/shared/systemd/src/basic/macro.h
index fc733366b3..6cd9c516fb 100644
--- a/shared/systemd/src/basic/macro.h
+++ b/shared/systemd/src/basic/macro.h
@@ -172,6 +172,11 @@ static inline size_t ALIGN_TO(size_t l, size_t ali) {
 
 /* align to next higher power-of-2 (except for: 0 => 0, overflow => 0) */
 static inline unsigned long ALIGN_POWER2(unsigned long u) {
+
+        /* Avoid subtraction overflow */
+        if (u == 0)
+                return 0;
+
         /* clz(0) is undefined */
         if (u == 1)
                 return 1;
@@ -183,6 +188,29 @@ static inline unsigned long ALIGN_POWER2(unsigned long u) {
         return 1UL << (sizeof(u) * 8 - __builtin_clzl(u - 1UL));
 }
 
+static inline size_t GREEDY_ALLOC_ROUND_UP(size_t l) {
+        size_t m;
+
+        /* Round up allocation sizes a bit to some reasonable, likely larger value. This is supposed to be
+         * used for cases which are likely called in an allocation loop of some form, i.e. that repetitively
+         * grow stuff, for example strv_extend() and suchlike.
+         *
+         * Note the difference to GREEDY_REALLOC() here, as this helper operates on a single size value only,
+         * and rounds up to next multiple of 2, needing no further counter.
+         *
+         * Note the benefits of direct ALIGN_POWER2() usage: type-safety for size_t, sane handling for very
+         * small (i.e. <= 2) and safe handling for very large (i.e. > SSIZE_MAX) values. */
+
+        if (l <= 2)
+                return 2; /* Never allocate less than 2 of something.  */
+
+        m = ALIGN_POWER2(l);
+        if (m == 0) /* overflow? */
+                return l;
+
+        return m;
+}
+
 #ifndef __COVERITY__
 #  define VOID_0 ((void)0)
 #else
diff --git a/shared/systemd/src/basic/memory-util.h b/shared/systemd/src/basic/memory-util.h
index 46a6907a0c..4f92a6434a 100644
--- a/shared/systemd/src/basic/memory-util.h
+++ b/shared/systemd/src/basic/memory-util.h
@@ -80,14 +80,21 @@ static inline void* explicit_bzero_safe(void *p, size_t l) {
 void *explicit_bzero_safe(void *p, size_t l);
 #endif
 
-static inline void erase_and_freep(void *p) {
-        void *ptr = *(void**) p;
+static inline void* erase_and_free(void *p) {
+        size_t l;
+
+        if (!p)
+                return NULL;
+
+        l = malloc_usable_size(p);
+        explicit_bzero_safe(p, l);
+        free(p);
 
-        if (ptr) {
-                size_t l = malloc_usable_size(ptr);
-                explicit_bzero_safe(ptr, l);
-                free(ptr);
-        }
+        return NULL;
+}
+
+static inline void erase_and_freep(void *p) {
+        erase_and_free(*(void**) p);
 }
 
 /* Use with _cleanup_ to erase a single 'char' when leaving scope */
diff --git a/shared/systemd/src/basic/missing_syscall.h b/shared/systemd/src/basic/missing_syscall.h
new file mode 100644
index 0000000000..4c42e66515
--- /dev/null
+++ b/shared/systemd/src/basic/missing_syscall.h
@@ -0,0 +1,574 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+/* Missing glibc definitions to access certain kernel APIs */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#ifdef ARCH_MIPS
+#include <asm/sgidefs.h>
+#endif
+
+#include "missing_keyctl.h"
+#include "missing_stat.h"
+
+#if 0 /* NM_IGNORED */
+
+/* linux/kcmp.h */
+#ifndef KCMP_FILE /* 3f4994cfc15f38a3159c6e3a4b3ab2e1481a6b02 (3.19) */
+#define KCMP_FILE 0
+#endif
+
+#if !HAVE_PIVOT_ROOT
+static inline int missing_pivot_root(const char *new_root, const char *put_old) {
+        return syscall(__NR_pivot_root, new_root, put_old);
+}
+
+#  define pivot_root missing_pivot_root
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_MEMFD_CREATE
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_memfd_create && __NR_memfd_create >= 0)
+#    if defined __NR_memfd_create
+#      undef __NR_memfd_create
+#    endif
+#    if defined __x86_64__
+#      define __NR_memfd_create 319
+#    elif defined __arm__
+#      define __NR_memfd_create 385
+#    elif defined __aarch64__
+#      define __NR_memfd_create 279
+#    elif defined __s390__
+#      define __NR_memfd_create 350
+#    elif defined _MIPS_SIM
+#      if _MIPS_SIM == _MIPS_SIM_ABI32
+#        define __NR_memfd_create 4354
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_NABI32
+#        define __NR_memfd_create 6318
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_ABI64
+#        define __NR_memfd_create 5314
+#      endif
+#    elif defined __i386__
+#      define __NR_memfd_create 356
+#    elif defined __arc__
+#      define __NR_memfd_create 279
+#    else
+#      warning "__NR_memfd_create unknown for your architecture"
+#    endif
+#  endif
+
+static inline int missing_memfd_create(const char *name, unsigned int flags) {
+#  ifdef __NR_memfd_create
+        return syscall(__NR_memfd_create, name, flags);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+}
+
+#  define memfd_create missing_memfd_create
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_GETRANDOM
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_getrandom && __NR_getrandom >= 0)
+#    if defined __NR_getrandom
+#      undef __NR_getrandom
+#    endif
+#    if defined __x86_64__
+#      define __NR_getrandom 318
+#    elif defined(__i386__)
+#      define __NR_getrandom 355
+#    elif defined(__arm__)
+#      define __NR_getrandom 384
+#   elif defined(__aarch64__)
+#      define __NR_getrandom 278
+#    elif defined(__ia64__)
+#      define __NR_getrandom 1339
+#    elif defined(__m68k__)
+#      define __NR_getrandom 352
+#    elif defined(__s390x__)
+#      define __NR_getrandom 349
+#    elif defined(__powerpc__)
+#      define __NR_getrandom 359
+#    elif defined _MIPS_SIM
+#      if _MIPS_SIM == _MIPS_SIM_ABI32
+#        define __NR_getrandom 4353
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_NABI32
+#        define __NR_getrandom 6317
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_ABI64
+#        define __NR_getrandom 5313
+#      endif
+#    elif defined(__arc__)
+#      define __NR_getrandom 278
+#    else
+#      warning "__NR_getrandom unknown for your architecture"
+#    endif
+#  endif
+
+static inline int missing_getrandom(void *buffer, size_t count, unsigned flags) {
+#  ifdef __NR_getrandom
+        return syscall(__NR_getrandom, buffer, count, flags);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+}
+
+#  define getrandom missing_getrandom
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_GETTID
+static inline pid_t missing_gettid(void) {
+        return (pid_t) syscall(__NR_gettid);
+}
+
+#  define gettid missing_gettid
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_NAME_TO_HANDLE_AT
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_name_to_handle_at && __NR_name_to_handle_at >= 0)
+#    if defined __NR_name_to_handle_at
+#      undef __NR_name_to_handle_at
+#    endif
+#    if defined(__x86_64__)
+#      define __NR_name_to_handle_at 303
+#    elif defined(__i386__)
+#      define __NR_name_to_handle_at 341
+#    elif defined(__arm__)
+#      define __NR_name_to_handle_at 370
+#    elif defined(__powerpc__)
+#      define __NR_name_to_handle_at 345
+#    elif defined(__arc__)
+#      define __NR_name_to_handle_at 264
+#    else
+#      error "__NR_name_to_handle_at is not defined"
+#    endif
+#  endif
+
+struct file_handle {
+        unsigned int handle_bytes;
+        int handle_type;
+        unsigned char f_handle[0];
+};
+
+static inline int missing_name_to_handle_at(int fd, const char *name, struct file_handle *handle, int *mnt_id, int flags) {
+#  ifdef __NR_name_to_handle_at
+        return syscall(__NR_name_to_handle_at, fd, name, handle, mnt_id, flags);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+}
+
+#  define name_to_handle_at missing_name_to_handle_at
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_SETNS
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_setns && __NR_setns >= 0)
+#    if defined __NR_setns
+#      undef __NR_setns
+#    endif
+#    if defined(__x86_64__)
+#      define __NR_setns 308
+#    elif defined(__i386__)
+#      define __NR_setns 346
+#    elif defined(__arc__)
+#      define __NR_setns 268
+#    else
+#      error "__NR_setns is not defined"
+#    endif
+#  endif
+
+static inline int missing_setns(int fd, int nstype) {
+#  ifdef __NR_setns
+        return syscall(__NR_setns, fd, nstype);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+}
+
+#  define setns missing_setns
+#endif
+
+/* ======================================================================= */
+
+static inline pid_t raw_getpid(void) {
+#if defined(__alpha__)
+        return (pid_t) syscall(__NR_getxpid);
+#else
+        return (pid_t) syscall(__NR_getpid);
+#endif
+}
+
+/* ======================================================================= */
+
+#if !HAVE_RENAMEAT2
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_renameat2 && __NR_renameat2 >= 0)
+#    if defined __NR_renameat2
+#      undef __NR_renameat2
+#    endif
+#    if defined __x86_64__
+#      define __NR_renameat2 316
+#    elif defined __arm__
+#      define __NR_renameat2 382
+#    elif defined __aarch64__
+#      define __NR_renameat2 276
+#    elif defined _MIPS_SIM
+#      if _MIPS_SIM == _MIPS_SIM_ABI32
+#        define __NR_renameat2 4351
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_NABI32
+#        define __NR_renameat2 6315
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_ABI64
+#        define __NR_renameat2 5311
+#      endif
+#    elif defined __i386__
+#      define __NR_renameat2 353
+#    elif defined __powerpc64__
+#      define __NR_renameat2 357
+#    elif defined __s390__ || defined __s390x__
+#      define __NR_renameat2 347
+#    elif defined __arc__
+#      define __NR_renameat2 276
+#    else
+#      warning "__NR_renameat2 unknown for your architecture"
+#    endif
+#  endif
+
+static inline int missing_renameat2(int oldfd, const char *oldname, int newfd, const char *newname, unsigned flags) {
+#  ifdef __NR_renameat2
+        return syscall(__NR_renameat2, oldfd, oldname, newfd, newname, flags);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+}
+
+#  define renameat2 missing_renameat2
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_KCMP
+static inline int missing_kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) {
+#  if defined __NR_kcmp && __NR_kcmp >= 0
+        return syscall(__NR_kcmp, pid1, pid2, type, idx1, idx2);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+}
+
+#  define kcmp missing_kcmp
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_KEYCTL
+static inline long missing_keyctl(int cmd, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) {
+#  if defined __NR_keyctl && __NR_keyctl >= 0
+        return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+
+#  define keyctl missing_keyctl
+}
+
+static inline key_serial_t missing_add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t ringid) {
+#  if defined __NR_add_key && __NR_add_key >= 0
+        return syscall(__NR_add_key, type, description, payload, plen, ringid);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+
+#  define add_key missing_add_key
+}
+
+static inline key_serial_t missing_request_key(const char *type, const char *description, const char * callout_info, key_serial_t destringid) {
+#  if defined __NR_request_key && __NR_request_key >= 0
+        return syscall(__NR_request_key, type, description, callout_info, destringid);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+
+#  define request_key missing_request_key
+}
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_COPY_FILE_RANGE
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_copy_file_range && __NR_copy_file_range >= 0)
+#    if defined __NR_copy_file_range
+#      undef __NR_copy_file_range
+#    endif
+#    if defined(__x86_64__)
+#      define __NR_copy_file_range 326
+#    elif defined(__i386__)
+#      define __NR_copy_file_range 377
+#    elif defined __s390__
+#      define __NR_copy_file_range 375
+#    elif defined __arm__
+#      define __NR_copy_file_range 391
+#    elif defined __aarch64__
+#      define __NR_copy_file_range 285
+#    elif defined __powerpc__
+#      define __NR_copy_file_range 379
+#    elif defined __arc__
+#      define __NR_copy_file_range 285
+#    else
+#      warning "__NR_copy_file_range not defined for your architecture"
+#    endif
+#  endif
+
+static inline ssize_t missing_copy_file_range(int fd_in, loff_t *off_in,
+                                              int fd_out, loff_t *off_out,
+                                              size_t len,
+                                              unsigned int flags) {
+#  ifdef __NR_copy_file_range
+        return syscall(__NR_copy_file_range, fd_in, off_in, fd_out, off_out, len, flags);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+}
+
+#  define copy_file_range missing_copy_file_range
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_BPF
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_bpf && __NR_bpf >= 0)
+#    if defined __NR_bpf
+#      undef __NR_bpf
+#    endif
+#    if defined __i386__
+#      define __NR_bpf 357
+#    elif defined __x86_64__
+#      define __NR_bpf 321
+#    elif defined __aarch64__
+#      define __NR_bpf 280
+#    elif defined __arm__
+#      define __NR_bpf 386
+#    elif defined __sparc__
+#      define __NR_bpf 349
+#    elif defined __s390__
+#      define __NR_bpf 351
+#    elif defined __tilegx__
+#      define __NR_bpf 280
+#    else
+#      warning "__NR_bpf not defined for your architecture"
+#    endif
+#  endif
+
+union bpf_attr;
+
+static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size) {
+#ifdef __NR_bpf
+        return (int) syscall(__NR_bpf, cmd, attr, size);
+#else
+        errno = ENOSYS;
+        return -1;
+#endif
+}
+
+#  define bpf missing_bpf
+#endif
+
+/* ======================================================================= */
+
+#ifndef __IGNORE_pkey_mprotect
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_pkey_mprotect && __NR_pkey_mprotect >= 0)
+#    if defined __NR_pkey_mprotect
+#      undef __NR_pkey_mprotect
+#    endif
+#    if defined __i386__
+#      define __NR_pkey_mprotect 380
+#    elif defined __x86_64__
+#      define __NR_pkey_mprotect 329
+#    elif defined __arm__
+#      define __NR_pkey_mprotect 394
+#    elif defined __aarch64__
+#      define __NR_pkey_mprotect 394
+#    elif defined __powerpc__
+#      define __NR_pkey_mprotect 386
+#    elif defined __s390__
+#      define __NR_pkey_mprotect 384
+#    elif defined _MIPS_SIM
+#      if _MIPS_SIM == _MIPS_SIM_ABI32
+#        define __NR_pkey_mprotect 4363
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_NABI32
+#        define __NR_pkey_mprotect 6327
+#      endif
+#      if _MIPS_SIM == _MIPS_SIM_ABI64
+#        define __NR_pkey_mprotect 5323
+#      endif
+#    else
+#      warning "__NR_pkey_mprotect not defined for your architecture"
+#    endif
+#  endif
+#endif
+
+/* ======================================================================= */
+
+#if !HAVE_STATX
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_statx && __NR_statx >= 0)
+#    if defined __NR_statx
+#      undef __NR_statx
+#    endif
+#    if defined __aarch64__ || defined __arm__
+#      define __NR_statx 397
+#    elif defined __alpha__
+#      define __NR_statx 522
+#    elif defined __i386__ || defined __powerpc64__
+#      define __NR_statx 383
+#    elif defined __sparc__
+#      define __NR_statx 360
+#    elif defined __x86_64__
+#      define __NR_statx 332
+#    else
+#      warning "__NR_statx not defined for your architecture"
+#    endif
+#  endif
+
+struct statx;
+#endif
+
+/* This typedef is supposed to be always defined. */
+typedef struct statx struct_statx;
+
+#if !HAVE_STATX
+static inline ssize_t missing_statx(int dfd, const char *filename, unsigned flags, unsigned int mask, struct statx *buffer) {
+#  ifdef __NR_statx
+        return syscall(__NR_statx, dfd, filename, flags, mask, buffer);
+#  else
+        errno = ENOSYS;
+        return -1;
+#  endif
+}
+
+#  define statx missing_statx
+#endif
+
+#if !HAVE_SET_MEMPOLICY
+
+enum {
+        MPOL_DEFAULT,
+        MPOL_PREFERRED,
+        MPOL_BIND,
+        MPOL_INTERLEAVE,
+        MPOL_LOCAL,
+};
+
+static inline long missing_set_mempolicy(int mode, const unsigned long *nodemask,
+                           unsigned long maxnode) {
+        long i;
+#  if defined __NR_set_mempolicy && __NR_set_mempolicy >= 0
+        i = syscall(__NR_set_mempolicy, mode, nodemask, maxnode);
+#  else
+        errno = ENOSYS;
+        i = -1;
+#  endif
+        return i;
+}
+
+#  define set_mempolicy missing_set_mempolicy
+#endif
+
+#if !HAVE_GET_MEMPOLICY
+static inline long missing_get_mempolicy(int *mode, unsigned long *nodemask,
+                           unsigned long maxnode, void *addr,
+                           unsigned long flags) {
+        long i;
+#  ifdef __NR_get_mempolicy
+        i = syscall(__NR_get_mempolicy, mode, nodemask, maxnode, addr, flags);
+#  else
+        errno = ENOSYS;
+        i = -1;
+#  endif
+        return i;
+}
+
+#define get_mempolicy missing_get_mempolicy
+#endif
+
+#endif /* NM_IGNORED */
+
+#if !HAVE_PIDFD_OPEN
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_pidfd_open && __NR_pidfd_open >= 0)
+#    if defined __NR_pidfd_open
+#      undef __NR_pidfd_open
+#    endif
+#    define __NR_pidfd_open 434
+#endif
+static inline int pidfd_open(pid_t pid, unsigned flags) {
+#ifdef __NR_pidfd_open
+        return syscall(__NR_pidfd_open, pid, flags);
+#else
+        errno = ENOSYS;
+        return -1;
+#endif
+}
+#endif
+
+#if !HAVE_PIDFD_SEND_SIGNAL
+/* may be (invalid) negative number due to libseccomp, see PR 13319 */
+#  if ! (defined __NR_pidfd_send_signal && __NR_pidfd_send_signal >= 0)
+#    if defined __NR_pidfd_send_signal
+#      undef __NR_pidfd_send_signal
+#    endif
+#    define __NR_pidfd_send_signal 424
+#endif
+static inline int pidfd_send_signal(int fd, int sig, siginfo_t *info, unsigned flags) {
+#ifdef __NR_pidfd_open
+        return syscall(__NR_pidfd_send_signal, fd, sig, info, flags);
+#else
+        errno = ENOSYS;
+        return -1;
+#endif
+}
+#endif
+
+#if !HAVE_RT_SIGQUEUEINFO
+static inline int rt_sigqueueinfo(pid_t tgid, int sig, siginfo_t *info) {
+        return syscall(__NR_rt_sigqueueinfo, tgid, sig, info);
+}
+#endif
diff --git a/shared/systemd/src/basic/parse-util.c b/shared/systemd/src/basic/parse-util.c
index 96cc43a2ae..1199ca8003 100644
--- a/shared/systemd/src/basic/parse-util.c
+++ b/shared/systemd/src/basic/parse-util.c
@@ -369,7 +369,6 @@ int safe_atou_full(const char *s, unsigned base, unsigned *ret_u) {
         unsigned long l;
 
         assert(s);
-        assert(ret_u);
         assert(base <= 16);
 
         /* strtoul() is happy to parse negative values, and silently
@@ -393,7 +392,9 @@ int safe_atou_full(const char *s, unsigned base, unsigned *ret_u) {
         if ((unsigned long) (unsigned) l != l)
                 return -ERANGE;
 
-        *ret_u = (unsigned) l;
+        if (ret_u)
+                *ret_u = (unsigned) l;
+
         return 0;
 }
 
@@ -402,7 +403,6 @@ int safe_atoi(const char *s, int *ret_i) {
         long l;
 
         assert(s);
-        assert(ret_i);
 
         errno = 0;
         l = strtol(s, &x, 0);
@@ -413,7 +413,9 @@ int safe_atoi(const char *s, int *ret_i) {
         if ((long) (int) l != l)
                 return -ERANGE;
 
-        *ret_i = (int) l;
+        if (ret_i)
+                *ret_i = (int) l;
+
         return 0;
 }
 
@@ -422,7 +424,6 @@ int safe_atollu(const char *s, long long unsigned *ret_llu) {
         unsigned long long l;
 
         assert(s);
-        assert(ret_llu);
 
         s += strspn(s, WHITESPACE);
 
@@ -435,7 +436,9 @@ int safe_atollu(const char *s, long long unsigned *ret_llu) {
         if (*s == '-')
                 return -ERANGE;
 
-        *ret_llu = l;
+        if (ret_llu)
+                *ret_llu = l;
+
         return 0;
 }
 
@@ -444,7 +447,6 @@ int safe_atolli(const char *s, long long int *ret_lli) {
         long long l;
 
         assert(s);
-        assert(ret_lli);
 
         errno = 0;
         l = strtoll(s, &x, 0);
@@ -453,7 +455,9 @@ int safe_atolli(const char *s, long long int *ret_lli) {
         if (!x || x == s || *x != 0)
                 return -EINVAL;
 
-        *ret_lli = l;
+        if (ret_lli)
+                *ret_lli = l;
+
         return 0;
 }
 
@@ -462,7 +466,6 @@ int safe_atou8(const char *s, uint8_t *ret) {
         unsigned long l;
 
         assert(s);
-        assert(ret);
 
         s += strspn(s, WHITESPACE);
 
@@ -477,7 +480,8 @@ int safe_atou8(const char *s, uint8_t *ret) {
         if ((unsigned long) (uint8_t) l != l)
                 return -ERANGE;
 
-        *ret = (uint8_t) l;
+        if (ret)
+                *ret = (uint8_t) l;
         return 0;
 }
 
@@ -511,7 +515,6 @@ int safe_atoi16(const char *s, int16_t *ret) {
         long l;
 
         assert(s);
-        assert(ret);
 
         errno = 0;
         l = strtol(s, &x, 0);
@@ -522,7 +525,9 @@ int safe_atoi16(const char *s, int16_t *ret) {
         if ((long) (int16_t) l != l)
                 return -ERANGE;
 
-        *ret = (int16_t) l;
+        if (ret)
+                *ret = (int16_t) l;
+
         return 0;
 }
 
@@ -533,7 +538,6 @@ int safe_atod(const char *s, double *ret_d) {
         double d = 0;
 
         assert(s);
-        assert(ret_d);
 
         loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t) 0);
         if (loc == (locale_t) 0)
@@ -546,7 +550,9 @@ int safe_atod(const char *s, double *ret_d) {
         if (!x || x == s || *x != 0)
                 return -EINVAL;
 
-        *ret_d = (double) d;
+        if (ret_d)
+                *ret_d = (double) d;
+
         return 0;
 }
 
diff --git a/shared/systemd/src/basic/path-util.c b/shared/systemd/src/basic/path-util.c
index 5bcc35e5dd..4250ea1872 100644
--- a/shared/systemd/src/basic/path-util.c
+++ b/shared/systemd/src/basic/path-util.c
@@ -540,6 +540,7 @@ bool path_equal(const char *a, const char *b) {
 bool path_equal_or_files_same(const char *a, const char *b, int flags) {
         return path_equal(a, b) || files_same(a, b, flags) > 0;
 }
+#endif /* NM_IGNORED */
 
 char* path_join_internal(const char *first, ...) {
         char *joined, *q;
@@ -599,6 +600,7 @@ char* path_join_internal(const char *first, ...) {
         return joined;
 }
 
+#if 0 /* NM_IGNORED */
 int find_binary(const char *name, char **ret) {
         int last_error, r;
         const char *p;
diff --git a/shared/systemd/src/basic/process-util.c b/shared/systemd/src/basic/process-util.c
index 1456167063..deba989a46 100644
--- a/shared/systemd/src/basic/process-util.c
+++ b/shared/systemd/src/basic/process-util.c
@@ -44,6 +44,7 @@
 #include "rlimit-util.h"
 #include "signal-util.h"
 #include "stat-util.h"
+#include "stdio-util.h"
 #include "string-table.h"
 #include "string-util.h"
 #include "terminal-util.h"
@@ -1347,6 +1348,12 @@ int safe_fork_full(
                         log_full_errno(prio, r, "Failed to connect stdin/stdout to /dev/null: %m");
                         _exit(EXIT_FAILURE);
                 }
+
+        } else if (flags & FORK_STDOUT_TO_STDERR) {
+                if (dup2(STDERR_FILENO, STDOUT_FILENO) < 0) {
+                        log_full_errno(prio, errno, "Failed to connect stdout to stderr: %m");
+                        _exit(EXIT_FAILURE);
+                }
         }
 
         if (flags & FORK_RLIMIT_NOFILE_SAFE) {
@@ -1498,6 +1505,38 @@ int set_oom_score_adjust(int value) {
                                  WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER);
 }
 
+int pidfd_get_pid(int fd, pid_t *ret) {
+        char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
+        _cleanup_free_ char *fdinfo = NULL;
+        char *p;
+        int r;
+
+        if (fd < 0)
+                return -EBADF;
+
+        xsprintf(path, "/proc/self/fdinfo/%i", fd);
+
+        r = read_full_file(path, &fdinfo, NULL);
+        if (r == -ENOENT) /* if fdinfo doesn't exist we assume the process does not exist */
+                return -ESRCH;
+        if (r < 0)
+                return r;
+
+        p = startswith(fdinfo, "Pid:");
+        if (!p) {
+                p = strstr(fdinfo, "\nPid:");
+                if (!p)
+                        return -ENOTTY; /* not a pidfd? */
+
+                p += 5;
+        }
+
+        p += strspn(p, WHITESPACE);
+        p[strcspn(p, WHITESPACE)] = 0;
+
+        return parse_pid(p, ret);
+}
+
 static const char *const ioprio_class_table[] = {
         [IOPRIO_CLASS_NONE] = "none",
         [IOPRIO_CLASS_RT] = "realtime",
diff --git a/shared/systemd/src/basic/process-util.h b/shared/systemd/src/basic/process-util.h
index 66853c6e8d..cb96b43f21 100644
--- a/shared/systemd/src/basic/process-util.h
+++ b/shared/systemd/src/basic/process-util.h
@@ -149,16 +149,17 @@ void reset_cached_pid(void);
 int must_be_root(void);
 
 typedef enum ForkFlags {
-        FORK_RESET_SIGNALS      = 1 << 0, /* Reset all signal handlers and signal mask */
-        FORK_CLOSE_ALL_FDS      = 1 << 1, /* Close all open file descriptors in the child, except for 0,1,2 */
-        FORK_DEATHSIG           = 1 << 2, /* Set PR_DEATHSIG in the child */
-        FORK_NULL_STDIO         = 1 << 3, /* Connect 0,1,2 to /dev/null */
-        FORK_REOPEN_LOG         = 1 << 4, /* Reopen log connection */
-        FORK_LOG                = 1 << 5, /* Log above LOG_DEBUG log level about failures */
-        FORK_WAIT               = 1 << 6, /* Wait until child exited */
-        FORK_NEW_MOUNTNS        = 1 << 7, /* Run child in its own mount namespace */
-        FORK_MOUNTNS_SLAVE      = 1 << 8, /* Make child's mount namespace MS_SLAVE */
-        FORK_RLIMIT_NOFILE_SAFE = 1 << 9, /* Set RLIMIT_NOFILE soft limit to 1K for select() compat */
+        FORK_RESET_SIGNALS      = 1 <<  0, /* Reset all signal handlers and signal mask */
+        FORK_CLOSE_ALL_FDS      = 1 <<  1, /* Close all open file descriptors in the child, except for 0,1,2 */
+        FORK_DEATHSIG           = 1 <<  2, /* Set PR_DEATHSIG in the child */
+        FORK_NULL_STDIO         = 1 <<  3, /* Connect 0,1,2 to /dev/null */
+        FORK_REOPEN_LOG         = 1 <<  4, /* Reopen log connection */
+        FORK_LOG                = 1 <<  5, /* Log above LOG_DEBUG log level about failures */
+        FORK_WAIT               = 1 <<  6, /* Wait until child exited */
+        FORK_NEW_MOUNTNS        = 1 <<  7, /* Run child in its own mount namespace */
+        FORK_MOUNTNS_SLAVE      = 1 <<  8, /* Make child's mount namespace MS_SLAVE */
+        FORK_RLIMIT_NOFILE_SAFE = 1 <<  9, /* Set RLIMIT_NOFILE soft limit to 1K for select() compat */
+        FORK_STDOUT_TO_STDERR   = 1 << 10, /* Make stdout a copy of stderr */
 } ForkFlags;
 
 int safe_fork_full(const char *name, const int except_fds[], size_t n_except_fds, ForkFlags flags, pid_t *ret_pid);
@@ -199,3 +200,5 @@ assert_cc(TASKS_MAX <= (unsigned long) PID_T_MAX);
                 (pid) = 0;                      \
                 _pid_;                          \
         })
+
+int pidfd_get_pid(int fd, pid_t *ret);
diff --git a/shared/systemd/src/basic/signal-util.c b/shared/systemd/src/basic/signal-util.c
new file mode 100644
index 0000000000..a4b8163c0f
--- /dev/null
+++ b/shared/systemd/src/basic/signal-util.c
@@ -0,0 +1,308 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "nm-sd-adapt-shared.h"
+
+#include <errno.h>
+#include <stdarg.h>
+
+#include "macro.h"
+#include "parse-util.h"
+#include "signal-util.h"
+#include "stdio-util.h"
+#include "string-table.h"
+#include "string-util.h"
+
+#if 0 /* NM_IGNORED */
+int reset_all_signal_handlers(void) {
+        static const struct sigaction sa = {
+                .sa_handler = SIG_DFL,
+                .sa_flags = SA_RESTART,
+        };
+        int sig, r = 0;
+
+        for (sig = 1; sig < _NSIG; sig++) {
+
+                /* These two cannot be caught... */
+                if (IN_SET(sig, SIGKILL, SIGSTOP))
+                        continue;
+
+                /* On Linux the first two RT signals are reserved by
+                 * glibc, and sigaction() will return EINVAL for them. */
+                if (sigaction(sig, &sa, NULL) < 0)
+                        if (errno != EINVAL && r >= 0)
+                                r = -errno;
+        }
+
+        return r;
+}
+
+int reset_signal_mask(void) {
+        sigset_t ss;
+
+        if (sigemptyset(&ss) < 0)
+                return -errno;
+
+        if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static int sigaction_many_ap(const struct sigaction *sa, int sig, va_list ap) {
+        int r = 0;
+
+        /* negative signal ends the list. 0 signal is skipped. */
+
+        if (sig < 0)
+                return 0;
+
+        if (sig > 0) {
+                if (sigaction(sig, sa, NULL) < 0)
+                        r = -errno;
+        }
+
+        while ((sig = va_arg(ap, int)) >= 0) {
+
+                if (sig == 0)
+                        continue;
+
+                if (sigaction(sig, sa, NULL) < 0) {
+                        if (r >= 0)
+                                r = -errno;
+                }
+        }
+
+        return r;
+}
+
+int sigaction_many(const struct sigaction *sa, ...) {
+        va_list ap;
+        int r;
+
+        va_start(ap, sa);
+        r = sigaction_many_ap(sa, 0, ap);
+        va_end(ap);
+
+        return r;
+}
+
+int ignore_signals(int sig, ...) {
+
+        static const struct sigaction sa = {
+                .sa_handler = SIG_IGN,
+                .sa_flags = SA_RESTART,
+        };
+
+        va_list ap;
+        int r;
+
+        va_start(ap, sig);
+        r = sigaction_many_ap(&sa, sig, ap);
+        va_end(ap);
+
+        return r;
+}
+
+int default_signals(int sig, ...) {
+
+        static const struct sigaction sa = {
+                .sa_handler = SIG_DFL,
+                .sa_flags = SA_RESTART,
+        };
+
+        va_list ap;
+        int r;
+
+        va_start(ap, sig);
+        r = sigaction_many_ap(&sa, sig, ap);
+        va_end(ap);
+
+        return r;
+}
+
+static int sigset_add_many_ap(sigset_t *ss, va_list ap) {
+        int sig, r = 0;
+
+        assert(ss);
+
+        while ((sig = va_arg(ap, int)) >= 0) {
+
+                if (sig == 0)
+                        continue;
+
+                if (sigaddset(ss, sig) < 0) {
+                        if (r >= 0)
+                                r = -errno;
+                }
+        }
+
+        return r;
+}
+
+int sigset_add_many(sigset_t *ss, ...) {
+        va_list ap;
+        int r;
+
+        va_start(ap, ss);
+        r = sigset_add_many_ap(ss, ap);
+        va_end(ap);
+
+        return r;
+}
+
+int sigprocmask_many(int how, sigset_t *old, ...) {
+        va_list ap;
+        sigset_t ss;
+        int r;
+
+        if (sigemptyset(&ss) < 0)
+                return -errno;
+
+        va_start(ap, old);
+        r = sigset_add_many_ap(&ss, ap);
+        va_end(ap);
+
+        if (r < 0)
+                return r;
+
+        if (sigprocmask(how, &ss, old) < 0)
+                return -errno;
+
+        return 0;
+}
+
+static const char *const __signal_table[] = {
+        [SIGHUP] = "HUP",
+        [SIGINT] = "INT",
+        [SIGQUIT] = "QUIT",
+        [SIGILL] = "ILL",
+        [SIGTRAP] = "TRAP",
+        [SIGABRT] = "ABRT",
+        [SIGBUS] = "BUS",
+        [SIGFPE] = "FPE",
+        [SIGKILL] = "KILL",
+        [SIGUSR1] = "USR1",
+        [SIGSEGV] = "SEGV",
+        [SIGUSR2] = "USR2",
+        [SIGPIPE] = "PIPE",
+        [SIGALRM] = "ALRM",
+        [SIGTERM] = "TERM",
+#ifdef SIGSTKFLT
+        [SIGSTKFLT] = "STKFLT",  /* Linux on SPARC doesn't know SIGSTKFLT */
+#endif
+        [SIGCHLD] = "CHLD",
+        [SIGCONT] = "CONT",
+        [SIGSTOP] = "STOP",
+        [SIGTSTP] = "TSTP",
+        [SIGTTIN] = "TTIN",
+        [SIGTTOU] = "TTOU",
+        [SIGURG] = "URG",
+        [SIGXCPU] = "XCPU",
+        [SIGXFSZ] = "XFSZ",
+        [SIGVTALRM] = "VTALRM",
+        [SIGPROF] = "PROF",
+        [SIGWINCH] = "WINCH",
+        [SIGIO] = "IO",
+        [SIGPWR] = "PWR",
+        [SIGSYS] = "SYS"
+};
+
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP(__signal, int);
+
+const char *signal_to_string(int signo) {
+        static thread_local char buf[STRLEN("RTMIN+") + DECIMAL_STR_MAX(int) + 1];
+        const char *name;
+
+        name = __signal_to_string(signo);
+        if (name)
+                return name;
+
+        if (signo >= SIGRTMIN && signo <= SIGRTMAX)
+                xsprintf(buf, "RTMIN+%d", signo - SIGRTMIN);
+        else
+                xsprintf(buf, "%d", signo);
+
+        return buf;
+}
+
+int signal_from_string(const char *s) {
+        const char *p;
+        int signo, r;
+
+        /* Check that the input is a signal number. */
+        if (safe_atoi(s, &signo) >= 0) {
+                if (SIGNAL_VALID(signo))
+                        return signo;
+                else
+                        return -ERANGE;
+        }
+
+        /* Drop "SIG" prefix. */
+        if (startswith(s, "SIG"))
+                s += 3;
+
+        /* Check that the input is a signal name. */
+        signo = __signal_from_string(s);
+        if (signo > 0)
+                return signo;
+
+        /* Check that the input is RTMIN or
+         * RTMIN+n (0 <= n <= SIGRTMAX-SIGRTMIN). */
+        p = startswith(s, "RTMIN");
+        if (p) {
+                if (*p == '\0')
+                        return SIGRTMIN;
+                if (*p != '+')
+                        return -EINVAL;
+
+                r = safe_atoi(p, &signo);
+                if (r < 0)
+                        return r;
+
+                if (signo < 0 || signo > SIGRTMAX - SIGRTMIN)
+                        return -ERANGE;
+
+                return signo + SIGRTMIN;
+        }
+
+        /* Check that the input is RTMAX or
+         * RTMAX-n (0 <= n <= SIGRTMAX-SIGRTMIN). */
+        p = startswith(s, "RTMAX");
+        if (p) {
+                if (*p == '\0')
+                        return SIGRTMAX;
+                if (*p != '-')
+                        return -EINVAL;
+
+                r = safe_atoi(p, &signo);
+                if (r < 0)
+                        return r;
+
+                if (signo > 0 || signo < SIGRTMIN - SIGRTMAX)
+                        return -ERANGE;
+
+                return signo + SIGRTMAX;
+        }
+
+        return -EINVAL;
+}
+
+void nop_signal_handler(int sig) {
+        /* nothing here */
+}
+#endif /* NM_IGNORED */
+
+int signal_is_blocked(int sig) {
+        sigset_t ss;
+        int r;
+
+        r = pthread_sigmask(SIG_SETMASK, NULL, &ss);
+        if (r != 0)
+                return -r;
+
+        r = sigismember(&ss, sig);
+        if (r < 0)
+                return -errno;
+
+        return r;
+}
diff --git a/shared/systemd/src/basic/signal-util.h b/shared/systemd/src/basic/signal-util.h
index 92f2804cd2..3909ee341d 100644
--- a/shared/systemd/src/basic/signal-util.h
+++ b/shared/systemd/src/basic/signal-util.h
@@ -41,3 +41,5 @@ static inline const char* signal_to_string_with_check(int n) {
 
         return signal_to_string(n);
 }
+
+int signal_is_blocked(int sig);
diff --git a/shared/systemd/src/basic/stat-util.c b/shared/systemd/src/basic/stat-util.c
index 071050f2e4..848812cd0f 100644
--- a/shared/systemd/src/basic/stat-util.c
+++ b/shared/systemd/src/basic/stat-util.c
@@ -31,6 +31,7 @@ int is_symlink(const char *path) {
 
         return !!S_ISLNK(info.st_mode);
 }
+#endif /* NM_IGNORED */
 
 int is_dir(const char* path, bool follow) {
         struct stat st;
@@ -48,6 +49,7 @@ int is_dir(const char* path, bool follow) {
         return !!S_ISDIR(st.st_mode);
 }
 
+#if 0 /* NM_IGNORED */
 int is_dir_fd(int fd) {
         struct stat st;
 
diff --git a/shared/systemd/src/basic/string-util.c b/shared/systemd/src/basic/string-util.c
index 3d2feb181b..38cccdaf05 100644
--- a/shared/systemd/src/basic/string-util.c
+++ b/shared/systemd/src/basic/string-util.c
@@ -1072,3 +1072,15 @@ bool string_is_safe(const char *p) {
 
         return true;
 }
+
+#if 0 /* NM_IGNORED */
+char* string_erase(char *x) {
+        if (!x)
+                return NULL;
+
+        /* A delicious drop of snake-oil! To be called on memory where we stored passphrases or so, after we
+         * used them. */
+        explicit_bzero_safe(x, strlen(x));
+        return x;
+}
+#endif /* NM_IGNORED */
diff --git a/shared/systemd/src/basic/string-util.h b/shared/systemd/src/basic/string-util.h
index 04cc82b386..f10af9ad2f 100644
--- a/shared/systemd/src/basic/string-util.h
+++ b/shared/systemd/src/basic/string-util.h
@@ -278,3 +278,5 @@ static inline char* str_realloc(char **p) {
 
         return (*p = t);
 }
+
+char* string_erase(char *x);
diff --git a/shared/systemd/src/basic/strv.c b/shared/systemd/src/basic/strv.c
index aa46713264..b773254bab 100644
--- a/shared/systemd/src/basic/strv.c
+++ b/shared/systemd/src/basic/strv.c
@@ -195,7 +195,10 @@ int strv_extend_strv(char ***a, char **b, bool filter_duplicates) {
         p = strv_length(*a);
         q = strv_length(b);
 
-        t = reallocarray(*a, p + q + 1, sizeof(char *));
+        if (p >= SIZE_MAX - q)
+                return -ENOMEM;
+
+        t = reallocarray(*a, GREEDY_ALLOC_ROUND_UP(p + q + 1), sizeof(char *));
         if (!t)
                 return -ENOMEM;
 
@@ -389,19 +392,18 @@ char *strv_join_prefix(char **l, const char *separator, const char *prefix) {
 
 int strv_push(char ***l, char *value) {
         char **c;
-        size_t n, m;
+        size_t n;
 
         if (!value)
                 return 0;
 
         n = strv_length(*l);
 
-        /* Increase and check for overflow */
-        m = n + 2;
-        if (m < n)
+        /* Check for overflow */
+        if (n > SIZE_MAX-2)
                 return -ENOMEM;
 
-        c = reallocarray(*l, m, sizeof(char*));
+        c = reallocarray(*l, GREEDY_ALLOC_ROUND_UP(n + 2), sizeof(char*));
         if (!c)
                 return -ENOMEM;
 
@@ -414,19 +416,19 @@ int strv_push(char ***l, char *value) {
 
 int strv_push_pair(char ***l, char *a, char *b) {
         char **c;
-        size_t n, m;
+        size_t n;
 
         if (!a && !b)
                 return 0;
 
         n = strv_length(*l);
 
-        /* increase and check for overflow */
-        m = n + !!a + !!b + 1;
-        if (m < n)
+        /* Check for overflow */
+        if (n > SIZE_MAX-3)
                 return -ENOMEM;
 
-        c = reallocarray(*l, m, sizeof(char*));
+        /* increase and check for overflow */
+        c = reallocarray(*l, GREEDY_ALLOC_ROUND_UP(n + !!a + !!b + 1), sizeof(char*));
         if (!c)
                 return -ENOMEM;
 
@@ -856,8 +858,10 @@ int strv_extend_n(char ***l, const char *value, size_t n) {
         /* Adds the value n times to l */
 
         k = strv_length(*l);
+        if (n >= SIZE_MAX - k)
+                return -ENOMEM;
 
-        nl = reallocarray(*l, k + n + 1, sizeof(char *));
+        nl = reallocarray(*l, GREEDY_ALLOC_ROUND_UP(k + n + 1), sizeof(char *));
         if (!nl)
                 return -ENOMEM;
 
diff --git a/shared/systemd/src/basic/tmpfile-util.c b/shared/systemd/src/basic/tmpfile-util.c
index d8a689e08d..83c69205e8 100644
--- a/shared/systemd/src/basic/tmpfile-util.c
+++ b/shared/systemd/src/basic/tmpfile-util.c
@@ -21,50 +21,60 @@
 #include "tmpfile-util.h"
 #include "umask-util.h"
 
-int fopen_temporary(const char *path, FILE **_f, char **_temp_path) {
-        FILE *f;
-        char *t;
-        int r, fd;
+int fopen_temporary(const char *path, FILE **ret_f, char **ret_temp_path) {
+        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_free_ char *t = NULL;
+        _cleanup_close_ int fd = -1;
+        int r;
 
-        assert(path);
-        assert(_f);
-        assert(_temp_path);
+        if (path) {
+                r = tempfn_xxxxxx(path, NULL, &t);
+                if (r < 0)
+                        return r;
+        } else {
+                const char *d;
 
-        r = tempfn_xxxxxx(path, NULL, &t);
-        if (r < 0)
-                return r;
+                r = tmp_dir(&d);
+                if (r < 0)
+                        return r;
+
+                t = path_join(d, "XXXXXX");
+                if (!t)
+                        return -ENOMEM;
+        }
 
         fd = mkostemp_safe(t);
-        if (fd < 0) {
-                free(t);
+        if (fd < 0)
                 return -errno;
-        }
 
         /* This assumes that returned FILE object is short-lived and used within the same single-threaded
          * context and never shared externally, hence locking is not necessary. */
 
         r = fdopen_unlocked(fd, "w", &f);
         if (r < 0) {
-                unlink(t);
-                free(t);
-                safe_close(fd);
+                (void) unlink(t);
                 return r;
         }
 
-        *_f = f;
-        *_temp_path = t;
+        TAKE_FD(fd);
+
+        if (ret_f)
+                *ret_f = TAKE_PTR(f);
+
+        if (ret_temp_path)
+                *ret_temp_path = TAKE_PTR(t);
 
         return 0;
 }
 
 /* This is much like mkostemp() but is subject to umask(). */
 int mkostemp_safe(char *pattern) {
-        _unused_ _cleanup_umask_ mode_t u = umask(0077);
-        int fd;
+        int fd = -1; /* avoid false maybe-uninitialized warning */
 
         assert(pattern);
 
-        fd = mkostemp(pattern, O_CLOEXEC);
+        RUN_WITH_UMASK(0077)
+                fd = mkostemp(pattern, O_CLOEXEC);
         if (fd < 0)
                 return -errno;
 
diff --git a/src/devices/bluetooth/nm-bluez5-dun.c b/src/devices/bluetooth/nm-bluez5-dun.c
index af463d1ab8..3ddfb0ef44 100644
--- a/src/devices/bluetooth/nm-bluez5-dun.c
+++ b/src/devices/bluetooth/nm-bluez5-dun.c
@@ -145,7 +145,7 @@ _connect_open_tty_retry_cb (gpointer user_data)
 	if (r >= 0)
 		return G_SOURCE_REMOVE;
 
-	if (nm_utils_get_monotonic_timestamp_ns () > context->cdat->connect_open_tty_started_at + (30 * 100 * NM_UTILS_NS_PER_MSEC)) {
+	if (nm_utils_get_monotonic_timestamp_nsec () > context->cdat->connect_open_tty_started_at + (30 * 100 * NM_UTILS_NSEC_PER_MSEC)) {
 		gs_free_error GError *error = NULL;
 
 		context->cdat->source_id = 0;
@@ -179,7 +179,7 @@ _connect_open_tty (NMBluez5DunContext *context)
 			       context->rfcomm_tty_no,
 			       nm_strerror_native (errsv),
 			       errsv);
-			context->cdat->connect_open_tty_started_at = nm_utils_get_monotonic_timestamp_ns ();
+			context->cdat->connect_open_tty_started_at = nm_utils_get_monotonic_timestamp_nsec ();
 			context->cdat->source_id = g_timeout_add (100,
 			                                          _connect_open_tty_retry_cb,
 			                                          context);
diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c
index 6b80c4ed49..c7c42eaa27 100644
--- a/src/devices/nm-device-ethernet.c
+++ b/src/devices/nm-device-ethernet.c
@@ -920,7 +920,7 @@ act_stage1_prepare (NMDevice *device, NMDeviceStateReason *out_failure_reason)
 	 * otherwise after restart the device won't work for the first seconds.
 	 */
 	if (priv->last_pppoe_time != 0) {
-		gint32 delay = nm_utils_get_monotonic_timestamp_s () - priv->last_pppoe_time;
+		gint32 delay = nm_utils_get_monotonic_timestamp_sec () - priv->last_pppoe_time;
 
 		if (   delay < PPPOE_RECONNECT_DELAY
 		    && nm_device_get_applied_setting (device, NM_TYPE_SETTING_PPPOE)) {
@@ -1468,7 +1468,7 @@ deactivate (NMDevice *device)
 
 	/* Set last PPPoE connection time */
 	if (nm_device_get_applied_setting (device, NM_TYPE_SETTING_PPPOE))
-		priv->last_pppoe_time = nm_utils_get_monotonic_timestamp_s ();
+		priv->last_pppoe_time = nm_utils_get_monotonic_timestamp_sec ();
 }
 
 static gboolean
diff --git a/src/devices/nm-device-wireguard.c b/src/devices/nm-device-wireguard.c
index c916fa4658..a5fce0a604 100644
--- a/src/devices/nm-device-wireguard.c
+++ b/src/devices/nm-device-wireguard.c
@@ -51,7 +51,7 @@ G_STATIC_ASSERT (NM_WIREGUARD_SYMMETRIC_KEY_LEN == NMP_WIREGUARD_SYMMETRIC_KEY_L
 
 /*****************************************************************************/
 
-#define LINK_CONFIG_RATE_LIMIT_NSEC (50 * NM_UTILS_NS_PER_MSEC)
+#define LINK_CONFIG_RATE_LIMIT_NSEC (50 * NM_UTILS_NSEC_PER_MSEC)
 
 /* a special @next_try_at_nsec timestamp indicating that we should try again as soon as possible. */
 #define NEXT_TRY_AT_NSEC_ASAP ((gint64) G_MAXINT64)
@@ -80,7 +80,7 @@ typedef struct {
 
 	NMSockAddrUnion sockaddr;
 
-	/* the timestamp (in nm_utils_get_monotonic_timestamp_ns() scale) when we want
+	/* the timestamp (in nm_utils_get_monotonic_timestamp_nsec() scale) when we want
 	 * to retry resolving the endpoint (again).
 	 *
 	 * It may be set to %NEXT_TRY_AT_NSEC_ASAP to indicate to re-resolve as soon as possible.
@@ -555,7 +555,7 @@ _peers_resolve_retry_timeout (gpointer user_data)
 
 	_LOGT (LOGD_DEVICE, "wireguard-peers: rechecking peer endpoints...");
 
-	now = nm_utils_get_monotonic_timestamp_ns ();
+	now = nm_utils_get_monotonic_timestamp_nsec ();
 	next = G_MAXINT64;
 	c_list_for_each_entry (peer_data, &priv->lst_peers_head, lst_peers) {
 		if (peer_data->ep_resolv.next_try_at_nsec <= 0)
@@ -606,11 +606,11 @@ _peers_resolve_retry_reschedule (NMDeviceWireGuard *self,
 		return;
 	}
 
-	now = nm_utils_get_monotonic_timestamp_ns ();
+	now = nm_utils_get_monotonic_timestamp_nsec ();
 
 	/* schedule at most one day ahead. No problem if we expire earlier
 	 * than expected. Also, rate-limit to 500 msec. */
-	interval_ms = NM_CLAMP ((new_next_try_at_nsec - now) / NM_UTILS_NS_PER_MSEC,
+	interval_ms = NM_CLAMP ((new_next_try_at_nsec - now) / NM_UTILS_NSEC_PER_MSEC,
 	                        (gint64) 500,
 	                        (gint64) (24*60*60*1000));
 
@@ -636,8 +636,8 @@ _peers_resolve_retry_reschedule_for_peer (NMDeviceWireGuard *self,
 		return;
 	}
 
-	peer_data->ep_resolv.next_try_at_nsec =   nm_utils_get_monotonic_timestamp_ns ()
-	                                        + (retry_in_msec * NM_UTILS_NS_PER_MSEC);
+	peer_data->ep_resolv.next_try_at_nsec =   nm_utils_get_monotonic_timestamp_nsec ()
+	                                        + (retry_in_msec * NM_UTILS_NSEC_PER_MSEC);
 	_peers_resolve_retry_reschedule (self, peer_data->ep_resolv.next_try_at_nsec);
 }
 
@@ -1370,7 +1370,7 @@ link_config (NMDeviceWireGuard *self,
 	s_wg = NM_SETTING_WIREGUARD (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIREGUARD));
 	g_return_val_if_fail (s_wg, NM_ACT_STAGE_RETURN_FAILURE);
 
-	priv->link_config_last_at = nm_utils_get_monotonic_timestamp_ns ();
+	priv->link_config_last_at = nm_utils_get_monotonic_timestamp_nsec ();
 
 	_LOGT (LOGD_DEVICE, "wireguard link config (%s, %s)...",
 	       reason, _link_config_mode_to_string (config_mode));
@@ -1475,12 +1475,12 @@ link_config_delayed (NMDeviceWireGuard *self,
 	priv->link_config_delayed_id = 0;
 
 	if (priv->link_config_last_at != 0) {
-		now = nm_utils_get_monotonic_timestamp_ns ();
+		now = nm_utils_get_monotonic_timestamp_nsec ();
 		if (now < priv->link_config_last_at + LINK_CONFIG_RATE_LIMIT_NSEC) {
 			/* we ratelimit calls to link_config(), because we call this whenever a resolver
 			 * completes. */
 			_LOGT (LOGD_DEVICE, "wireguard link config (%s) (postponed)", reason);
-			priv->link_config_delayed_id = g_timeout_add (NM_MAX ((priv->link_config_last_at + LINK_CONFIG_RATE_LIMIT_NSEC - now) / NM_UTILS_NS_PER_MSEC,
+			priv->link_config_delayed_id = g_timeout_add (NM_MAX ((priv->link_config_last_at + LINK_CONFIG_RATE_LIMIT_NSEC - now) / NM_UTILS_NSEC_PER_MSEC,
 			                                                      (gint64) 1),
 			                                              link_config_delayed_ratelimit_cb,
 			                                              self);
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index e7a4a059a0..56858f859e 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -2641,17 +2641,17 @@ concheck_periodic_schedule_do (NMDevice *self, int addr_family, gint64 now_ns)
 	 * Before calling concheck_periodic_schedule_do(), make sure that these properties are
 	 * correct. */
 
-	expiry = priv->concheck_x[IS_IPv4].p_cur_basetime_ns + (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NS_PER_SECOND);
+	expiry = priv->concheck_x[IS_IPv4].p_cur_basetime_ns + (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NSEC_PER_SEC);
 	tdiff = expiry - now_ns;
 
 	_LOGT (LOGD_CONCHECK, "connectivity: [IPv%c] periodic-check: %sscheduled in %lld milliseconds (%u seconds interval)",
 	       nm_utils_addr_family_to_char (addr_family),
 	       periodic_check_disabled ? "re-" : "",
-	       (long long) (tdiff / NM_UTILS_NS_PER_MSEC),
+	       (long long) (tdiff / NM_UTILS_NSEC_PER_MSEC),
 	       priv->concheck_x[IS_IPv4].p_cur_interval);
 
 	priv->concheck_x[IS_IPv4].p_cur_id =
-		g_timeout_add (NM_MAX ((gint64) 0, tdiff) / NM_UTILS_NS_PER_MSEC,
+		g_timeout_add (NM_MAX ((gint64) 0, tdiff) / NM_UTILS_NSEC_PER_MSEC,
 	                       IS_IPv4 ? concheck_ip4_periodic_timeout_cb : concheck_ip6_periodic_timeout_cb,
 	                       self);
 	return TRUE;
@@ -2713,7 +2713,7 @@ concheck_periodic_schedule_set (NMDevice *self, int addr_family, ConcheckSchedul
 			return;
 		}
 
-		cur_expiry = priv->concheck_x[IS_IPv4].p_cur_basetime_ns + (priv->concheck_x[IS_IPv4].p_max_interval * NM_UTILS_NS_PER_SECOND);
+		cur_expiry = priv->concheck_x[IS_IPv4].p_cur_basetime_ns + (priv->concheck_x[IS_IPv4].p_max_interval * NM_UTILS_NSEC_PER_SEC);
 		nm_utils_get_monotonic_timestamp_ns_cached (&now_ns);
 
 		priv->concheck_x[IS_IPv4].p_cur_interval = priv->concheck_x[IS_IPv4].p_max_interval;
@@ -2769,10 +2769,10 @@ concheck_periodic_schedule_set (NMDevice *self, int addr_family, ConcheckSchedul
 		 *
 		 * We want to reschedule the timeout at exp_expiry (aka now) + cur_interval. */
 		nm_utils_get_monotonic_timestamp_ns_cached (&now_ns);
-		exp_expiry = priv->concheck_x[IS_IPv4].p_cur_basetime_ns + (old_interval * NM_UTILS_NS_PER_SECOND);
-		new_expiry = exp_expiry + (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NS_PER_SECOND);
+		exp_expiry = priv->concheck_x[IS_IPv4].p_cur_basetime_ns + (old_interval * NM_UTILS_NSEC_PER_SEC);
+		new_expiry = exp_expiry + (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NSEC_PER_SEC);
 		tdiff = NM_MAX (new_expiry - now_ns, 0);
-		priv->concheck_x[IS_IPv4].p_cur_basetime_ns = (now_ns + tdiff) - (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NS_PER_SECOND);
+		priv->concheck_x[IS_IPv4].p_cur_basetime_ns = (now_ns + tdiff) - (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NSEC_PER_SEC);
 		if (concheck_periodic_schedule_do (self, addr_family, now_ns)) {
 			handle = concheck_start (self, addr_family, NULL, NULL, TRUE);
 			if (old_interval != priv->concheck_x[IS_IPv4].p_cur_interval) {
@@ -2806,9 +2806,9 @@ concheck_periodic_schedule_set (NMDevice *self, int addr_family, ConcheckSchedul
 	 * last check, instead of counting from now. The reason is that we want that the times
 	 * when we schedule checks be at precise intervals, without including the time it took for
 	 * the connectivity check. */
-	new_expiry = priv->concheck_x[IS_IPv4].p_cur_basetime_ns + (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NS_PER_SECOND);
+	new_expiry = priv->concheck_x[IS_IPv4].p_cur_basetime_ns + (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NSEC_PER_SEC);
 	tdiff = NM_MAX (new_expiry - nm_utils_get_monotonic_timestamp_ns_cached (&now_ns), 0);
-	priv->concheck_x[IS_IPv4].p_cur_basetime_ns = now_ns + tdiff - (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NS_PER_SECOND);
+	priv->concheck_x[IS_IPv4].p_cur_basetime_ns = now_ns + tdiff - (priv->concheck_x[IS_IPv4].p_cur_interval * NM_UTILS_NSEC_PER_SEC);
 	concheck_periodic_schedule_do (self, addr_family, now_ns);
 }
 
@@ -3646,7 +3646,7 @@ nm_device_set_carrier (NMDevice *self, gboolean carrier)
 		} else {
 			gint64 now_ms, until_ms;
 
-			now_ms = nm_utils_get_monotonic_timestamp_ms ();
+			now_ms = nm_utils_get_monotonic_timestamp_msec ();
 			until_ms = NM_MAX (now_ms + _get_carrier_wait_ms (self), priv->carrier_wait_until_ms);
 			priv->carrier_defer_id = g_timeout_add (until_ms - now_ms, carrier_disconnected_action_cb, self);
 			_LOGD (LOGD_DEVICE, "carrier: link disconnected (deferring action for %ld milliseconds) (id=%u)",
@@ -3742,7 +3742,7 @@ ndisc_set_router_config (NMNDisc *ndisc, NMDevice *self)
 	if (nm_ndisc_get_node_type (ndisc) != NM_NDISC_NODE_TYPE_ROUTER)
 		return;
 
-	now = nm_utils_get_monotonic_timestamp_s ();
+	now = nm_utils_get_monotonic_timestamp_sec ();
 
 	head_entry = nm_ip6_config_lookup_addresses (priv->ip_config_6);
 	addresses = g_array_sized_new (FALSE, TRUE, sizeof (NMNDiscAddress),
@@ -8920,7 +8920,7 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
 			duid_out = generate_duid_ll (arp_type, hwaddr_bin, hwaddr_len);
 		else {
 			duid_out = generate_duid_llt (arp_type, hwaddr_bin, hwaddr_len,
-			                              nm_utils_host_id_get_timestamp_ns () / NM_UTILS_NS_PER_SECOND);
+			                              nm_utils_host_id_get_timestamp_ns () / NM_UTILS_NSEC_PER_SEC);
 		}
 
 		goto out_good;
@@ -9015,7 +9015,7 @@ dhcp6_get_duid (NMDevice *self, NMConnection *connection, GBytes *hwaddr, gboole
 			 * before. Let's compute the time (in seconds) from 0 to 3 years; then we'll
 			 * subtract it from the host_id timestamp.
 			 */
-			time = nm_utils_host_id_get_timestamp_ns () / NM_UTILS_NS_PER_SECOND;
+			time = nm_utils_host_id_get_timestamp_ns () / NM_UTILS_NSEC_PER_SEC;
 
 			/* don't use too old timestamps. They cannot be expressed in DUID-LLT and
 			 * would all be truncated to zero. */
@@ -9785,7 +9785,7 @@ _commit_mtu (NMDevice *self, const NMIP4Config *config)
 				              ? "Are the MTU sizes of the slaves large enough?"
 				              : "Did you configure the MTU correctly?"));
 			}
-			priv->carrier_wait_until_ms = nm_utils_get_monotonic_timestamp_ms () + CARRIER_WAIT_TIME_AFTER_MTU_MS;
+			priv->carrier_wait_until_ms = nm_utils_get_monotonic_timestamp_msec () + CARRIER_WAIT_TIME_AFTER_MTU_MS;
 		}
 
 		if (ip6_mtu && ip6_mtu != _IP6_MTU_SYS ()) {
@@ -9801,7 +9801,7 @@ _commit_mtu (NMDevice *self, const NMIP4Config *config)
 				           : "");
 				success = FALSE;
 			}
-			priv->carrier_wait_until_ms = nm_utils_get_monotonic_timestamp_ms () + CARRIER_WAIT_TIME_AFTER_MTU_MS;
+			priv->carrier_wait_until_ms = nm_utils_get_monotonic_timestamp_msec () + CARRIER_WAIT_TIME_AFTER_MTU_MS;
 		}
 	}
 
@@ -12232,7 +12232,7 @@ _rt6_temporary_not_available_set (NMDevice *self,
 		                                                           nm_g_slice_free_fcn (IP6RoutesTemporaryNotAvailableData));
 	}
 
-	now_ms = nm_utils_get_monotonic_timestamp_ms ();
+	now_ms = nm_utils_get_monotonic_timestamp_msec ();
 	oldest_ms = now_ms;
 
 	for (i = 0; i < temporary_not_available->len; i++) {
@@ -13269,14 +13269,14 @@ nm_device_bring_up (NMDevice *self, gboolean block, gboolean *no_firmware)
 
 	device_is_up = nm_device_is_up (self);
 	if (block && !device_is_up) {
-		gint64 wait_until = nm_utils_get_monotonic_timestamp_us () + 10000 /* microseconds */;
+		gint64 wait_until = nm_utils_get_monotonic_timestamp_usec () + 10000 /* microseconds */;
 
 		do {
 			g_usleep (200);
 			if (!nm_platform_link_refresh (nm_device_get_platform (self), ifindex))
 				return FALSE;
 			device_is_up = nm_device_is_up (self);
-		} while (!device_is_up && nm_utils_get_monotonic_timestamp_us () < wait_until);
+		} while (!device_is_up && nm_utils_get_monotonic_timestamp_usec () < wait_until);
 	}
 
 	if (!device_is_up) {
@@ -13311,7 +13311,7 @@ nm_device_bring_up (NMDevice *self, gboolean block, gboolean *no_firmware)
 		if (!priv->carrier)
 			nm_device_add_pending_action (self, NM_PENDING_ACTION_CARRIER_WAIT, FALSE);
 
-		now_ms = nm_utils_get_monotonic_timestamp_ms ();
+		now_ms = nm_utils_get_monotonic_timestamp_msec ();
 		until_ms = NM_MAX (now_ms + _get_carrier_wait_ms (self), priv->carrier_wait_until_ms);
 		priv->carrier_wait_id = g_timeout_add (until_ms - now_ms, carrier_wait_timeout, self);
 	}
@@ -13354,14 +13354,14 @@ nm_device_take_down (NMDevice *self, gboolean block)
 
 	device_is_up = nm_device_is_up (self);
 	if (block && device_is_up) {
-		gint64 wait_until = nm_utils_get_monotonic_timestamp_us () + 10000 /* microseconds */;
+		gint64 wait_until = nm_utils_get_monotonic_timestamp_usec () + 10000 /* microseconds */;
 
 		do {
 			g_usleep (200);
 			if (!nm_platform_link_refresh (nm_device_get_platform (self), ifindex))
 				return;
 			device_is_up = nm_device_is_up (self);
-		} while (device_is_up && nm_utils_get_monotonic_timestamp_us () < wait_until);
+		} while (device_is_up && nm_utils_get_monotonic_timestamp_usec () < wait_until);
 	}
 
 	if (device_is_up) {
@@ -15153,7 +15153,7 @@ nm_device_cleanup (NMDevice *self, NMDeviceStateReason reason, CleanupType clean
 			       (guint) priv->mtu_initial, (guint) priv->ip6_mtu_initial, ifindex);
 			if (priv->mtu_initial) {
 				nm_platform_link_set_mtu (nm_device_get_platform (self), ifindex, priv->mtu_initial);
-				priv->carrier_wait_until_ms = nm_utils_get_monotonic_timestamp_ms () + CARRIER_WAIT_TIME_AFTER_MTU_MS;
+				priv->carrier_wait_until_ms = nm_utils_get_monotonic_timestamp_msec () + CARRIER_WAIT_TIME_AFTER_MTU_MS;
 			}
 			if (priv->ip6_mtu_initial) {
 				char sbuf[64];
@@ -16321,7 +16321,7 @@ again:
 			 *
 			 * wait/poll up to 100 msec until it changes. */
 
-			poll_end = nm_utils_get_monotonic_timestamp_us () + (100 * 1000);
+			poll_end = nm_utils_get_monotonic_timestamp_usec () + (100 * 1000);
 			for (;;) {
 				if (!nm_platform_link_refresh (nm_device_get_platform (self), nm_device_get_ip_ifindex (self)))
 					goto handle_fail;
@@ -16332,7 +16332,7 @@ again:
 
 				break;
 handle_wait:
-				now = nm_utils_get_monotonic_timestamp_us ();
+				now = nm_utils_get_monotonic_timestamp_usec ();
 				if (now < poll_end) {
 					g_usleep (NM_MIN (poll_end - now, 500));
 					continue;
diff --git a/src/devices/nm-lldp-listener.c b/src/devices/nm-lldp-listener.c
index 4c9e77056d..9201660f53 100644
--- a/src/devices/nm-lldp-listener.c
+++ b/src/devices/nm-lldp-listener.c
@@ -17,7 +17,7 @@
 #include "systemd/nm-sd.h"
 
 #define MAX_NEIGHBORS         4096
-#define MIN_UPDATE_INTERVAL_NS (2 * NM_UTILS_NS_PER_SECOND)
+#define MIN_UPDATE_INTERVAL_NS (2 * NM_UTILS_NSEC_PER_SEC)
 
 #define LLDP_MAC_NEAREST_BRIDGE          ((const struct ether_addr *) ((uint8_t[ETH_ALEN]) { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x0e }))
 #define LLDP_MAC_NEAREST_NON_TPMR_BRIDGE ((const struct ether_addr *) ((uint8_t[ETH_ALEN]) { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x03 }))
@@ -828,7 +828,7 @@ data_changed_timeout (gpointer user_data)
 	priv = NM_LLDP_LISTENER_GET_PRIVATE (self);
 
 	priv->ratelimit_id = 0;
-	priv->ratelimit_next = nm_utils_get_monotonic_timestamp_ns() + MIN_UPDATE_INTERVAL_NS;
+	priv->ratelimit_next = nm_utils_get_monotonic_timestamp_nsec() + MIN_UPDATE_INTERVAL_NS;
 	data_changed_notify (self, priv);
 	return G_SOURCE_REMOVE;
 }
@@ -839,13 +839,13 @@ data_changed_schedule (NMLldpListener *self)
 	NMLldpListenerPrivate *priv = NM_LLDP_LISTENER_GET_PRIVATE (self);
 	gint64 now;
 
-	now = nm_utils_get_monotonic_timestamp_ns ();
+	now = nm_utils_get_monotonic_timestamp_nsec ();
 	if (now >= priv->ratelimit_next) {
 		nm_clear_g_source (&priv->ratelimit_id);
 		priv->ratelimit_next = now + MIN_UPDATE_INTERVAL_NS;
 		data_changed_notify (self, priv);
 	} else if (!priv->ratelimit_id)
-		priv->ratelimit_id = g_timeout_add (NM_UTILS_NS_TO_MSEC_CEIL (priv->ratelimit_next - now), data_changed_timeout, self);
+		priv->ratelimit_id = g_timeout_add (NM_UTILS_NSEC_TO_MSEC_CEIL (priv->ratelimit_next - now), data_changed_timeout, self);
 }
 
 static void
diff --git a/src/devices/wifi/nm-device-iwd.c b/src/devices/wifi/nm-device-iwd.c
index 6b587e3f3b..356f590faa 100644
--- a/src/devices/wifi/nm-device-iwd.c
+++ b/src/devices/wifi/nm-device-iwd.c
@@ -998,7 +998,7 @@ scan_cb (GObject *source, GAsyncResult *res, gpointer user_data)
 
 	priv = NM_DEVICE_IWD_GET_PRIVATE (self);
 	priv->scan_requested = FALSE;
-	priv->last_scan = nm_utils_get_monotonic_timestamp_ms ();
+	priv->last_scan = nm_utils_get_monotonic_timestamp_msec ();
 	_notify (self, PROP_LAST_SCAN);
 
 	/* On success, priv->scanning becomes true right before or right
@@ -2099,7 +2099,7 @@ get_property (GObject *object, guint prop_id,
 	case PROP_LAST_SCAN:
 		g_value_set_int64 (value,
 		                   priv->last_scan > 0
-		                       ? nm_utils_monotonic_timestamp_as_boottime (priv->last_scan, NM_UTILS_NS_PER_MSEC)
+		                       ? nm_utils_monotonic_timestamp_as_boottime (priv->last_scan, NM_UTILS_NSEC_PER_MSEC)
 		                       : (gint64) -1);
 		break;
 	default:
diff --git a/src/devices/wifi/nm-device-wifi-p2p.c b/src/devices/wifi/nm-device-wifi-p2p.c
index 34ff70fa0e..e3860ebf2f 100644
--- a/src/devices/wifi/nm-device-wifi-p2p.c
+++ b/src/devices/wifi/nm-device-wifi-p2p.c
@@ -104,7 +104,7 @@ peer_list_dump (gpointer user_data)
 
 	if (_LOGD_ENABLED (LOGD_WIFI_SCAN)) {
 		NMWifiP2PPeer *peer;
-		gint32 now_s = nm_utils_get_monotonic_timestamp_s ();
+		gint32 now_s = nm_utils_get_monotonic_timestamp_sec ();
 
 		_LOGD (LOGD_WIFI_SCAN, "P2P Peers: [now:%u]", now_s);
 		c_list_for_each_entry (peer, &priv->peers_lst_head, peers_lst)
diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c
index 65ba2bcc0f..75b9943c80 100644
--- a/src/devices/wifi/nm-device-wifi.c
+++ b/src/devices/wifi/nm-device-wifi.c
@@ -1047,7 +1047,7 @@ _hw_addr_set_scanning (NMDeviceWifi *self, gboolean do_reset)
 		return;
 	}
 
-	now = nm_utils_get_monotonic_timestamp_s ();
+	now = nm_utils_get_monotonic_timestamp_sec ();
 
 	if (now >= priv->hw_addr_scan_expire) {
 		gs_free char *generate_mac_address_mask = NULL;
@@ -1188,7 +1188,7 @@ _nm_device_wifi_request_scan (NMDeviceWifi *self,
 	}
 
 	last_scan = nm_supplicant_interface_get_last_scan (priv->sup_iface);
-	if (last_scan && (nm_utils_get_monotonic_timestamp_ms () - last_scan) < 10 * NM_UTILS_MSEC_PER_SECOND) {
+	if (last_scan && (nm_utils_get_monotonic_timestamp_msec () - last_scan) < 10 * NM_UTILS_MSEC_PER_SEC) {
 		g_dbus_method_invocation_return_error_literal (invocation,
 		                                               NM_DEVICE_ERROR,
 		                                               NM_DEVICE_ERROR_NOT_ALLOWED,
@@ -1419,7 +1419,7 @@ static void
 schedule_scan (NMDeviceWifi *self, gboolean backoff)
 {
 	NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE (self);
-	gint32 now = nm_utils_get_monotonic_timestamp_s ();
+	gint32 now = nm_utils_get_monotonic_timestamp_sec ();
 
 	/* Cancel the pending scan if it would happen later than (now + the scan_interval) */
 	if (priv->pending_scan_id) {
@@ -1466,7 +1466,7 @@ supplicant_iface_scan_done_cb (NMSupplicantInterface *iface,
 
 	_LOGD (LOGD_WIFI, "wifi-scan: scan-done callback: %s", success ? "successful" : "failed");
 
-	priv->last_scan = nm_utils_get_monotonic_timestamp_ms ();
+	priv->last_scan = nm_utils_get_monotonic_timestamp_msec ();
 	_notify (self, PROP_LAST_SCAN);
 	schedule_scan (self, success);
 
@@ -1488,11 +1488,11 @@ ap_list_dump (gpointer user_data)
 
 	if (_LOGD_ENABLED (LOGD_WIFI_SCAN)) {
 		NMWifiAP *ap;
-		gint32 now_s = nm_utils_get_monotonic_timestamp_s ();
+		gint32 now_s = nm_utils_get_monotonic_timestamp_sec ();
 
 		_LOGD (LOGD_WIFI_SCAN, "APs: [now:%u last:%" G_GINT64_FORMAT " next:%u]",
 		       now_s,
-		       priv->last_scan / NM_UTILS_MSEC_PER_SECOND,
+		       priv->last_scan / NM_UTILS_MSEC_PER_SEC,
 		       priv->scheduled_scan_time);
 		c_list_for_each_entry (ap, &priv->aps_lst_head, aps_lst)
 			_ap_dump (self, LOGL_DEBUG, ap, "dump", now_s);
@@ -3255,7 +3255,7 @@ get_property (GObject *object, guint prop_id,
 	case PROP_LAST_SCAN:
 		g_value_set_int64 (value,
 		                   priv->last_scan > 0
-		                       ? nm_utils_monotonic_timestamp_as_boottime (priv->last_scan, NM_UTILS_NS_PER_MSEC)
+		                       ? nm_utils_monotonic_timestamp_as_boottime (priv->last_scan, NM_UTILS_NSEC_PER_MSEC)
 		                       : (gint64) -1);
 		break;
 	default:
diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c
index ee7dc2360e..e07fde543a 100644
--- a/src/devices/wifi/nm-wifi-ap.c
+++ b/src/devices/wifi/nm-wifi-ap.c
@@ -58,7 +58,7 @@ struct _NMWifiAPPrivate {
 	/* Non-scanned attributes */
 	bool               fake:1;       /* Whether or not the AP is from a scan */
 	bool               hotspot:1;    /* Whether the AP is a local device's hotspot network */
-	gint32             last_seen;    /* Timestamp when the AP was seen lastly (obtained via nm_utils_get_monotonic_timestamp_s()) */
+	gint32             last_seen;    /* Timestamp when the AP was seen lastly (obtained via nm_utils_get_monotonic_timestamp_sec()) */
 };
 
 typedef struct _NMWifiAPPrivate NMWifiAPPrivate;
@@ -422,6 +422,8 @@ security_from_vardict (GVariant *security)
 			flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X;
 		if (g_strv_contains (array, "sae"))
 			flags |= NM_802_11_AP_SEC_KEY_MGMT_SAE;
+		if (g_strv_contains (array, "owe"))
+			flags |= NM_802_11_AP_SEC_KEY_MGMT_OWE;
 		g_free (array);
 	}
 
@@ -896,7 +898,7 @@ nm_wifi_ap_update_from_properties (NMWifiAP *ap,
 		changed = TRUE;
 	}
 
-	changed |= nm_wifi_ap_set_last_seen (ap, nm_utils_get_monotonic_timestamp_s ());
+	changed |= nm_wifi_ap_set_last_seen (ap, nm_utils_get_monotonic_timestamp_sec ());
 	changed |= nm_wifi_ap_set_fake (ap, FALSE);
 
 	g_object_thaw_notify (G_OBJECT (ap));
@@ -1024,7 +1026,7 @@ nm_wifi_ap_to_string (const NMWifiAP *self,
 	            priv->metered ? 'M' : '_',
 	            priv->wpa_flags & 0xFFFF,
 	            priv->rsn_flags & 0xFFFF,
-	            priv->last_seen > 0 ? ((now_s > 0 ? now_s : nm_utils_get_monotonic_timestamp_s ()) - priv->last_seen) : -1,
+	            priv->last_seen > 0 ? ((now_s > 0 ? now_s : nm_utils_get_monotonic_timestamp_sec ()) - priv->last_seen) : -1,
 	            supplicant_id,
 	            export_path);
 	return str_buf;
@@ -1178,7 +1180,7 @@ get_property (GObject *object, guint prop_id,
 	case PROP_LAST_SEEN:
 		g_value_set_int (value,
 		                 priv->last_seen > 0
-		                     ? (int) nm_utils_monotonic_timestamp_as_boottime (priv->last_seen, NM_UTILS_NS_PER_SECOND)
+		                     ? (int) nm_utils_monotonic_timestamp_as_boottime (priv->last_seen, NM_UTILS_NSEC_PER_SEC)
 		                     : -1);
 		break;
 	default:
@@ -1394,7 +1396,8 @@ nm_wifi_ap_class_init (NMWifiAPClass *ap_class)
 	| NM_802_11_AP_SEC_GROUP_CCMP \
 	| NM_802_11_AP_SEC_KEY_MGMT_PSK \
 	| NM_802_11_AP_SEC_KEY_MGMT_802_1X \
-	| NM_802_11_AP_SEC_KEY_MGMT_SAE )
+	| NM_802_11_AP_SEC_KEY_MGMT_SAE \
+	| NM_802_11_AP_SEC_KEY_MGMT_OWE )
 
 	GObjectClass *object_class = G_OBJECT_CLASS (ap_class);
 	NMDBusObjectClass *dbus_object_class = NM_DBUS_OBJECT_CLASS (ap_class);
diff --git a/src/devices/wifi/nm-wifi-p2p-peer.c b/src/devices/wifi/nm-wifi-p2p-peer.c
index f8da004669..ccdd56c4fd 100644
--- a/src/devices/wifi/nm-wifi-p2p-peer.c
+++ b/src/devices/wifi/nm-wifi-p2p-peer.c
@@ -55,7 +55,7 @@ struct _NMWifiP2PPeerPrivate {
 	NM80211ApFlags     flags;      /* General flags */
 
 	/* Non-scanned attributes */
-	gint32             last_seen;    /* Timestamp when the Peer was seen lastly (obtained via nm_utils_get_monotonic_timestamp_s()) */
+	gint32             last_seen;    /* Timestamp when the Peer was seen lastly (obtained via nm_utils_get_monotonic_timestamp_sec()) */
 };
 
 typedef struct _NMWifiP2PPeerPrivate NMWifiP2PPeerPrivate;
@@ -499,7 +499,7 @@ nm_wifi_p2p_peer_update_from_properties (NMWifiP2PPeer *peer,
 		changed = TRUE;
 	}
 
-	changed |= nm_wifi_p2p_peer_set_last_seen (peer, nm_utils_get_monotonic_timestamp_s ());
+	changed |= nm_wifi_p2p_peer_set_last_seen (peer, nm_utils_get_monotonic_timestamp_sec ());
 
 	g_object_thaw_notify (G_OBJECT (peer));
 
@@ -537,7 +537,7 @@ nm_wifi_p2p_peer_to_string (const NMWifiP2PPeer *self,
 	            priv->model,
 	            priv->model_number,
 	            priv->serial,
-	            priv->last_seen > 0 ? ((now_s > 0 ? now_s : nm_utils_get_monotonic_timestamp_s ()) - priv->last_seen) : -1,
+	            priv->last_seen > 0 ? ((now_s > 0 ? now_s : nm_utils_get_monotonic_timestamp_sec ()) - priv->last_seen) : -1,
 	            supplicant_id,
 	            export_path);
 
@@ -616,7 +616,7 @@ get_property (GObject *object, guint prop_id,
 	case PROP_LAST_SEEN:
 		g_value_set_int (value,
 		                 priv->last_seen > 0
-		                     ? (int) nm_utils_monotonic_timestamp_as_boottime (priv->last_seen, NM_UTILS_NS_PER_SECOND)
+		                     ? (int) nm_utils_monotonic_timestamp_as_boottime (priv->last_seen, NM_UTILS_NSEC_PER_SEC)
 		                     : -1);
 		break;
 	default:
diff --git a/src/devices/wifi/nm-wifi-utils.c b/src/devices/wifi/nm-wifi-utils.c
index b9b7ec42e5..7cb5f85bdd 100644
--- a/src/devices/wifi/nm-wifi-utils.c
+++ b/src/devices/wifi/nm-wifi-utils.c
@@ -759,6 +759,12 @@ nm_wifi_utils_complete_connection (GBytes *ap_ssid,
 		              NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae",
 		              NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open",
 		              NULL);
+	} else if (   (key_mgmt && !strcmp (key_mgmt, "owe"))
+	           || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE)) {
+		g_object_set (s_wsec,
+		              NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe",
+		              NM_SETTING_WIRELESS_SECURITY_AUTH_ALG, "open",
+		              NULL);
 	} else if (   (key_mgmt && !strcmp (key_mgmt, "wpa-psk"))
 	           || (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)
 	           || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)) {
diff --git a/src/dhcp/nm-dhcp-nettools.c b/src/dhcp/nm-dhcp-nettools.c
index e557c00487..654bdf5031 100644
--- a/src/dhcp/nm-dhcp-nettools.c
+++ b/src/dhcp/nm-dhcp-nettools.c
@@ -373,8 +373,8 @@ lease_parse_address (NDhcp4ClientLease *lease,
 		 * Here we still do it... it seems safe enough. */
 		nm_assert (nettools_basetime > 0);
 		nm_assert (nettools_lifetime >= nettools_basetime);
-		nm_assert (((nettools_lifetime - nettools_basetime) % NM_UTILS_NS_PER_SECOND) == 0);
-		nm_assert ((nettools_lifetime - nettools_basetime) / NM_UTILS_NS_PER_SECOND <= G_MAXUINT32);
+		nm_assert (((nettools_lifetime - nettools_basetime) % NM_UTILS_NSEC_PER_SEC) == 0);
+		nm_assert ((nettools_lifetime - nettools_basetime) / NM_UTILS_NSEC_PER_SEC <= G_MAXUINT32);
 
 		if (nettools_lifetime <= nettools_basetime) {
 			/* A lease time of 0 is allowed on some dhcp servers, so, let's accept it. */
@@ -384,7 +384,7 @@ lease_parse_address (NDhcp4ClientLease *lease,
 
 			/* we "ceil" the value to the next second. In practice, we don't expect any sub-second values
 			 * from n-dhcp4 anyway, so this should have no effect. */
-			lifetime += NM_UTILS_NS_PER_SECOND - 1;
+			lifetime += NM_UTILS_NSEC_PER_SEC - 1;
 		}
 
 		ts = nm_utils_monotonic_timestamp_from_boottime (nettools_basetime, 1);
@@ -392,11 +392,11 @@ lease_parse_address (NDhcp4ClientLease *lease,
 		/* the timestamp must be positive, because we only started nettools DHCP client
 		 * after obtaining the first monotonic timestamp. Hence, the lease must have been
 		 * received afterwards. */
-		nm_assert (ts >= NM_UTILS_NS_PER_SECOND);
+		nm_assert (ts >= NM_UTILS_NSEC_PER_SEC);
 
-		a_timestamp = ts / NM_UTILS_NS_PER_SECOND;
-		a_lifetime = NM_MIN (lifetime / NM_UTILS_NS_PER_SECOND, NM_PLATFORM_LIFETIME_PERMANENT - 1);
-		a_expiry = time (NULL) + ((lifetime - (nm_utils_clock_gettime_ns (CLOCK_BOOTTIME) - nettools_basetime)) / NM_UTILS_NS_PER_SECOND);
+		a_timestamp = ts / NM_UTILS_NSEC_PER_SEC;
+		a_lifetime = NM_MIN (lifetime / NM_UTILS_NSEC_PER_SEC, NM_PLATFORM_LIFETIME_PERMANENT - 1);
+		a_expiry = time (NULL) + ((lifetime - (nm_utils_clock_gettime_ns (CLOCK_BOOTTIME) - nettools_basetime)) / NM_UTILS_NSEC_PER_SEC);
 	}
 
 	if (!lease_get_in_addr (lease, NM_DHCP_OPTION_DHCP4_SUBNET_MASK, &a_netmask)) {
diff --git a/src/dhcp/nm-dhcp-systemd.c b/src/dhcp/nm-dhcp-systemd.c
index 1518d46576..b5ebd1bc98 100644
--- a/src/dhcp/nm-dhcp-systemd.c
+++ b/src/dhcp/nm-dhcp-systemd.c
@@ -93,7 +93,7 @@ lease_to_ip4_config (NMDedupMultiIndex *multi_idx,
 	gboolean has_router_from_classless = FALSE;
 	gboolean has_classless_route = FALSE;
 	gboolean has_static_route = FALSE;
-	const gint32 ts = nm_utils_get_monotonic_timestamp_s ();
+	const gint32 ts = nm_utils_get_monotonic_timestamp_sec ();
 	gint64 ts_time = time (NULL);
 	struct in_addr a_address;
 	struct in_addr a_netmask;
@@ -803,7 +803,7 @@ static void
 bound6_handle (NMDhcpSystemd *self)
 {
 	NMDhcpSystemdPrivate *priv = NM_DHCP_SYSTEMD_GET_PRIVATE (self);
-	const gint32 ts = nm_utils_get_monotonic_timestamp_s ();
+	const gint32 ts = nm_utils_get_monotonic_timestamp_sec ();
 	const char *iface = nm_dhcp_client_get_iface (NM_DHCP_CLIENT (self));
 	gs_unref_object NMIP6Config *ip6_config = NULL;
 	gs_unref_hashtable GHashTable *options = NULL;
diff --git a/src/dhcp/nm-dhcp-utils.c b/src/dhcp/nm-dhcp-utils.c
index c5da3e0227..e1c1fa1d85 100644
--- a/src/dhcp/nm-dhcp-utils.c
+++ b/src/dhcp/nm-dhcp-utils.c
@@ -388,7 +388,7 @@ nm_dhcp_utils_ip4_config_from_options (NMDedupMultiIndex *multi_idx,
 
 	ip4_config = nm_ip4_config_new (multi_idx, ifindex);
 	memset (&address, 0, sizeof (address));
-	address.timestamp = nm_utils_get_monotonic_timestamp_s ();
+	address.timestamp = nm_utils_get_monotonic_timestamp_sec ();
 
 	str = g_hash_table_lookup (options, "ip_address");
 	if (str && (inet_pton (AF_INET, str, &addr) > 0))
@@ -601,7 +601,7 @@ nm_dhcp_utils_ip6_prefix_from_options (GHashTable *options)
 	address.address = tmp_addr;
 	address.addr_source = NM_IP_CONFIG_SOURCE_DHCP;
 	address.plen = prefix;
-	address.timestamp = nm_utils_get_monotonic_timestamp_s ();
+	address.timestamp = nm_utils_get_monotonic_timestamp_sec ();
 
 	str = g_hash_table_lookup (options, "max_life");
 	if (str)
@@ -630,7 +630,7 @@ nm_dhcp_utils_ip6_config_from_options (NMDedupMultiIndex *multi_idx,
 
 	memset (&address, 0, sizeof (address));
 	address.plen = 128;
-	address.timestamp = nm_utils_get_monotonic_timestamp_s ();
+	address.timestamp = nm_utils_get_monotonic_timestamp_sec ();
 
 	ip6_config = nm_ip6_config_new (multi_idx, ifindex);
 
diff --git a/src/dns/nm-dns-dnsmasq.c b/src/dns/nm-dns-dnsmasq.c
index a5028e426d..e2bd0b790d 100644
--- a/src/dns/nm-dns-dnsmasq.c
+++ b/src/dns/nm-dns-dnsmasq.c
@@ -129,7 +129,7 @@ _gl_pid_kill_external_timeout_cb (gpointer user_data)
 		goto process_gone;
 	}
 
-	now = nm_utils_get_monotonic_timestamp_ms ();
+	now = nm_utils_get_monotonic_timestamp_msec ();
 
 	if (gl_pid.kill_external_data->started_at + WAIT_MSEC_AFTER_SIGTERM < now) {
 		if (!gl_pid.kill_external_data->sigkilled) {
@@ -240,7 +240,7 @@ handle_kill:
 	gl_pid.kill_external_data = g_slice_new (GlPidKillExternalData);
 	*gl_pid.kill_external_data = (GlPidKillExternalData) {
 		.shutdown_wait_handle = nm_shutdown_wait_obj_register_handle_full (g_strdup_printf ("kill-external-dnsmasq-process-%"G_PID_FORMAT, pid), TRUE),
-		.started_at           = nm_utils_get_monotonic_timestamp_ms (),
+		.started_at           = nm_utils_get_monotonic_timestamp_msec (),
 		.pid                  = pid,
 		.p_start_time         = p_start_time,
 	};
@@ -1058,7 +1058,7 @@ start_dnsmasq (NMDnsDnsmasq *self, gboolean force_start, GError **error)
 		}
 	}
 
-	now = nm_utils_get_monotonic_timestamp_ms ();
+	now = nm_utils_get_monotonic_timestamp_msec ();
 	if (   force_start
 	    || priv->burst_start_at == 0
 	    || priv->burst_start_at + RATELIMIT_INTERVAL_MSEC <= now) {
diff --git a/src/ndisc/nm-fake-ndisc.c b/src/ndisc/nm-fake-ndisc.c
index 020764d3d9..851ff70721 100644
--- a/src/ndisc/nm-fake-ndisc.c
+++ b/src/ndisc/nm-fake-ndisc.c
@@ -234,7 +234,7 @@ receive_ra (gpointer user_data)
 	NMNDiscDataInternal *rdata = ndisc->rdata;
 	FakeRa *ra = priv->ras->data;
 	NMNDiscConfigMap changed = 0;
-	gint32 now = nm_utils_get_monotonic_timestamp_s ();
+	gint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	guint i;
 	NMNDiscDHCPLevel dhcp_level;
 
diff --git a/src/ndisc/nm-lndp-ndisc.c b/src/ndisc/nm-lndp-ndisc.c
index 8077099f6f..d052426f4a 100644
--- a/src/ndisc/nm-lndp-ndisc.c
+++ b/src/ndisc/nm-lndp-ndisc.c
@@ -99,7 +99,7 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
 	NMNDiscConfigMap changed = 0;
 	struct ndp_msgra *msgra = ndp_msgra (msg);
 	struct in6_addr gateway_addr;
-	gint32 now = nm_utils_get_monotonic_timestamp_s ();
+	gint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	int offset;
 	int hop_limit;
 	guint32 val;
@@ -348,7 +348,7 @@ send_ra (NMNDisc *ndisc, GError **error)
 {
 	NMLndpNDiscPrivate *priv = NM_LNDP_NDISC_GET_PRIVATE ((NMLndpNDisc *) ndisc);
 	NMNDiscDataInternal *rdata = ndisc->rdata;
-	gint32 now = nm_utils_get_monotonic_timestamp_s ();
+	gint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	int errsv;
 	struct in6_addr *addr;
 	struct ndp_msg *msg;
diff --git a/src/ndisc/nm-ndisc.c b/src/ndisc/nm-ndisc.c
index 41201e24aa..7369bacddc 100644
--- a/src/ndisc/nm-ndisc.c
+++ b/src/ndisc/nm-ndisc.c
@@ -171,7 +171,7 @@ _get_exp (char *buf, gsize buf_size, gint64 now_ns, gint64 expiry_time)
 		return "permanent";
 	l = g_snprintf (buf, buf_size,
 	                "%.4f",
-	                ((double) ((expiry_time * NM_UTILS_NS_PER_SECOND) - now_ns)) / ((double) NM_UTILS_NS_PER_SECOND));
+	                ((double) ((expiry_time * NM_UTILS_NSEC_PER_SEC) - now_ns)) / ((double) NM_UTILS_NSEC_PER_SEC));
 	nm_assert (l < buf_size);
 	return buf;
 }
@@ -701,7 +701,7 @@ send_rs_timeout (NMNDisc *ndisc)
 		g_clear_error (&error);
 	}
 
-	priv->last_rs = nm_utils_get_monotonic_timestamp_s ();
+	priv->last_rs = nm_utils_get_monotonic_timestamp_sec ();
 	if (priv->solicitations_left > 0) {
 		_LOGD ("scheduling router solicitation retry in %d seconds.",
 		       (int) priv->router_solicitation_interval);
@@ -725,7 +725,7 @@ solicit_routers (NMNDisc *ndisc)
 	if (priv->send_rs_id)
 		return;
 
-	now = nm_utils_get_monotonic_timestamp_s ();
+	now = nm_utils_get_monotonic_timestamp_sec ();
 	priv->solicitations_left = priv->router_solicitations;
 
 	t = (((gint64) priv->last_rs) + priv->router_solicitation_interval) - now;
@@ -746,7 +746,7 @@ announce_router (NMNDisc *ndisc)
 	if (!nm_ndisc_netns_push (ndisc, &netns))
 		return G_SOURCE_REMOVE;
 
-	priv->last_ra = nm_utils_get_monotonic_timestamp_s ();
+	priv->last_ra = nm_utils_get_monotonic_timestamp_sec ();
 	if (klass->send_ra (ndisc, &error)) {
 		_LOGD ("router advertisement sent");
 		g_clear_pointer (&priv->last_error, g_free);
@@ -786,7 +786,7 @@ announce_router_initial (NMNDisc *ndisc)
 	priv->announcements_left = NM_NDISC_ROUTER_ADVERTISEMENTS_DEFAULT;
 
 	/* Unschedule an unsolicited resend if we are allowed to send now. */
-	if (G_LIKELY (nm_utils_get_monotonic_timestamp_s () - priv->last_ra > NM_NDISC_ROUTER_ADVERT_DELAY))
+	if (G_LIKELY (nm_utils_get_monotonic_timestamp_sec () - priv->last_ra > NM_NDISC_ROUTER_ADVERT_DELAY))
 		nm_clear_g_source (&priv->send_ra_id);
 
 	/* Schedule the initial send rather early. Clamp the delay by minimal
@@ -805,7 +805,7 @@ announce_router_solicited (NMNDisc *ndisc)
 	_LOGD ("will send an solicited router advertisement");
 
 	/* Unschedule an unsolicited resend if we are allowed to send now. */
-	if (nm_utils_get_monotonic_timestamp_s () - priv->last_ra > NM_NDISC_ROUTER_ADVERT_DELAY)
+	if (nm_utils_get_monotonic_timestamp_sec () - priv->last_ra > NM_NDISC_ROUTER_ADVERT_DELAY)
 		nm_clear_g_source (&priv->send_ra_id);
 
 	if (!priv->send_ra_id) {
@@ -1017,7 +1017,7 @@ _config_changed_log (NMNDisc *ndisc, NMNDiscConfigMap changed)
 	if (!_LOGD_ENABLED ())
 		return;
 
-	now_ns = nm_utils_get_monotonic_timestamp_ns ();
+	now_ns = nm_utils_get_monotonic_timestamp_nsec ();
 
 	priv = NM_NDISC_GET_PRIVATE (ndisc);
 	rdata = &priv->rdata;
@@ -1231,7 +1231,7 @@ timeout_cb (gpointer user_data)
 	NMNDisc *self = user_data;
 
 	NM_NDISC_GET_PRIVATE (self)->timeout_id = 0;
-	check_timestamps (self, nm_utils_get_monotonic_timestamp_s (), 0);
+	check_timestamps (self, nm_utils_get_monotonic_timestamp_sec (), 0);
 	return G_SOURCE_REMOVE;
 }
 
@@ -1350,7 +1350,7 @@ nm_ndisc_init (NMNDisc *ndisc)
 	priv->rdata.public.hop_limit = 64;
 
 	/* Start at very low number so that last_rs - router_solicitation_interval
-	 * is much lower than nm_utils_get_monotonic_timestamp_s() at startup.
+	 * is much lower than nm_utils_get_monotonic_timestamp_sec() at startup.
 	 */
 	priv->last_rs = G_MININT32;
 }
diff --git a/src/ndisc/tests/test-ndisc-fake.c b/src/ndisc/tests/test-ndisc-fake.c
index 8bdc053ded..91fe9802d7 100644
--- a/src/ndisc/tests/test-ndisc-fake.c
+++ b/src/ndisc/tests/test-ndisc-fake.c
@@ -157,7 +157,7 @@ static void
 test_simple (void)
 {
 	NMFakeNDisc *ndisc = ndisc_new ();
-	guint32 now = nm_utils_get_monotonic_timestamp_s ();
+	guint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	TestData data = { g_main_loop_new (NULL, FALSE), 0, 0, now };
 	guint id;
 
@@ -239,7 +239,7 @@ static void
 test_everything (void)
 {
 	NMFakeNDisc *ndisc = ndisc_new ();
-	guint32 now = nm_utils_get_monotonic_timestamp_s ();
+	guint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	TestData data = { g_main_loop_new (NULL, FALSE), 0, 0, now };
 	guint id;
 
@@ -313,7 +313,7 @@ static void
 test_preference_order (void)
 {
 	NMFakeNDisc *ndisc = ndisc_new ();
-	guint32 now = nm_utils_get_monotonic_timestamp_s ();
+	guint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	TestData data = { g_main_loop_new (NULL, FALSE), 0, 0, now };
 	guint id;
 
@@ -386,7 +386,7 @@ static void
 test_preference_changed (void)
 {
 	NMFakeNDisc *ndisc = ndisc_new ();
-	guint32 now = nm_utils_get_monotonic_timestamp_s ();
+	guint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	TestData data = { g_main_loop_new (NULL, FALSE), 0, 0, now };
 	guint id;
 
@@ -440,7 +440,7 @@ success_timeout (TestData *data)
 static void
 test_dns_solicit_loop_rs_sent (NMFakeNDisc *ndisc, TestData *data)
 {
-	guint32 now = nm_utils_get_monotonic_timestamp_s ();
+	guint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	guint id;
 
 	if (data->rs_counter > 0 && data->rs_counter < 6) {
@@ -472,7 +472,7 @@ static void
 test_dns_solicit_loop (void)
 {
 	NMFakeNDisc *ndisc = ndisc_new ();
-	guint32 now = nm_utils_get_monotonic_timestamp_s ();
+	guint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	TestData data = { g_main_loop_new (NULL, FALSE), 0, 0, now, 0 };
 	guint id;
 
diff --git a/src/nm-auth-manager.h b/src/nm-auth-manager.h
index 33e3bb2ccd..ab924e69a5 100644
--- a/src/nm-auth-manager.h
+++ b/src/nm-auth-manager.h
@@ -12,12 +12,18 @@
 /*****************************************************************************/
 
 typedef enum {
-	NM_AUTH_CALL_RESULT_UNKNOWN,
-	NM_AUTH_CALL_RESULT_YES,
-	NM_AUTH_CALL_RESULT_AUTH,
-	NM_AUTH_CALL_RESULT_NO,
+	NM_AUTH_CALL_RESULT_UNKNOWN = NM_CLIENT_PERMISSION_RESULT_UNKNOWN,
+	NM_AUTH_CALL_RESULT_YES     = NM_CLIENT_PERMISSION_RESULT_YES,
+	NM_AUTH_CALL_RESULT_AUTH    = NM_CLIENT_PERMISSION_RESULT_AUTH,
+	NM_AUTH_CALL_RESULT_NO      = NM_CLIENT_PERMISSION_RESULT_NO,
 } NMAuthCallResult;
 
+static inline NMClientPermissionResult
+nm_auth_call_result_to_client (NMAuthCallResult result)
+{
+	return (NMClientPermissionResult) result;
+}
+
 static inline NMAuthCallResult
 nm_auth_call_result_eval (gboolean is_authorized,
                           gboolean is_challenge,
diff --git a/src/nm-checkpoint.c b/src/nm-checkpoint.c
index 734a40e1e2..1ab0f07d36 100644
--- a/src/nm-checkpoint.c
+++ b/src/nm-checkpoint.c
@@ -585,7 +585,7 @@ nm_checkpoint_adjust_rollback_timeout (NMCheckpoint *self, guint32 add_timeout)
 	if (add_timeout == 0)
 		rollback_timeout_s = 0;
 	else {
-		now_ms = nm_utils_get_monotonic_timestamp_ms ();
+		now_ms = nm_utils_get_monotonic_timestamp_msec ();
 		add_timeout_ms = ((gint64) add_timeout) * 1000;
 		rollback_timeout_ms = (now_ms - priv->created_at_ms) + add_timeout_ms;
 
@@ -626,7 +626,7 @@ get_property (GObject *object, guint prop_id,
 	case PROP_CREATED:
 		g_value_set_int64 (value,
 		                   nm_utils_monotonic_timestamp_as_boottime (priv->created_at_ms,
-		                                                             NM_UTILS_NS_PER_MSEC));
+		                                                             NM_UTILS_NSEC_PER_MSEC));
 		break;
 	case PROP_ROLLBACK_TIMEOUT:
 		g_value_set_uint (value, priv->rollback_timeout_s);
@@ -679,7 +679,7 @@ nm_checkpoint_new (NMManager *manager, GPtrArray *devices, guint32 rollback_time
 	priv = NM_CHECKPOINT_GET_PRIVATE (self);
 	priv->manager = g_object_ref (manager);
 	priv->rollback_timeout_s = rollback_timeout_s;
-	priv->created_at_ms = nm_utils_get_monotonic_timestamp_ms ();
+	priv->created_at_ms = nm_utils_get_monotonic_timestamp_msec ();
 	priv->flags = flags;
 
 	if (rollback_timeout_s != 0) {
diff --git a/src/nm-connectivity.c b/src/nm-connectivity.c
index ccac63766b..bcafc90893 100644
--- a/src/nm-connectivity.c
+++ b/src/nm-connectivity.c
@@ -415,13 +415,13 @@ _con_curl_timeout_cb (gpointer user_data)
 }
 
 static int
-multi_timer_cb (CURLM *multi, long timeout_ms, void *userdata)
+multi_timer_cb (CURLM *multi, long timeout_msec, void *userdata)
 {
 	NMConnectivityCheckHandle *cb_data = userdata;
 
 	nm_clear_g_source (&cb_data->concheck.curl_timer);
-	if (timeout_ms != -1)
-		cb_data->concheck.curl_timer = g_timeout_add (timeout_ms, _con_curl_timeout_cb, cb_data);
+	if (timeout_msec != -1)
+		cb_data->concheck.curl_timer = g_timeout_add (timeout_msec, _con_curl_timeout_cb, cb_data);
 	return 0;
 }
 
diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c
index fb92289f0d..1438a0bb5e 100644
--- a/src/nm-core-utils.c
+++ b/src/nm-core-utils.c
@@ -436,7 +436,7 @@ static const char *
 _kc_waited_to_string (char *buf, gint64 wait_start_us)
 #define _kc_waited_to_string(buf, wait_start_us) ( G_STATIC_ASSERT_EXPR(sizeof (buf) == KC_WAITED_TO_STRING && sizeof ((buf)[0]) == 1), _kc_waited_to_string (buf, wait_start_us) )
 {
-	g_snprintf (buf, KC_WAITED_TO_STRING, " (%ld usec elapsed)", (long) (nm_utils_get_monotonic_timestamp_us () - wait_start_us));
+	g_snprintf (buf, KC_WAITED_TO_STRING, " (%ld usec elapsed)", (long) (nm_utils_get_monotonic_timestamp_usec () - wait_start_us));
 	return buf;
 }
 
@@ -476,7 +476,7 @@ _kc_cb_timeout_grace_period (void *user_data)
 		}
 	} else {
 		nm_log_dbg (data->log_domain, "%s: process not terminated after %ld usec. Sending SIGKILL signal",
-		            data->log_name, (long) (nm_utils_get_monotonic_timestamp_us () - data->async.wait_start_us));
+		            data->log_name, (long) (nm_utils_get_monotonic_timestamp_usec () - data->async.wait_start_us));
 	}
 
 	return G_SOURCE_REMOVE;
@@ -591,7 +591,7 @@ nm_utils_kill_child_async (pid_t pid, int sig, NMLogDomain log_domain,
 	}
 
 	data = _kc_async_data_alloc (pid, log_domain, log_name, callback, user_data);
-	data->async.wait_start_us = nm_utils_get_monotonic_timestamp_us ();
+	data->async.wait_start_us = nm_utils_get_monotonic_timestamp_usec ();
 
 	if (sig != SIGKILL && wait_before_kill_msec > 0) {
 		data->async.source_timeout_kill_id = g_timeout_add (wait_before_kill_msec, _kc_cb_timeout_grace_period, data);
@@ -694,7 +694,7 @@ nm_utils_kill_child_sync (pid_t pid, int sig, NMLogDomain log_domain, const char
 		goto out;
 	}
 
-	wait_start_us = nm_utils_get_monotonic_timestamp_us ();
+	wait_start_us = nm_utils_get_monotonic_timestamp_usec ();
 
 	/* wait for the process to terminated... */
 	if (sig != SIGKILL) {
@@ -728,7 +728,7 @@ nm_utils_kill_child_sync (pid_t pid, int sig, NMLogDomain log_domain, const char
 			if (!wait_until)
 				break;
 
-			now = nm_utils_get_monotonic_timestamp_us ();
+			now = nm_utils_get_monotonic_timestamp_usec ();
 			if (now >= wait_until)
 				break;
 
@@ -871,7 +871,7 @@ nm_utils_kill_process_sync (pid_t pid, guint64 start_time, int sig, NMLogDomain
 
 	/* wait for the process to terminate... */
 
-	wait_start_us = nm_utils_get_monotonic_timestamp_us ();
+	wait_start_us = nm_utils_get_monotonic_timestamp_usec ();
 
 	sleep_duration_usec = _sleep_duration_convert_ms_to_us (sleep_duration_msec);
 	if (sig != SIGKILL && wait_before_kill_msec)
@@ -922,7 +922,7 @@ nm_utils_kill_process_sync (pid_t pid, guint64 start_time, int sig, NMLogDomain
 		}
 
 		sleep_time = sleep_duration_usec;
-		now = nm_utils_get_monotonic_timestamp_us ();
+		now = nm_utils_get_monotonic_timestamp_usec ();
 
 		if (   max_wait_until != 0
 		    && now >= max_wait_until) {
@@ -2453,13 +2453,13 @@ _host_id_read_timestamp (gboolean use_secret_key_file,
 	 * is not stable across restarts, but apparently neither is the host-id
 	 * nor the secret_key itself. */
 
-#define EPOCH_TWO_YEARS  (G_GINT64_CONSTANT (2 * 365 * 24 * 3600) * NM_UTILS_NS_PER_SECOND)
+#define EPOCH_TWO_YEARS  (G_GINT64_CONSTANT (2 * 365 * 24 * 3600) * NM_UTILS_NSEC_PER_SEC)
 
 	v = nm_hash_siphash42 (1156657133u, host_id, host_id_len);
 
 	now = time (NULL);
 	*out_timestamp_ns = NM_MAX ((gint64) 1,
-	                            (now * NM_UTILS_NS_PER_SECOND) - ((gint64) (v % ((guint64) (EPOCH_TWO_YEARS)))));
+	                            (now * NM_UTILS_NSEC_PER_SEC) - ((gint64) (v % ((guint64) (EPOCH_TWO_YEARS)))));
 	return FALSE;
 }
 
@@ -3721,7 +3721,7 @@ nm_utils_lifetime_get (guint32 timestamp,
 	}
 
 	if (now <= 0)
-		now = nm_utils_get_monotonic_timestamp_s ();
+		now = nm_utils_get_monotonic_timestamp_sec ();
 
 	t_lifetime = nm_utils_lifetime_rebase_relative_time_on_now (timestamp, lifetime, now);
 	if (!t_lifetime) {
diff --git a/src/nm-dbus-manager.c b/src/nm-dbus-manager.c
index 3f6f8115e2..f2d63b4bdc 100644
--- a/src/nm-dbus-manager.c
+++ b/src/nm-dbus-manager.c
@@ -523,7 +523,7 @@ _get_caller_info_ensure (NMDBusManager *self,
 	gint64 now_ns;
 	gsize num;
 
-#define CALLER_INFO_MAX_AGE   (NM_UTILS_NS_PER_SECOND * 1)
+#define CALLER_INFO_MAX_AGE   (NM_UTILS_NSEC_PER_SEC * 1)
 
 	/* Linear search the cache for the sender.
 	 *
@@ -564,7 +564,7 @@ _get_caller_info_ensure (NMDBusManager *self,
 		}
 	}
 
-	now_ns = nm_utils_get_monotonic_timestamp_ns ();
+	now_ns = nm_utils_get_monotonic_timestamp_nsec ();
 
 	if (   ensure_uid
 	    && (now_ns - caller_info->uid_checked_at) > CALLER_INFO_MAX_AGE) {
diff --git a/src/nm-logging.c b/src/nm-logging.c
index 34dd2797aa..9e0aa16563 100644
--- a/src/nm-logging.c
+++ b/src/nm-logging.c
@@ -730,7 +730,7 @@ _nm_log_impl (const char *file,
 			char *iov_free_data[5];
 			char **iov_free = iov_free_data;
 
-			now = nm_utils_get_monotonic_timestamp_ns ();
+			now = nm_utils_get_monotonic_timestamp_nsec ();
 			boottime = nm_utils_monotonic_timestamp_as_boottime (now, 1);
 
 			_iovec_set_format_a (iov++, 30, "PRIORITY=%d", level_desc[level].syslog_level);
@@ -763,8 +763,8 @@ _nm_log_impl (const char *file,
 				_iovec_set_format (iov++, iov_free++, "CODE_FUNC=%s", func);
 			_iovec_set_format (iov++, iov_free++, "CODE_FILE=%s", file ?: "");
 			_iovec_set_format_a (iov++, 20, "CODE_LINE=%u", line);
-			_iovec_set_format_a (iov++, 60, "TIMESTAMP_MONOTONIC=%lld.%06lld", (long long) (now / NM_UTILS_NS_PER_SECOND), (long long) ((now % NM_UTILS_NS_PER_SECOND) / 1000));
-			_iovec_set_format_a (iov++, 60, "TIMESTAMP_BOOTTIME=%lld.%06lld", (long long) (boottime / NM_UTILS_NS_PER_SECOND), (long long) ((boottime % NM_UTILS_NS_PER_SECOND) / 1000));
+			_iovec_set_format_a (iov++, 60, "TIMESTAMP_MONOTONIC=%lld.%06lld", (long long) (now / NM_UTILS_NSEC_PER_SEC), (long long) ((now % NM_UTILS_NSEC_PER_SEC) / 1000));
+			_iovec_set_format_a (iov++, 60, "TIMESTAMP_BOOTTIME=%lld.%06lld", (long long) (boottime / NM_UTILS_NSEC_PER_SEC), (long long) ((boottime % NM_UTILS_NSEC_PER_SEC) / 1000));
 			if (error != 0)
 				_iovec_set_format_a (iov++, 30, "ERRNO=%d", error);
 			if (ifname)
@@ -865,7 +865,7 @@ nm_log_handler (const char *log_domain,
 		{
 			gint64 now, boottime;
 
-			now = nm_utils_get_monotonic_timestamp_ns ();
+			now = nm_utils_get_monotonic_timestamp_nsec ();
 			boottime = nm_utils_monotonic_timestamp_as_boottime (now, 1);
 
 			sd_journal_send ("PRIORITY=%d", syslog_priority,
@@ -875,8 +875,8 @@ nm_log_handler (const char *log_domain,
 			                 "SYSLOG_FACILITY=3",
 			                 "GLIB_DOMAIN=%s", log_domain ?: "",
 			                 "GLIB_LEVEL=%d", (int) (level & G_LOG_LEVEL_MASK),
-			                 "TIMESTAMP_MONOTONIC=%lld.%06lld", (long long) (now / NM_UTILS_NS_PER_SECOND), (long long) ((now % NM_UTILS_NS_PER_SECOND) / 1000),
-			                 "TIMESTAMP_BOOTTIME=%lld.%06lld", (long long) (boottime / NM_UTILS_NS_PER_SECOND), (long long) ((boottime % NM_UTILS_NS_PER_SECOND) / 1000),
+			                 "TIMESTAMP_MONOTONIC=%lld.%06lld", (long long) (now / NM_UTILS_NSEC_PER_SEC), (long long) ((now % NM_UTILS_NSEC_PER_SEC) / 1000),
+			                 "TIMESTAMP_BOOTTIME=%lld.%06lld", (long long) (boottime / NM_UTILS_NSEC_PER_SEC), (long long) ((boottime % NM_UTILS_NSEC_PER_SEC) / 1000),
 			                 NULL);
 		}
 		break;
@@ -996,7 +996,7 @@ nm_logging_init (const char *logging_backend, gboolean debug)
 	if (fetch_monotonic_timestamp) {
 		/* ensure we read a monotonic timestamp. Reading the timestamp the first
 		 * time causes a logging message. We don't want to do that during _nm_log_impl. */
-		nm_utils_get_monotonic_timestamp_ns ();
+		nm_utils_get_monotonic_timestamp_nsec ();
 	}
 
 	if (obsolete_debug_backend)
diff --git a/src/nm-manager.c b/src/nm-manager.c
index 132cf5a0d8..13e01c0b7c 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -6242,29 +6242,12 @@ done:
 /* Permissions */
 
 static void
-get_perm_add_result (NMManager *self, NMAuthChain *chain, GVariantBuilder *results, const char *permission)
-{
-	NMAuthCallResult result;
-
-	result = nm_auth_chain_get_result (chain, permission);
-	if (result == NM_AUTH_CALL_RESULT_YES)
-		g_variant_builder_add (results, "{ss}", permission, "yes");
-	else if (result == NM_AUTH_CALL_RESULT_NO)
-		g_variant_builder_add (results, "{ss}", permission, "no");
-	else if (result == NM_AUTH_CALL_RESULT_AUTH)
-		g_variant_builder_add (results, "{ss}", permission, "auth");
-	else {
-		_LOGD (LOGD_CORE, "unknown auth chain result %d", result);
-	}
-}
-
-static void
 get_permissions_done_cb (NMAuthChain *chain,
                          GDBusMethodInvocation *context,
                          gpointer user_data)
 {
-	NMManager *self = NM_MANAGER (user_data);
 	GVariantBuilder results;
+	int i;
 
 	nm_assert (G_IS_DBUS_METHOD_INVOCATION (context));
 
@@ -6272,22 +6255,15 @@ get_permissions_done_cb (NMAuthChain *chain,
 
 	g_variant_builder_init (&results, G_VARIANT_TYPE ("a{ss}"));
 
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SLEEP_WAKE);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIMAX);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_NETWORK_CONTROL);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_OWN);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_RELOAD);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS);
-	get_perm_add_result (self, chain, &results, NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK);
+	for (i = 0; i < (int) G_N_ELEMENTS (nm_auth_permission_sorted); i++) {
+		const char *permission = nm_auth_permission_names_by_idx[nm_auth_permission_sorted[i] - 1];
+		NMAuthCallResult result;
+		const char *result_str;
+
+		result = nm_auth_chain_get_result (chain, permission);
+		result_str = nm_client_permission_result_to_string (nm_auth_call_result_to_client (result));
+		g_variant_builder_add (&results, "{ss}", permission, result_str);
+	}
 
 	g_dbus_method_invocation_return_value (context,
 	                                       g_variant_new ("(a{ss})", &results));
@@ -6305,6 +6281,7 @@ impl_manager_get_permissions (NMDBusObject *obj,
 	NMManager *self = NM_MANAGER (obj);
 	NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
 	NMAuthChain *chain;
+	int i;
 
 	chain = nm_auth_chain_new_context (invocation, get_permissions_done_cb, self);
 	if (!chain) {
@@ -6316,22 +6293,12 @@ impl_manager_get_permissions (NMDBusObject *obj,
 	}
 
 	c_list_link_tail (&priv->auth_lst_head, nm_auth_chain_parent_lst_list (chain));
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_NETWORK, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SLEEP_WAKE, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIFI, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WWAN, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_WIMAX, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_NETWORK_CONTROL, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_PROTECTED, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_WIFI_SHARE_OPEN, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_SYSTEM, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_OWN, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_GLOBAL_DNS, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_RELOAD, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_CHECKPOINT_ROLLBACK, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_STATISTICS, FALSE);
-	nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_ENABLE_DISABLE_CONNECTIVITY_CHECK, FALSE);
+
+	for (i = 0; i < (int) G_N_ELEMENTS (nm_auth_permission_sorted); i++) {
+		const char *permission = nm_auth_permission_names_by_idx[nm_auth_permission_sorted[i] - 1];
+
+		nm_auth_chain_add_call_unsafe (chain, permission, FALSE);
+	}
 }
 
 static void
diff --git a/src/nm-policy.c b/src/nm-policy.c
index d322b2efea..7fd818b675 100644
--- a/src/nm-policy.c
+++ b/src/nm-policy.c
@@ -195,7 +195,7 @@ static void
 expire_ip6_delegations (NMPolicy *self)
 {
 	NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE (self);
-	guint32 now = nm_utils_get_monotonic_timestamp_s ();
+	guint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	IP6PrefixDelegation *delegation = NULL;
 	guint i;
 
@@ -1549,7 +1549,7 @@ reset_connections_retries (gpointer user_data)
 	priv->reset_retries_id = 0;
 
 	min_stamp = 0;
-	now = nm_utils_get_monotonic_timestamp_s ();
+	now = nm_utils_get_monotonic_timestamp_sec ();
 	connections = nm_settings_get_connections (priv->settings, NULL);
 	for (i = 0; connections[i]; i++) {
 		NMSettingsConnection *connection = connections[i];
@@ -1594,7 +1594,7 @@ _connection_autoconnect_retries_set (NMPolicy *self,
 			gint32 retry_time = nm_settings_connection_autoconnect_retries_blocked_until (connection);
 
 			g_warn_if_fail (retry_time != 0);
-			priv->reset_retries_id = g_timeout_add_seconds (MAX (0, retry_time - nm_utils_get_monotonic_timestamp_s ()), reset_connections_retries, self);
+			priv->reset_retries_id = g_timeout_add_seconds (MAX (0, retry_time - nm_utils_get_monotonic_timestamp_sec ()), reset_connections_retries, self);
 		}
 	}
 }
diff --git a/src/platform/nm-fake-platform.c b/src/platform/nm-fake-platform.c
index 6aae808aeb..9fa2791fec 100644
--- a/src/platform/nm-fake-platform.c
+++ b/src/platform/nm-fake-platform.c
@@ -980,7 +980,7 @@ ip4_address_add (NMPlatform *platform,
 	address.address = addr;
 	address.peer_address = peer_addr;
 	address.plen = plen;
-	address.timestamp = nm_utils_get_monotonic_timestamp_s ();
+	address.timestamp = nm_utils_get_monotonic_timestamp_sec ();
 	address.lifetime = lifetime;
 	address.preferred = preferred;
 	address.n_ifa_flags = flags;
@@ -1008,7 +1008,7 @@ ip6_address_add (NMPlatform *platform,
 	address.address = addr;
 	address.peer_address = (IN6_IS_ADDR_UNSPECIFIED (&peer_addr) || IN6_ARE_ADDR_EQUAL (&addr, &peer_addr)) ? in6addr_any : peer_addr;
 	address.plen = plen;
-	address.timestamp = nm_utils_get_monotonic_timestamp_s ();
+	address.timestamp = nm_utils_get_monotonic_timestamp_sec ();
 	address.lifetime = lifetime;
 	address.preferred = preferred;
 	address.n_ifa_flags = flags;
diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
index 305ae52e3a..4f8c900491 100644
--- a/src/platform/nm-linux-platform.c
+++ b/src/platform/nm-linux-platform.c
@@ -738,7 +738,7 @@ _addrtime_timestamp_to_nm (guint32 timestamp, gint32 *out_now_nm)
 
 	/* do all the calculations in milliseconds scale */
 
-	now_nm = nm_utils_get_monotonic_timestamp_ms ();
+	now_nm = nm_utils_get_monotonic_timestamp_msec ();
 	now_nl = nm_utils_clock_gettime_ms (CLOCK_MONOTONIC);
 
 	nm_assert (now_nm >= 1000);
@@ -748,13 +748,13 @@ _addrtime_timestamp_to_nm (guint32 timestamp, gint32 *out_now_nm)
 
 	NM_SET_OUT (out_now_nm, now_nm / 1000);
 
-	/* converting the timestamp into nm_utils_get_monotonic_timestamp_ms() scale is
+	/* converting the timestamp into nm_utils_get_monotonic_timestamp_msec() scale is
 	 * a good guess but fails in the following situations:
 	 *
 	 * - If the address existed before start of the process, the timestamp in nm scale would
 	 *   be negative or zero. In this case we default to 1.
 	 * - during hibernation, the CLOCK_MONOTONIC/timestamp drifts from
-	 *   nm_utils_get_monotonic_timestamp_ms() scale.
+	 *   nm_utils_get_monotonic_timestamp_msec() scale.
 	 */
 	if (result <= 1000)
 		return 1;
@@ -809,7 +809,7 @@ _addrtime_get_lifetimes (guint32 timestamp,
 		if (now == 0) {
 			/* strange. failed to detect the last-update time and assumed that timestamp is 1. */
 			nm_assert (timestamp == 1);
-			now = nm_utils_get_monotonic_timestamp_s ();
+			now = nm_utils_get_monotonic_timestamp_sec ();
 		}
 		if (timestamp < now) {
 			guint32 diff = now - timestamp;
@@ -5030,14 +5030,14 @@ delayed_action_to_string_full (DelayedActionType action_type, gpointer user_data
 		data = user_data;
 
 		if (data) {
-			gint64 timeout = data->timeout_abs_ns - nm_utils_get_monotonic_timestamp_ns ();
+			gint64 timeout = data->timeout_abs_ns - nm_utils_get_monotonic_timestamp_nsec ();
 			char b[255];
 
 			nm_utils_strbuf_append (&buf, &buf_size, " (seq %u, timeout in %s%"G_GINT64_FORMAT".%09"G_GINT64_FORMAT", response-type %d%s%s)",
 			                        data->seq_number,
 			                        timeout < 0 ? "-" : "",
-			                        (timeout < 0 ? -timeout : timeout) / NM_UTILS_NS_PER_SECOND,
-			                        (timeout < 0 ? -timeout : timeout) % NM_UTILS_NS_PER_SECOND,
+			                        (timeout < 0 ? -timeout : timeout) / NM_UTILS_NSEC_PER_SEC,
+			                        (timeout < 0 ? -timeout : timeout) % NM_UTILS_NSEC_PER_SEC,
 			                        (int) data->response_type,
 			                        data->seq_result ? ", " : "",
 			                        data->seq_result ? wait_for_nl_response_to_string (data->seq_result, NULL, b, sizeof (b)) : "");
@@ -5139,7 +5139,7 @@ delayed_action_wait_for_nl_response_complete_check (NMPlatform *platform,
 		if (data->seq_result)
 			delayed_action_wait_for_nl_response_complete (platform, i, data->seq_result);
 		else if (   p_now_ns
-		         && ((now_ns ?: (now_ns = nm_utils_get_monotonic_timestamp_ns ())) >= data->timeout_abs_ns)) {
+		         && ((now_ns ?: (now_ns = nm_utils_get_monotonic_timestamp_nsec ())) >= data->timeout_abs_ns)) {
 			/* the caller can optionally check for timeout by providing a p_now_ns argument. */
 			delayed_action_wait_for_nl_response_complete (platform, i, WAIT_FOR_NL_RESPONSE_RESULT_FAILED_TIMEOUT);
 		} else if (force_result != WAIT_FOR_NL_RESPONSE_RESULT_UNKNOWN)
@@ -5359,7 +5359,7 @@ delayed_action_schedule_WAIT_FOR_NL_RESPONSE (NMPlatform *platform,
 {
 	DelayedActionWaitForNlResponseData data = {
 		.seq_number = seq_number,
-		.timeout_abs_ns = nm_utils_get_monotonic_timestamp_ns () + (200 * (NM_UTILS_NS_PER_SECOND / 1000)),
+		.timeout_abs_ns = nm_utils_get_monotonic_timestamp_nsec () + (200 * (NM_UTILS_NSEC_PER_SEC / 1000)),
 		.out_seq_result = out_seq_result,
 		.out_errmsg = out_errmsg,
 		.response_type = response_type,
@@ -8799,7 +8799,7 @@ event_handler_read_netlink (NMPlatform *platform, gboolean wait_for_acks)
 	int r;
 	struct pollfd pfd;
 	gboolean any = FALSE;
-	int timeout_ms;
+	int timeout_msec;
 	struct {
 		guint32 seq_number;
 		gint64 timeout_abs_ns;
@@ -8880,12 +8880,12 @@ after_read:
 
 		_LOGT ("netlink: read: wait for ACK for sequence number %u...", next.seq_number);
 
-		timeout_ms = (next.timeout_abs_ns - next.now_ns) / (NM_UTILS_NS_PER_SECOND / 1000);
+		timeout_msec = (next.timeout_abs_ns - next.now_ns) / (NM_UTILS_NSEC_PER_SEC / 1000);
 
 		memset (&pfd, 0, sizeof (pfd));
 		pfd.fd = nl_socket_get_fd (priv->nlh);
 		pfd.events = POLLIN;
-		r = poll (&pfd, 1, MAX (1, timeout_ms));
+		r = poll (&pfd, 1, MAX (1, timeout_msec));
 
 		if (r == 0) {
 			/* timeout and there is nothing to read. */
diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c
index 6795dde772..2636df9a08 100644
--- a/src/platform/nm-platform.c
+++ b/src/platform/nm-platform.c
@@ -4048,7 +4048,7 @@ nm_platform_ip4_address_sync (NMPlatform *self,
 {
 	gs_unref_ptrarray GPtrArray *plat_addresses = NULL;
 	const NMPlatformIP4Address *known_address;
-	gint32 now = nm_utils_get_monotonic_timestamp_s ();
+	gint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	GHashTable *plat_subnets = NULL;
 	GHashTable *known_subnets = NULL;
 	gs_unref_hashtable GHashTable *known_addresses_idx = NULL;
@@ -4224,7 +4224,7 @@ nm_platform_ip6_address_sync (NMPlatform *self,
                               gboolean full_sync)
 {
 	gs_unref_ptrarray GPtrArray *plat_addresses = NULL;
-	gint32 now = nm_utils_get_monotonic_timestamp_s ();
+	gint32 now = nm_utils_get_monotonic_timestamp_sec ();
 	guint i_plat, i_know;
 	gs_unref_hashtable GHashTable *known_addresses_idx = NULL;
 	NMPLookup lookup;
@@ -4965,15 +4965,15 @@ nm_platform_ip_route_get (NMPlatform *self,
 #define IP4_DEV_ROUTE_BLACKLIST_GC_TIMEOUT_S ((int) (((IP4_DEV_ROUTE_BLACKLIST_TIMEOUT_MS + 999) * 3) / 1000))
 
 static gint64
-_ip4_dev_route_blacklist_timeout_ms_get (gint64 timeout_ms)
+_ip4_dev_route_blacklist_timeout_ms_get (gint64 timeout_msec)
 {
-	return timeout_ms >> 1;
+	return timeout_msec >> 1;
 }
 
 static gint64
-_ip4_dev_route_blacklist_timeout_ms_marked (gint64 timeout_ms)
+_ip4_dev_route_blacklist_timeout_ms_marked (gint64 timeout_msec)
 {
-	return !!(timeout_ms & ((gint64) 1));
+	return !!(timeout_msec & ((gint64) 1));
 }
 
 static gboolean
@@ -4992,7 +4992,7 @@ again:
 	if (!priv->ip4_dev_route_blacklist_hash)
 		goto out;
 
-	now_ms = nm_utils_get_monotonic_timestamp_ms ();
+	now_ms = nm_utils_get_monotonic_timestamp_msec ();
 
 	g_hash_table_iter_init (&iter, priv->ip4_dev_route_blacklist_hash);
 	while (g_hash_table_iter_next (&iter, (gpointer *) &p_obj, (gpointer *) &p_timeout_ms)) {
@@ -5055,7 +5055,7 @@ _ip4_dev_route_blacklist_notify_route (NMPlatform *self,
 	                                   (gpointer *) &p_timeout_ms))
 		return;
 
-	now_ms = nm_utils_get_monotonic_timestamp_ms ();
+	now_ms = nm_utils_get_monotonic_timestamp_msec ();
 	if (now_ms > _ip4_dev_route_blacklist_timeout_ms_get (*p_timeout_ms)) {
 		/* already expired. Wait for gc. */
 		return;
@@ -5086,7 +5086,7 @@ _ip4_dev_route_blacklist_gc_timeout_handle (gpointer user_data)
 
 	nm_assert (priv->ip4_dev_route_blacklist_gc_timeout_id);
 
-	now_ms = nm_utils_get_monotonic_timestamp_ms ();
+	now_ms = nm_utils_get_monotonic_timestamp_msec ();
 
 	g_hash_table_iter_init (&iter, priv->ip4_dev_route_blacklist_hash);
 	while (g_hash_table_iter_next (&iter, (gpointer *) &p_obj, (gpointer *) &p_timeout_ms)) {
@@ -5155,8 +5155,8 @@ nm_platform_ip4_dev_route_blacklist_set (NMPlatform *self,
 	GHashTableIter iter;
 	const NMPObject *p_obj;
 	guint i;
-	gint64 timeout_ms;
-	gint64 timeout_ms_val;
+	gint64 timeout_msec;
+	gint64 timeout_msec_val;
 	gint64 *p_timeout_ms;
 	gboolean needs_check = FALSE;
 
@@ -5191,8 +5191,8 @@ nm_platform_ip4_dev_route_blacklist_set (NMPlatform *self,
 			                                                            nm_g_slice_free_fcn_gint64);
 		}
 
-		timeout_ms = nm_utils_get_monotonic_timestamp_ms () + IP4_DEV_ROUTE_BLACKLIST_TIMEOUT_MS;
-		timeout_ms_val = (timeout_ms << 1) | ((gint64) 1);
+		timeout_msec = nm_utils_get_monotonic_timestamp_msec () + IP4_DEV_ROUTE_BLACKLIST_TIMEOUT_MS;
+		timeout_msec_val = (timeout_msec << 1) | ((gint64) 1);
 		for (i = 0; i < ip4_dev_route_blacklist->len; i++) {
 			const NMPObject *o;
 
@@ -5206,7 +5206,7 @@ nm_platform_ip4_dev_route_blacklist_set (NMPlatform *self,
 					/* un-expire and reuse the entry. */
 					_LOGT ("ip4-dev-route: register %s (update)",
 					       nmp_object_to_string (p_obj, NMP_OBJECT_TO_STRING_PUBLIC, NULL, 0));
-					*p_timeout_ms = timeout_ms_val;
+					*p_timeout_ms = timeout_msec_val;
 					continue;
 				}
 			}
@@ -5214,7 +5214,7 @@ nm_platform_ip4_dev_route_blacklist_set (NMPlatform *self,
 			_LOGT ("ip4-dev-route: register %s",
 			       nmp_object_to_string (o, NMP_OBJECT_TO_STRING_PUBLIC, NULL, 0));
 			p_timeout_ms = g_slice_new (gint64);
-			*p_timeout_ms = timeout_ms_val;
+			*p_timeout_ms = timeout_msec_val;
 			g_hash_table_replace (priv->ip4_dev_route_blacklist_hash,
 			                      (gpointer) nmp_object_ref (o),
 			                      p_timeout_ms);
@@ -6054,7 +6054,7 @@ nm_platform_ip4_address_to_string (const NMPlatformIP4Address *address, char *bu
 	char str_lft[30], str_pref[30], str_time[50], s_source[50];
 	char *str_peer = NULL;
 	const char *str_lft_p, *str_pref_p, *str_time_p;
-	gint32 now = nm_utils_get_monotonic_timestamp_s ();
+	gint32 now = nm_utils_get_monotonic_timestamp_sec ();
 
 	if (!nm_utils_to_string_buffer_init_null (address, &buf, &len))
 		return buf;
@@ -6167,7 +6167,7 @@ nm_platform_ip6_address_to_string (const NMPlatformIP6Address *address, char *bu
 	char str_dev[TO_STRING_DEV_BUF_SIZE];
 	char *str_peer = NULL;
 	const char *str_lft_p, *str_pref_p, *str_time_p;
-	gint32 now = nm_utils_get_monotonic_timestamp_s ();
+	gint32 now = nm_utils_get_monotonic_timestamp_sec ();
 
 	if (!nm_utils_to_string_buffer_init_null (address, &buf, &len))
 		return buf;
diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h
index 4bd8e34d1e..a31564ed3f 100644
--- a/src/platform/nm-platform.h
+++ b/src/platform/nm-platform.h
@@ -287,7 +287,7 @@ typedef enum {
 	 * 2 @lifetime==@preferred==NM_PLATFORM_LIFETIME_PERMANENT: @timestamp is irrelevant (but mostly
 	 *   set to 0). Such addresses are permanent.
 	 * 3 Non permanent addresses should (almost) always have @timestamp > 0. 0 is not a valid timestamp
-	 *   and never returned by nm_utils_get_monotonic_timestamp_s(). In this case @valid/@preferred
+	 *   and never returned by nm_utils_get_monotonic_timestamp_sec(). In this case @valid/@preferred
 	 *   is anchored at @timestamp.
 	 * 4 Non permanent addresses with @timestamp == 0 are implicitly anchored at *now*, thus the time
 	 *   moves as time goes by. This is usually not useful, except e.g. nm_platform_ip[46]_address_add().
@@ -325,7 +325,7 @@ typedef struct {
 
 /**
  * NMPlatformIP4Address:
- * @timestamp: timestamp as returned by nm_utils_get_monotonic_timestamp_s()
+ * @timestamp: timestamp as returned by nm_utils_get_monotonic_timestamp_sec()
  **/
 struct _NMPlatformIP4Address {
 	__NMPlatformIPAddress_COMMON;
@@ -349,7 +349,7 @@ struct _NMPlatformIP4Address {
 
 /**
  * NMPlatformIP6Address:
- * @timestamp: timestamp as returned by nm_utils_get_monotonic_timestamp_s()
+ * @timestamp: timestamp as returned by nm_utils_get_monotonic_timestamp_sec()
  **/
 struct _NMPlatformIP6Address {
 	__NMPlatformIPAddress_COMMON;
diff --git a/src/platform/tests/test-common.c b/src/platform/tests/test-common.c
index b93213ef74..7d31e920b8 100644
--- a/src/platform/tests/test-common.c
+++ b/src/platform/tests/test-common.c
@@ -553,7 +553,7 @@ _wait_for_signal_timeout (gpointer user_data)
 }
 
 guint
-nmtstp_wait_for_signal (NMPlatform *platform, gint64 timeout_ms)
+nmtstp_wait_for_signal (NMPlatform *platform, gint64 timeout_msec)
 {
 	WaitForSignalData data = { 0 };
 	gulong id_link, id_ip4_address, id_ip6_address, id_ip4_route, id_ip6_route;
@@ -568,7 +568,7 @@ nmtstp_wait_for_signal (NMPlatform *platform, gint64 timeout_ms)
 	id_ip4_route   = g_signal_connect (platform, NM_PLATFORM_SIGNAL_IP4_ROUTE_CHANGED, G_CALLBACK (_wait_for_signal_cb), &data);
 	id_ip6_route   = g_signal_connect (platform, NM_PLATFORM_SIGNAL_IP6_ROUTE_CHANGED, G_CALLBACK (_wait_for_signal_cb), &data);
 
-	/* if timeout_ms is negative, it means the wait-time already expired.
+	/* if timeout_msec is negative, it means the wait-time already expired.
 	 * Maybe, we should do nothing and return right away, without even
 	 * processing events from platform. However, that inconsistency (of not
 	 * processing events from mainloop) is inconvenient.
@@ -578,7 +578,7 @@ nmtstp_wait_for_signal (NMPlatform *platform, gint64 timeout_ms)
 	 * a zero timeout: we check whether there are any events pending in platform,
 	 * and quite the mainloop immediately afterwards. But we always check. */
 
-	data.id = g_timeout_add (CLAMP (timeout_ms, 0, G_MAXUINT32),
+	data.id = g_timeout_add (CLAMP (timeout_msec, 0, G_MAXUINT32),
 	                         _wait_for_signal_timeout, &data);
 
 	g_main_loop_run (data.loop);
@@ -603,7 +603,7 @@ nmtstp_wait_for_signal_until (NMPlatform *platform, gint64 until_ms)
 	guint signal_counts;
 
 	while (TRUE) {
-		now = nm_utils_get_monotonic_timestamp_ms ();
+		now = nm_utils_get_monotonic_timestamp_msec ();
 
 		if (until_ms < now)
 			return 0;
@@ -615,11 +615,11 @@ nmtstp_wait_for_signal_until (NMPlatform *platform, gint64 until_ms)
 }
 
 const NMPlatformLink *
-nmtstp_wait_for_link (NMPlatform *platform, const char *ifname, NMLinkType expected_link_type, gint64 timeout_ms)
+nmtstp_wait_for_link (NMPlatform *platform, const char *ifname, NMLinkType expected_link_type, gint64 timeout_msec)
 {
 	return nmtstp_wait_for_link_until (platform, ifname, expected_link_type,
-	                                   timeout_ms
-	                                     ? nm_utils_get_monotonic_timestamp_ms () + timeout_ms
+	                                   timeout_msec
+	                                     ? nm_utils_get_monotonic_timestamp_msec () + timeout_msec
 	                                     : 0);
 }
 
@@ -633,7 +633,7 @@ nmtstp_wait_for_link_until (NMPlatform *platform, const char *ifname, NMLinkType
 	_init_platform (&platform, FALSE);
 
 	while (TRUE) {
-		now = nm_utils_get_monotonic_timestamp_ms ();
+		now = nm_utils_get_monotonic_timestamp_msec ();
 
 		plink = nm_platform_link_get_by_ifname (platform, ifname);
 		if (   plink
@@ -704,7 +704,7 @@ nmtstp_ip_address_check_lifetime (const NMPlatformIPAddress *addr,
 	g_assert (addr);
 
 	if (now == -1)
-		now = nm_utils_get_monotonic_timestamp_s ();
+		now = nm_utils_get_monotonic_timestamp_sec ();
 	g_assert (now > 0);
 
 	g_assert (expected_preferred <= expected_lifetime);
@@ -750,7 +750,7 @@ nmtstp_ip_address_assert_lifetime (const NMPlatformIPAddress *addr,
 	g_assert (addr);
 
 	if (now == -1)
-		now = nm_utils_get_monotonic_timestamp_s ();
+		now = nm_utils_get_monotonic_timestamp_sec ();
 	g_assert (now > 0);
 
 	g_assert (expected_preferred <= expected_lifetime);
@@ -886,7 +886,7 @@ _ip_address_add (NMPlatform *platform,
 	}
 
 	/* Let's wait until we see the address. */
-	end_time = nm_utils_get_monotonic_timestamp_ms () + 500;
+	end_time = nm_utils_get_monotonic_timestamp_msec () + 500;
 	do {
 
 		if (external_command)
@@ -1091,7 +1091,7 @@ _ip_address_del (NMPlatform *platform,
 	}
 
 	/* Let's wait until we get the result */
-	end_time = nm_utils_get_monotonic_timestamp_ms () + 250;
+	end_time = nm_utils_get_monotonic_timestamp_msec () + 250;
 	do {
 		if (external_command)
 			nm_platform_process_events (platform);
@@ -1736,7 +1736,7 @@ nmtstp_link_delete (NMPlatform *platform,
 	}
 
 	/* Let's wait until we get the result */
-	end_time = nm_utils_get_monotonic_timestamp_ms () + 250;
+	end_time = nm_utils_get_monotonic_timestamp_msec () + 250;
 	do {
 		if (external_command)
 			nm_platform_process_events (platform);
@@ -1785,7 +1785,7 @@ nmtstp_link_set_updown (NMPlatform *platform,
 	}
 
 	/* Let's wait until we get the result */
-	end_time = nm_utils_get_monotonic_timestamp_ms () + 250;
+	end_time = nm_utils_get_monotonic_timestamp_msec () + 250;
 	do {
 		if (external_command)
 			nm_platform_process_events (platform);
diff --git a/src/platform/tests/test-common.h b/src/platform/tests/test-common.h
index c571df6a06..6f5a6cf62b 100644
--- a/src/platform/tests/test-common.h
+++ b/src/platform/tests/test-common.h
@@ -32,13 +32,13 @@
         const NMLogDomain __domain = (domain); \
         \
         if (nm_logging_enabled (__level, __domain)) { \
-            gint64 _ts = nm_utils_get_monotonic_timestamp_ns (); \
+            gint64 _ts = nm_utils_get_monotonic_timestamp_nsec (); \
             \
             _nm_log (__level, __domain, 0, NULL, NULL, \
                      "%s[%ld.%09ld]: " _NM_UTILS_MACRO_FIRST (__VA_ARGS__), \
                      _NMLOG_PREFIX_NAME, \
-                     (long) (_ts / NM_UTILS_NS_PER_SECOND), \
-                     (long) (_ts % NM_UTILS_NS_PER_SECOND) \
+                     (long) (_ts / NM_UTILS_NSEC_PER_SEC), \
+                     (long) (_ts % NM_UTILS_NSEC_PER_SEC) \
                      _NM_UTILS_MACRO_REST (__VA_ARGS__)); \
         } \
     } G_STMT_END
@@ -101,14 +101,14 @@ int nmtstp_run_command (const char *format, ...) _nm_printf (1, 2);
 
 /*****************************************************************************/
 
-guint nmtstp_wait_for_signal (NMPlatform *platform, gint64 timeout_ms);
+guint nmtstp_wait_for_signal (NMPlatform *platform, gint64 timeout_msec);
 guint nmtstp_wait_for_signal_until (NMPlatform *platform, gint64 until_ms);
-const NMPlatformLink *nmtstp_wait_for_link (NMPlatform *platform, const char *ifname, NMLinkType expected_link_type, gint64 timeout_ms);
+const NMPlatformLink *nmtstp_wait_for_link (NMPlatform *platform, const char *ifname, NMLinkType expected_link_type, gint64 timeout_msec);
 const NMPlatformLink *nmtstp_wait_for_link_until (NMPlatform *platform, const char *ifname, NMLinkType expected_link_type, gint64 until_ms);
 
-#define nmtstp_assert_wait_for_signal(platform, timeout_ms) \
+#define nmtstp_assert_wait_for_signal(platform, timeout_msec) \
 	G_STMT_START { \
-		if (nmtstp_wait_for_signal (platform, timeout_ms) == 0) \
+		if (nmtstp_wait_for_signal (platform, timeout_msec) == 0) \
 			g_assert_not_reached (); \
 	} G_STMT_END
 
@@ -118,8 +118,8 @@ const NMPlatformLink *nmtstp_wait_for_link_until (NMPlatform *platform, const ch
 			g_assert_not_reached (); \
 	} G_STMT_END
 
-#define nmtstp_assert_wait_for_link(platform, ifname, expected_link_type, timeout_ms) \
-	nmtst_assert_nonnull (nmtstp_wait_for_link (platform, ifname, expected_link_type, timeout_ms))
+#define nmtstp_assert_wait_for_link(platform, ifname, expected_link_type, timeout_msec) \
+	nmtst_assert_nonnull (nmtstp_wait_for_link (platform, ifname, expected_link_type, timeout_msec))
 
 #define nmtstp_assert_wait_for_link_until(platform, ifname, expected_link_type, until_ms) \
 	nmtst_assert_nonnull (nmtstp_wait_for_link_until (platform, ifname, expected_link_type, until_ms))
diff --git a/src/platform/tests/test-link.c b/src/platform/tests/test-link.c
index 37e1cde516..0e166a5f7f 100644
--- a/src/platform/tests/test-link.c
+++ b/src/platform/tests/test-link.c
@@ -2095,7 +2095,7 @@ test_vlan_set_xgress (void)
 static void
 test_create_many_links_do (guint n_devices)
 {
-	gint64 time, start_time = nm_utils_get_monotonic_timestamp_ns ();
+	gint64 time, start_time = nm_utils_get_monotonic_timestamp_nsec ();
 	guint i;
 	char name[64];
 	const NMPlatformLink *pllink;
@@ -2149,8 +2149,8 @@ test_create_many_links_do (guint n_devices)
 	_LOGI (">>> process events after deleting devices...");
 	nm_platform_process_events (NM_PLATFORM_GET);
 
-	time = nm_utils_get_monotonic_timestamp_ns () - start_time;
-	_LOGI (">>> finished in %ld.%09ld seconds", (long) (time / NM_UTILS_NS_PER_SECOND), (long) (time % NM_UTILS_NS_PER_SECOND));
+	time = nm_utils_get_monotonic_timestamp_nsec () - start_time;
+	_LOGI (">>> finished in %ld.%09ld seconds", (long) (time / NM_UTILS_NSEC_PER_SEC), (long) (time % NM_UTILS_NSEC_PER_SEC));
 }
 
 static void
diff --git a/src/platform/tests/test-route.c b/src/platform/tests/test-route.c
index f8b1bb9abf..e2c1ed80e4 100644
--- a/src/platform/tests/test-route.c
+++ b/src/platform/tests/test-route.c
@@ -19,7 +19,7 @@
 
 static void
 _wait_for_ipv4_addr_device_route (NMPlatform *platform,
-                                  gint64 timeout_ms,
+                                  gint64 timeout_msec,
                                   int ifindex,
                                   in_addr_t addr,
                                   guint8 plen)
@@ -55,7 +55,7 @@ _wait_for_ipv4_addr_device_route (NMPlatform *platform,
 
 static void
 _wait_for_ipv6_addr_non_tentative (NMPlatform *platform,
-                                   gint64 timeout_ms,
+                                   gint64 timeout_msec,
                                    int ifindex,
                                    guint addr_n,
                                    const struct in6_addr *addrs)
@@ -67,7 +67,7 @@ _wait_for_ipv6_addr_non_tentative (NMPlatform *platform,
 	 * small amount of time, which prevents the immediate addition of the route
 	 * with RTA_PREFSRC */
 
-	NMTST_WAIT_ASSERT (timeout_ms, {
+	NMTST_WAIT_ASSERT (timeout_msec, {
 		gboolean should_wait = FALSE;
 		const NMPlatformIP6Address *plt_addr;
 
diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c
index ccbab807ab..555d1e1a6f 100644
--- a/src/settings/nm-settings-connection.c
+++ b/src/settings/nm-settings-connection.c
@@ -2365,7 +2365,7 @@ _autoconnect_retries_set (NMSettingsConnection *self,
 		 * the tracking of resetting the retry count in NMPolicy needs adjustment
 		 * in _connection_autoconnect_retries_set() (as it would need to re-evaluate
 		 * the next-timeout every time a connection gets blocked). */
-		priv->autoconnect_retries_blocked_until = nm_utils_get_monotonic_timestamp_s () + AUTOCONNECT_RESET_RETRIES_TIMER;
+		priv->autoconnect_retries_blocked_until = nm_utils_get_monotonic_timestamp_sec () + AUTOCONNECT_RESET_RETRIES_TIMER;
 	}
 }
 
diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c
index f964fb16e4..bbf4595463 100644
--- a/src/settings/nm-settings.c
+++ b/src/settings/nm-settings.c
@@ -548,7 +548,7 @@ _startup_complete_check (NMSettings *self,
 		goto ready;
 
 	if (!now_us)
-		now_us = nm_utils_get_monotonic_timestamp_us ();
+		now_us = nm_utils_get_monotonic_timestamp_usec ();
 
 	next_expiry = 0;
 
@@ -654,7 +654,7 @@ _startup_complete_notify_connection (NMSettings *self,
 		} else
 			scd = g_hash_table_lookup (priv->startup_complete_idx, &sett_conn);
 		if (!scd) {
-			now_us = nm_utils_get_monotonic_timestamp_us ();
+			now_us = nm_utils_get_monotonic_timestamp_usec ();
 			scd = g_slice_new (StartupCompleteData);
 			*scd = (StartupCompleteData) {
 				.sett_conn = g_object_ref (sett_conn),
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-plugin.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-plugin.c
index f57ca1a7b2..c1396f7381 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-plugin.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-plugin.c
@@ -20,6 +20,7 @@
 #include "nm-utils.h"
 #include "nm-core-internal.h"
 #include "nm-config.h"
+#include "nm-dbus-manager.h"
 #include "settings/nm-settings-plugin.h"
 #include "settings/nm-settings-utils.h"
 #include "NetworkManagerUtils.h"
@@ -1132,6 +1133,13 @@ _dbus_setup (NMSIfcfgRHPlugin *self)
 
 	_dbus_clear (self);
 
+	if (!NM_MAIN_DBUS_CONNECTION_GET) {
+		_LOGW ("dbus: don't use D-Bus for %s service", IFCFGRH1_BUS_NAME);
+		return;
+	}
+
+	/* We use a separate D-Bus connection so that org.freedesktop.NetworkManager and com.redhat.ifcfgrh1
+	 * are exported by different connections. */
 	address = g_dbus_address_get_for_bus_sync (G_BUS_TYPE_SYSTEM, NULL, &error);
 	if (address == NULL) {
 		_LOGW ("dbus: failed getting address for system bus: %s", error->message);
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index a1d3236e9b..8fc72822de 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -3643,7 +3643,7 @@ make_wpa_setting (shvarFile *ifcfg,
 	gs_unref_object NMSettingWirelessSecurity *wsec = NULL;
 	gs_free char *value = NULL;
 	const char *v;
-	gboolean wpa_psk = FALSE, wpa_sae = FALSE, wpa_eap = FALSE, ieee8021x = FALSE;
+	gboolean wpa_psk = FALSE, wpa_sae = FALSE, wpa_owe = FALSE, wpa_eap = FALSE, ieee8021x = FALSE;
 	int i_val;
 	GError *local = NULL;
 
@@ -3652,10 +3652,12 @@ make_wpa_setting (shvarFile *ifcfg,
 	v = svGetValueStr (ifcfg, "KEY_MGMT", &value);
 	wpa_psk = nm_streq0 (v, "WPA-PSK");
 	wpa_sae = nm_streq0 (v, "SAE");
+	wpa_owe = nm_streq0 (v, "OWE");
 	wpa_eap = nm_streq0 (v, "WPA-EAP");
 	ieee8021x = nm_streq0 (v, "IEEE8021X");
 	if (   !wpa_psk
 	    && !wpa_sae
+	    && !wpa_owe
 	    && !wpa_eap
 	    && !ieee8021x)
 		return NULL; /* Not WPA or Dynamic WEP */
@@ -3671,7 +3673,7 @@ make_wpa_setting (shvarFile *ifcfg,
 	              NULL);
 
 	/* Pairwise and Group ciphers (only relevant for WPA/RSN) */
-	if (wpa_psk || wpa_sae || wpa_eap) {
+	if (wpa_psk || wpa_sae || wpa_owe || wpa_eap) {
 		fill_wpa_ciphers (ifcfg, wsec, FALSE, adhoc);
 		fill_wpa_ciphers (ifcfg, wsec, TRUE, adhoc);
 	}
@@ -3720,7 +3722,7 @@ make_wpa_setting (shvarFile *ifcfg,
 			g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL);
 		}
 	} else {
-		nm_assert (wpa_eap || ieee8021x);
+		nm_assert (wpa_eap || ieee8021x || wpa_owe);
 
 		/* Adhoc mode is mutually exclusive with any 802.1x-based authentication */
 		if (adhoc) {
@@ -3729,14 +3731,17 @@ make_wpa_setting (shvarFile *ifcfg,
 			return NULL;
 		}
 
-		*s_8021x = fill_8021x (ifcfg, file, v, TRUE, error);
-		if (!*s_8021x)
-			return NULL;
-
-		{
-			gs_free char *lower = g_ascii_strdown (v, -1);
+		if (wpa_owe) {
+			g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe", NULL);
+		} else {
+			*s_8021x = fill_8021x (ifcfg, file, v, TRUE, error);
+			if (!*s_8021x)
+				return NULL;
 
-			g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, lower, NULL);
+			{
+				gs_free char *lower = g_ascii_strdown (v, -1);
+				g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, lower, NULL);
+			}
 		}
 	}
 
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index d33845c28c..415242512e 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -583,6 +583,10 @@ write_wireless_security_setting (NMConnection *connection,
 		svSetValueStr (ifcfg, "KEY_MGMT", "SAE");
 		wpa = TRUE;
 		*no_8021x = TRUE;
+	} else if (!strcmp (key_mgmt, "owe")) {
+		svSetValueStr (ifcfg, "KEY_MGMT", "OWE");
+		wpa = FALSE;
+		*no_8021x = TRUE;
 	} else if (!strcmp (key_mgmt, "ieee8021x")) {
 		svSetValueStr (ifcfg, "KEY_MGMT", "IEEE8021X");
 		dynamic_wep = TRUE;
diff --git a/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-owe b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-owe
new file mode 100644
index 0000000000..354046ad08
--- /dev/null
+++ b/src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wifi-owe
@@ -0,0 +1,5 @@
+TYPE=Wireless
+DEVICE=wlan1
+ESSID=blahblah_owe
+MODE=Managed
+KEY_MGMT=OWE
diff --git a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
index 675421d3c8..74f8afc907 100644
--- a/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
+++ b/src/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
@@ -3035,6 +3035,45 @@ test_read_wifi_sae (void)
 }
 
 static void
+test_read_wifi_owe (void)
+{
+	gs_unref_object NMConnection *connection = NULL;
+	NMSettingConnection *s_con;
+	NMSettingWireless *s_wireless;
+	NMSettingWirelessSecurity *s_wsec;
+	GBytes *ssid;
+	const char *expected_ssid = "blahblah_owe";
+
+	connection = _connection_from_file (TEST_IFCFG_DIR"/ifcfg-test-wifi-owe",
+	                                    NULL, TYPE_WIRELESS, NULL);
+
+	s_con = nm_connection_get_setting_connection (connection);
+	g_assert (s_con);
+	g_assert_cmpstr (nm_setting_connection_get_id (s_con), ==, "System blahblah_owe (test-wifi-owe)");
+
+	g_assert_cmpint (nm_setting_connection_get_timestamp (s_con), ==, 0);
+	g_assert (nm_setting_connection_get_autoconnect (s_con));
+
+	s_wireless = nm_connection_get_setting_wireless (connection);
+	g_assert (s_wireless);
+
+	g_assert_cmpint (nm_setting_wireless_get_mtu (s_wireless), ==, 0);
+
+	ssid = nm_setting_wireless_get_ssid (s_wireless);
+	g_assert (ssid);
+	g_assert_cmpmem (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), expected_ssid, strlen (expected_ssid));
+
+	g_assert (!nm_setting_wireless_get_bssid (s_wireless));
+	g_assert_cmpstr (nm_setting_wireless_get_mode (s_wireless), ==, "infrastructure");
+
+	s_wsec = nm_connection_get_setting_wireless_security (connection);
+	g_assert (s_wsec);
+	g_assert_cmpstr (nm_setting_wireless_security_get_key_mgmt (s_wsec), ==, "owe");
+	g_assert (!nm_setting_wireless_security_get_psk (s_wsec));
+	g_assert (!nm_setting_wireless_security_get_auth_alg (s_wsec));
+}
+
+static void
 test_read_wifi_wpa_psk_2 (void)
 {
 	NMConnection *connection;
@@ -10322,6 +10361,7 @@ int main (int argc, char **argv)
 	g_test_add_func (TPATH "wifi/read/wpa-psk/adhoc", test_read_wifi_wpa_psk_adhoc);
 	g_test_add_func (TPATH "wifi/read/wpa-psk/hex", test_read_wifi_wpa_psk_hex);
 	g_test_add_func (TPATH "wifi/read/sae", test_read_wifi_sae);
+	g_test_add_func (TPATH "wifi/read/owe", test_read_wifi_owe);
 	g_test_add_func (TPATH "wifi/read/dynamic-wep/leap", test_read_wifi_dynamic_wep_leap);
 	g_test_add_func (TPATH "wifi/read/wpa/eap/tls", test_read_wifi_wpa_eap_tls);
 	g_test_add_func (TPATH "wifi/read/wpa/eap/ttls/tls", test_read_wifi_wpa_eap_ttls_tls);
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index dec4556d1c..8b9c0ceb40 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -867,8 +867,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
 		}
 	}
 
-	/* Don't try to enable PMF on non-WPA/SAE networks */
-	if (!NM_IN_STRSET (key_mgmt, "wpa-eap", "wpa-psk", "sae"))
+	/* Don't try to enable PMF on non-WPA/SAE/OWE networks */
+	if (!NM_IN_STRSET (key_mgmt, "wpa-eap", "wpa-psk", "sae", "owe"))
 		pmf = NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE;
 
 	/* Check if we actually support PMF */
@@ -885,7 +885,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
 	/* Only WPA-specific things when using WPA */
 	if (   !strcmp (key_mgmt, "wpa-psk")
 	    || !strcmp (key_mgmt, "wpa-eap")
-	    || !strcmp (key_mgmt, "sae")) {
+	    || !strcmp (key_mgmt, "sae")
+	    || !strcmp (key_mgmt, "owe")) {
 		if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, proto, protos, "proto", ' ', TRUE, NULL, error))
 			return FALSE;
 		if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, NULL, error))
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
index 6ef2931129..794955b3d9 100644
--- a/src/supplicant/nm-supplicant-interface.c
+++ b/src/supplicant/nm-supplicant-interface.c
@@ -160,7 +160,7 @@ typedef struct {
 
 	GHashTable *   peer_proxies;
 
-	gint64         last_scan; /* timestamp as returned by nm_utils_get_monotonic_timestamp_ms() */
+	gint64         last_scan; /* timestamp as returned by nm_utils_get_monotonic_timestamp_msec() */
 
 	NMSupplicantAuthState auth_state;
 } NMSupplicantInterfacePrivate;
@@ -241,7 +241,7 @@ bss_proxy_properties_changed_cb (GDBusProxy *proxy,
 	NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
 
 	if (priv->scanning)
-		priv->last_scan = nm_utils_get_monotonic_timestamp_ms ();
+		priv->last_scan = nm_utils_get_monotonic_timestamp_msec ();
 
 	g_signal_emit (self, signals[BSS_UPDATED], 0,
 	               g_dbus_proxy_get_object_path (proxy),
@@ -492,7 +492,7 @@ set_state (NMSupplicantInterface *self, NMSupplicantInterfaceState new_state)
 
 	if (   priv->state == NM_SUPPLICANT_INTERFACE_STATE_SCANNING
 	    || old_state == NM_SUPPLICANT_INTERFACE_STATE_SCANNING)
-		priv->last_scan = nm_utils_get_monotonic_timestamp_ms ();
+		priv->last_scan = nm_utils_get_monotonic_timestamp_msec ();
 
 	/* Disconnect reason is no longer relevant when not in the DISCONNECTED state */
 	if (priv->state != NM_SUPPLICANT_INTERFACE_STATE_DISCONNECTED)
@@ -554,7 +554,7 @@ set_scanning (NMSupplicantInterface *self, gboolean new_scanning)
 
 		/* Cache time of last scan completion */
 		if (priv->scanning == FALSE)
-			priv->last_scan = nm_utils_get_monotonic_timestamp_ms ();
+			priv->last_scan = nm_utils_get_monotonic_timestamp_msec ();
 
 		_notify (self, PROP_SCANNING);
 	}
@@ -1286,7 +1286,7 @@ wpas_iface_scan_done (GDBusProxy *proxy,
 	NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
 
 	/* Cache last scan completed time */
-	priv->last_scan = nm_utils_get_monotonic_timestamp_ms ();
+	priv->last_scan = nm_utils_get_monotonic_timestamp_msec ();
 	priv->scan_done_success |= success;
 	scan_done_emit_signal (self);
 }
@@ -1301,7 +1301,7 @@ wpas_iface_bss_added (GDBusProxy *proxy,
 	NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
 
 	if (priv->scanning)
-		priv->last_scan = nm_utils_get_monotonic_timestamp_ms ();
+		priv->last_scan = nm_utils_get_monotonic_timestamp_msec ();
 
 	bss_add_new (self, path);
 }
diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c
index bea17ede24..20287b8ca6 100644
--- a/src/supplicant/nm-supplicant-settings-verify.c
+++ b/src/supplicant/nm-supplicant-settings-verify.c
@@ -56,7 +56,7 @@ static const char *const key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT
                                                 "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384",
                                                 "FILS-SHA256", "FILS-SHA384",
                                                 "IEEE8021X", "SAE", "FT-SAE",
-                                                "NONE", NULL };
+                                                "OWE", "NONE", NULL };
 static const char *const auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
 static const char *const eap_allowed[] =      { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM",
                                                 "PSK", "FAST", "PWD", NULL };
diff --git a/src/systemd/src/libsystemd-network/sd-ipv4acd.c b/src/systemd/src/libsystemd-network/sd-ipv4acd.c
index 3efa8170b1..9f69088dea 100644
--- a/src/systemd/src/libsystemd-network/sd-ipv4acd.c
+++ b/src/systemd/src/libsystemd-network/sd-ipv4acd.c
@@ -443,7 +443,7 @@ int sd_ipv4acd_is_running(sd_ipv4acd *acd) {
         return acd->state != IPV4ACD_STATE_INIT;
 }
 
-int sd_ipv4acd_start(sd_ipv4acd *acd) {
+int sd_ipv4acd_start(sd_ipv4acd *acd, bool reset_conflicts) {
         int r;
 
         assert_return(acd, -EINVAL);
@@ -460,7 +460,9 @@ int sd_ipv4acd_start(sd_ipv4acd *acd) {
         safe_close(acd->fd);
         acd->fd = r;
         acd->defend_window = 0;
-        acd->n_conflict = 0;
+
+        if (reset_conflicts)
+                acd->n_conflict = 0;
 
         r = sd_event_add_io(acd->event, &acd->receive_message_event_source, acd->fd, EPOLLIN, ipv4acd_on_packet, acd);
         if (r < 0)
diff --git a/src/systemd/src/libsystemd-network/sd-ipv4ll.c b/src/systemd/src/libsystemd-network/sd-ipv4ll.c
index 2d17b4fe81..a610546c4f 100644
--- a/src/systemd/src/libsystemd-network/sd-ipv4ll.c
+++ b/src/systemd/src/libsystemd-network/sd-ipv4ll.c
@@ -243,7 +243,7 @@ static int ipv4ll_start_internal(sd_ipv4ll *ll, bool reset_generation) {
                 picked_address = true;
         }
 
-        r = sd_ipv4acd_start(ll->acd);
+        r = sd_ipv4acd_start(ll->acd, reset_generation);
         if (r < 0) {
 
                 /* We couldn't start? If so, let's forget the picked address again, the user might make a change and
diff --git a/src/systemd/src/libsystemd/sd-event/event-source.h b/src/systemd/src/libsystemd/sd-event/event-source.h
index 99ab8fc169..08eb9b6a61 100644
--- a/src/systemd/src/libsystemd/sd-event/event-source.h
+++ b/src/systemd/src/libsystemd/sd-event/event-source.h
@@ -34,7 +34,7 @@ typedef enum EventSourceType {
  * we know how to dispatch it */
 typedef enum WakeupType {
         WAKEUP_NONE,
-        WAKEUP_EVENT_SOURCE,
+        WAKEUP_EVENT_SOURCE, /* either I/O or pidfd wakeup */
         WAKEUP_CLOCK_DATA,
         WAKEUP_SIGNAL_DATA,
         WAKEUP_INOTIFY_DATA,
@@ -96,6 +96,12 @@ struct sd_event_source {
                         siginfo_t siginfo;
                         pid_t pid;
                         int options;
+                        int pidfd;
+                        bool registered:1; /* whether the pidfd is registered in the epoll */
+                        bool pidfd_owned:1; /* close pidfd when event source is freed */
+                        bool process_owned:1; /* kill+reap process when event source is freed */
+                        bool exited:1; /* true if process exited (i.e. if there's value in SIGKILLing it if we want to get rid of it) */
+                        bool waited:1; /* true if process was waited for (i.e. if there's value in waitid(P_PID)'ing it if we want to get rid of it) */
                 } child;
                 struct {
                         sd_event_handler_t callback;
diff --git a/src/systemd/src/libsystemd/sd-event/sd-event.c b/src/systemd/src/libsystemd/sd-event/sd-event.c
index 7c4566e342..8ffaa75d51 100644
--- a/src/systemd/src/libsystemd/sd-event/sd-event.c
+++ b/src/systemd/src/libsystemd/sd-event/sd-event.c
@@ -11,6 +11,7 @@
 #include "sd-id128.h"
 
 #include "alloc-util.h"
+#include "env-util.h"
 #include "event-source.h"
 #include "fd-util.h"
 #include "fs-util.h"
@@ -30,6 +31,14 @@
 
 #define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC)
 
+static bool EVENT_SOURCE_WATCH_PIDFD(sd_event_source *s) {
+        /* Returns true if this is a PID event source and can be implemented by watching EPOLLIN */
+        return s &&
+                s->type == SOURCE_CHILD &&
+                s->child.pidfd >= 0 &&
+                s->child.options == WEXITED;
+}
+
 static const char* const event_source_type_table[_SOURCE_EVENT_SOURCE_TYPE_MAX] = {
         [SOURCE_IO] = "io",
         [SOURCE_TIME_REALTIME] = "realtime",
@@ -358,8 +367,6 @@ static bool event_pid_changed(sd_event *e) {
 }
 
 static void source_io_unregister(sd_event_source *s) {
-        int r;
-
         assert(s);
         assert(s->type == SOURCE_IO);
 
@@ -369,8 +376,7 @@ static void source_io_unregister(sd_event_source *s) {
         if (!s->io.registered)
                 return;
 
-        r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, s->io.fd, NULL);
-        if (r < 0)
+        if (epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, s->io.fd, NULL) < 0)
                 log_debug_errno(errno, "Failed to remove source %s (type %s) from epoll: %m",
                                 strna(s->description), event_source_type_to_string(s->type));
 
@@ -406,6 +412,51 @@ static int source_io_register(
         return 0;
 }
 
+static void source_child_pidfd_unregister(sd_event_source *s) {
+        assert(s);
+        assert(s->type == SOURCE_CHILD);
+
+        if (event_pid_changed(s->event))
+                return;
+
+        if (!s->child.registered)
+                return;
+
+        if (EVENT_SOURCE_WATCH_PIDFD(s))
+                if (epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, s->child.pidfd, NULL) < 0)
+                        log_debug_errno(errno, "Failed to remove source %s (type %s) from epoll: %m",
+                                        strna(s->description), event_source_type_to_string(s->type));
+
+        s->child.registered = false;
+}
+
+static int source_child_pidfd_register(sd_event_source *s, int enabled) {
+        int r;
+
+        assert(s);
+        assert(s->type == SOURCE_CHILD);
+        assert(enabled != SD_EVENT_OFF);
+
+        if (EVENT_SOURCE_WATCH_PIDFD(s)) {
+                struct epoll_event ev;
+
+                ev = (struct epoll_event) {
+                        .events = EPOLLIN | (enabled == SD_EVENT_ONESHOT ? EPOLLONESHOT : 0),
+                        .data.ptr = s,
+                };
+
+                if (s->child.registered)
+                        r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_MOD, s->child.pidfd, &ev);
+                else
+                        r = epoll_ctl(s->event->epoll_fd, EPOLL_CTL_ADD, s->child.pidfd, &ev);
+                if (r < 0)
+                        return -errno;
+        }
+
+        s->child.registered = true;
+        return 0;
+}
+
 static clockid_t event_source_type_to_clock(EventSourceType t) {
 
         switch (t) {
@@ -616,9 +667,8 @@ static void event_gc_signal_data(sd_event *e, const int64_t *priority, int sig)
 
         assert(e);
 
-        /* Rechecks if the specified signal is still something we are
-         * interested in. If not, we'll unmask it, and possibly drop
-         * the signalfd for it. */
+        /* Rechecks if the specified signal is still something we are interested in. If not, we'll unmask it,
+         * and possibly drop the signalfd for it. */
 
         if (sig == SIGCHLD &&
             e->n_enabled_child_sources > 0)
@@ -709,9 +759,13 @@ static void source_disconnect(sd_event_source *s) {
                         }
 
                         (void) hashmap_remove(s->event->child_sources, PID_TO_PTR(s->child.pid));
-                        event_gc_signal_data(s->event, &s->priority, SIGCHLD);
                 }
 
+                if (EVENT_SOURCE_WATCH_PIDFD(s))
+                        source_child_pidfd_unregister(s);
+                else
+                        event_gc_signal_data(s->event, &s->priority, SIGCHLD);
+
                 break;
 
         case SOURCE_DEFER:
@@ -792,6 +846,44 @@ static void source_free(sd_event_source *s) {
         if (s->type == SOURCE_IO && s->io.owned)
                 s->io.fd = safe_close(s->io.fd);
 
+        if (s->type == SOURCE_CHILD) {
+                /* Eventually the kernel will do this automatically for us, but for now let's emulate this (unreliably) in userspace. */
+
+                if (s->child.process_owned) {
+
+                        if (!s->child.exited) {
+                                bool sent = false;
+
+                                if (s->child.pidfd >= 0) {
+                                        if (pidfd_send_signal(s->child.pidfd, SIGKILL, NULL, 0) < 0) {
+                                                if (errno == ESRCH) /* Already dead */
+                                                        sent = true;
+                                                else if (!ERRNO_IS_NOT_SUPPORTED(errno))
+                                                        log_debug_errno(errno, "Failed to kill process " PID_FMT " via pidfd_send_signal(), re-trying via kill(): %m",
+                                                                        s->child.pid);
+                                        } else
+                                                sent = true;
+                                }
+
+                                if (!sent)
+                                        if (kill(s->child.pid, SIGKILL) < 0)
+                                                if (errno != ESRCH) /* Already dead */
+                                                        log_debug_errno(errno, "Failed to kill process " PID_FMT " via kill(), ignoring: %m",
+                                                                        s->child.pid);
+                        }
+
+                        if (!s->child.waited) {
+                                siginfo_t si = {};
+
+                                /* Reap the child if we can */
+                                (void) waitid(P_PID, s->child.pid, &si, WEXITED);
+                        }
+                }
+
+                if (s->child.pidfd_owned)
+                        s->child.pidfd = safe_close(s->child.pidfd);
+        }
+
         if (s->destroy_callback)
                 s->destroy_callback(s->userdata);
 
@@ -1076,7 +1168,6 @@ _public_ int sd_event_add_signal(
 
         _cleanup_(source_freep) sd_event_source *s = NULL;
         struct signal_data *d;
-        sigset_t ss;
         int r;
 
         assert_return(e, -EINVAL);
@@ -1088,11 +1179,10 @@ _public_ int sd_event_add_signal(
         if (!callback)
                 callback = signal_exit_callback;
 
-        r = pthread_sigmask(SIG_SETMASK, NULL, &ss);
-        if (r != 0)
-                return -r;
-
-        if (!sigismember(&ss, sig))
+        r = signal_is_blocked(sig);
+        if (r < 0)
+                return r;
+        if (r == 0)
                 return -EBUSY;
 
         if (!e->signal_sources) {
@@ -1126,7 +1216,11 @@ _public_ int sd_event_add_signal(
 
         return 0;
 }
-#endif /* NM_IGNORED */
+
+static bool shall_use_pidfd(void) {
+        /* Mostly relevant for debugging, i.e. this is used in test-event.c to test the event loop once with and once without pidfd */
+        return getenv_bool_secure("SYSTEMD_PIDFD") != 0;
+}
 
 _public_ int sd_event_add_child(
                 sd_event *e,
@@ -1148,6 +1242,20 @@ _public_ int sd_event_add_child(
         assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
         assert_return(!event_pid_changed(e), -ECHILD);
 
+        if (e->n_enabled_child_sources == 0) {
+                /* Caller must block SIGCHLD before using us to watch children, even if pidfd is available,
+                 * for compatibility with pre-pidfd and because we don't want the reap the child processes
+                 * ourselves, i.e. call waitid(), and don't want Linux' default internal logic for that to
+                 * take effect.
+                 *
+                 * (As an optimization we only do this check on the first child event source created.) */
+                r = signal_is_blocked(SIGCHLD);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return -EBUSY;
+        }
+
         r = hashmap_ensure_allocated(&e->child_sources, NULL);
         if (r < 0)
                 return r;
@@ -1159,32 +1267,147 @@ _public_ int sd_event_add_child(
         if (!s)
                 return -ENOMEM;
 
+        s->wakeup = WAKEUP_EVENT_SOURCE;
         s->child.pid = pid;
         s->child.options = options;
         s->child.callback = callback;
         s->userdata = userdata;
         s->enabled = SD_EVENT_ONESHOT;
 
+        /* We always take a pidfd here if we can, even if we wait for anything else than WEXITED, so that we
+         * pin the PID, and make regular waitid() handling race-free. */
+
+        if (shall_use_pidfd()) {
+                s->child.pidfd = pidfd_open(s->child.pid, 0);
+                if (s->child.pidfd < 0) {
+                        /* Propagate errors unless the syscall is not supported or blocked */
+                        if (!ERRNO_IS_NOT_SUPPORTED(errno) && !ERRNO_IS_PRIVILEGE(errno))
+                                return -errno;
+                } else
+                        s->child.pidfd_owned = true; /* If we allocate the pidfd we own it by default */
+        } else
+                s->child.pidfd = -1;
+
         r = hashmap_put(e->child_sources, PID_TO_PTR(pid), s);
         if (r < 0)
                 return r;
 
         e->n_enabled_child_sources++;
 
-        r = event_make_signal_data(e, SIGCHLD, NULL);
-        if (r < 0) {
-                e->n_enabled_child_sources--;
-                return r;
-        }
+        if (EVENT_SOURCE_WATCH_PIDFD(s)) {
+                /* We have a pidfd and we only want to watch for exit */
+
+                r = source_child_pidfd_register(s, s->enabled);
+                if (r < 0) {
+                        e->n_enabled_child_sources--;
+                        return r;
+                }
+        } else {
+                /* We have no pidfd or we shall wait for some other event than WEXITED */
+
+                r = event_make_signal_data(e, SIGCHLD, NULL);
+                if (r < 0) {
+                        e->n_enabled_child_sources--;
+                        return r;
+                }
 
-        e->need_process_child = true;
+                e->need_process_child = true;
+        }
 
         if (ret)
                 *ret = s;
+
         TAKE_PTR(s);
+        return 0;
+}
+
+_public_ int sd_event_add_child_pidfd(
+                sd_event *e,
+                sd_event_source **ret,
+                int pidfd,
+                int options,
+                sd_event_child_handler_t callback,
+                void *userdata) {
+
+
+        _cleanup_(source_freep) sd_event_source *s = NULL;
+        pid_t pid;
+        int r;
+
+        assert_return(e, -EINVAL);
+        assert_return(e = event_resolve(e), -ENOPKG);
+        assert_return(pidfd >= 0, -EBADF);
+        assert_return(!(options & ~(WEXITED|WSTOPPED|WCONTINUED)), -EINVAL);
+        assert_return(options != 0, -EINVAL);
+        assert_return(callback, -EINVAL);
+        assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+        assert_return(!event_pid_changed(e), -ECHILD);
+
+        if (e->n_enabled_child_sources == 0) {
+                r = signal_is_blocked(SIGCHLD);
+                if (r < 0)
+                        return r;
+                if (r == 0)
+                        return -EBUSY;
+        }
+
+        r = hashmap_ensure_allocated(&e->child_sources, NULL);
+        if (r < 0)
+                return r;
+
+        r = pidfd_get_pid(pidfd, &pid);
+        if (r < 0)
+                return r;
 
+        if (hashmap_contains(e->child_sources, PID_TO_PTR(pid)))
+                return -EBUSY;
+
+        s = source_new(e, !ret, SOURCE_CHILD);
+        if (!s)
+                return -ENOMEM;
+
+        s->wakeup = WAKEUP_EVENT_SOURCE;
+        s->child.pidfd = pidfd;
+        s->child.pid = pid;
+        s->child.options = options;
+        s->child.callback = callback;
+        s->child.pidfd_owned = false; /* If we got the pidfd passed in we don't own it by default (similar to the IO fd case) */
+        s->userdata = userdata;
+        s->enabled = SD_EVENT_ONESHOT;
+
+        r = hashmap_put(e->child_sources, PID_TO_PTR(pid), s);
+        if (r < 0)
+                return r;
+
+        e->n_enabled_child_sources++;
+
+        if (EVENT_SOURCE_WATCH_PIDFD(s)) {
+                /* We only want to watch for WEXITED */
+
+                r = source_child_pidfd_register(s, s->enabled);
+                if (r < 0) {
+                        e->n_enabled_child_sources--;
+                        return r;
+                }
+        } else {
+                /* We shall wait for some other event than WEXITED */
+
+                r = event_make_signal_data(e, SIGCHLD, NULL);
+                if (r < 0) {
+                        e->n_enabled_child_sources--;
+                        return r;
+                }
+
+                e->need_process_child = true;
+        }
+
+        if (ret)
+                *ret = s;
+
+        TAKE_PTR(s);
         return 0;
 }
+#endif /* NM_IGNORED */
 
 _public_ int sd_event_add_defer(
                 sd_event *e,
@@ -1769,7 +1992,7 @@ _public_ int sd_event_source_set_io_fd(sd_event_source *s, int fd) {
                         return r;
                 }
 
-                epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, saved_fd, NULL);
+                (void) epoll_ctl(s->event->epoll_fd, EPOLL_CTL_DEL, saved_fd, NULL);
         }
 
         return 0;
@@ -2030,7 +2253,11 @@ _public_ int sd_event_source_set_enabled(sd_event_source *s, int m) {
                         assert(s->event->n_enabled_child_sources > 0);
                         s->event->n_enabled_child_sources--;
 
-                        event_gc_signal_data(s->event, &s->priority, SIGCHLD);
+                        if (EVENT_SOURCE_WATCH_PIDFD(s))
+                                source_child_pidfd_unregister(s);
+                        else
+                                event_gc_signal_data(s->event, &s->priority, SIGCHLD);
+
                         break;
 
                 case SOURCE_EXIT:
@@ -2104,12 +2331,25 @@ _public_ int sd_event_source_set_enabled(sd_event_source *s, int m) {
 
                         s->enabled = m;
 
-                        r = event_make_signal_data(s->event, SIGCHLD, NULL);
-                        if (r < 0) {
-                                s->enabled = SD_EVENT_OFF;
-                                s->event->n_enabled_child_sources--;
-                                event_gc_signal_data(s->event, &s->priority, SIGCHLD);
-                                return r;
+                        if (EVENT_SOURCE_WATCH_PIDFD(s)) {
+                                /* yes, we have pidfd */
+
+                                r = source_child_pidfd_register(s, s->enabled);
+                                if (r < 0) {
+                                        s->enabled = SD_EVENT_OFF;
+                                        s->event->n_enabled_child_sources--;
+                                        return r;
+                                }
+                        } else {
+                                /* no pidfd, or something other to watch for than WEXITED */
+
+                                r = event_make_signal_data(s->event, SIGCHLD, NULL);
+                                if (r < 0) {
+                                        s->enabled = SD_EVENT_OFF;
+                                        s->event->n_enabled_child_sources--;
+                                        event_gc_signal_data(s->event, &s->priority, SIGCHLD);
+                                        return r;
+                                }
                         }
 
                         break;
@@ -2232,6 +2472,98 @@ _public_ int sd_event_source_get_child_pid(sd_event_source *s, pid_t *pid) {
         return 0;
 }
 
+_public_ int sd_event_source_get_child_pidfd(sd_event_source *s) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_CHILD, -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+
+        if (s->child.pidfd < 0)
+                return -EOPNOTSUPP;
+
+        return s->child.pidfd;
+}
+
+_public_ int sd_event_source_send_child_signal(sd_event_source *s, int sig, const siginfo_t *si, unsigned flags) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_CHILD, -EDOM);
+        assert_return(!event_pid_changed(s->event), -ECHILD);
+        assert_return(SIGNAL_VALID(sig), -EINVAL);
+
+        /* If we already have seen indication the process exited refuse sending a signal early. This way we
+         * can be sure we don't accidentally kill the wrong process on PID reuse when pidfds are not
+         * available. */
+        if (s->child.exited)
+                return -ESRCH;
+
+        if (s->child.pidfd >= 0) {
+                siginfo_t copy;
+
+                /* pidfd_send_signal() changes the siginfo_t argument. This is weird, let's hence copy the
+                 * structure here */
+                if (si)
+                        copy = *si;
+
+                if (pidfd_send_signal(s->child.pidfd, sig, si ? &copy : NULL, 0) < 0) {
+                        /* Let's propagate the error only if the system call is not implemented or prohibited */
+                        if (!ERRNO_IS_NOT_SUPPORTED(errno) && !ERRNO_IS_PRIVILEGE(errno))
+                                return -errno;
+                } else
+                        return 0;
+        }
+
+        /* Flags are only supported for pidfd_send_signal(), not for rt_sigqueueinfo(), hence let's refuse
+         * this here. */
+        if (flags != 0)
+                return -EOPNOTSUPP;
+
+        if (si) {
+                /* We use rt_sigqueueinfo() only if siginfo_t is specified. */
+                siginfo_t copy = *si;
+
+                if (rt_sigqueueinfo(s->child.pid, sig, &copy) < 0)
+                        return -errno;
+        } else if (kill(s->child.pid, sig) < 0)
+                return -errno;
+
+        return 0;
+}
+
+_public_ int sd_event_source_get_child_pidfd_own(sd_event_source *s) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_CHILD, -EDOM);
+
+        if (s->child.pidfd < 0)
+                return -EOPNOTSUPP;
+
+        return s->child.pidfd_owned;
+}
+
+_public_ int sd_event_source_set_child_pidfd_own(sd_event_source *s, int own) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_CHILD, -EDOM);
+
+        if (s->child.pidfd < 0)
+                return -EOPNOTSUPP;
+
+        s->child.pidfd_owned = own;
+        return 0;
+}
+
+_public_ int sd_event_source_get_child_process_own(sd_event_source *s) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_CHILD, -EDOM);
+
+        return s->child.process_owned;
+}
+
+_public_ int sd_event_source_set_child_process_own(sd_event_source *s, int own) {
+        assert_return(s, -EINVAL);
+        assert_return(s->type == SOURCE_CHILD, -EDOM);
+
+        s->child.process_owned = own;
+        return 0;
+}
+
 _public_ int sd_event_source_get_inotify_mask(sd_event_source *s, uint32_t *mask) {
         assert_return(s, -EINVAL);
         assert_return(mask, -EINVAL);
@@ -2542,6 +2874,12 @@ static int process_child(sd_event *e) {
                 if (s->enabled == SD_EVENT_OFF)
                         continue;
 
+                if (s->child.exited)
+                        continue;
+
+                if (EVENT_SOURCE_WATCH_PIDFD(s)) /* There's a usable pidfd known for this event source? then don't waitid() for it here */
+                        continue;
+
                 zero(s->child.siginfo);
                 r = waitid(P_PID, s->child.pid, &s->child.siginfo,
                            WNOHANG | (s->child.options & WEXITED ? WNOWAIT : 0) | s->child.options);
@@ -2551,6 +2889,9 @@ static int process_child(sd_event *e) {
                 if (s->child.siginfo.si_pid != 0) {
                         bool zombie = IN_SET(s->child.siginfo.si_code, CLD_EXITED, CLD_KILLED, CLD_DUMPED);
 
+                        if (zombie)
+                                s->child.exited = true;
+
                         if (!zombie && (s->child.options & WEXITED)) {
                                 /* If the child isn't dead then let's
                                  * immediately remove the state change
@@ -2570,6 +2911,33 @@ static int process_child(sd_event *e) {
         return 0;
 }
 
+static int process_pidfd(sd_event *e, sd_event_source *s, uint32_t revents) {
+        assert(e);
+        assert(s);
+        assert(s->type == SOURCE_CHILD);
+
+        if (s->pending)
+                return 0;
+
+        if (s->enabled == SD_EVENT_OFF)
+                return 0;
+
+        if (!EVENT_SOURCE_WATCH_PIDFD(s))
+                return 0;
+
+        zero(s->child.siginfo);
+        if (waitid(P_PID, s->child.pid, &s->child.siginfo, WNOHANG | WNOWAIT | s->child.options) < 0)
+                return -errno;
+
+        if (s->child.siginfo.si_pid == 0)
+                return 0;
+
+        if (IN_SET(s->child.siginfo.si_code, CLD_EXITED, CLD_KILLED, CLD_DUMPED))
+                s->child.exited = true;
+
+        return source_set_pending(s, true);
+}
+
 static int process_signal(sd_event *e, struct signal_data *d, uint32_t events) {
         bool read_one = false;
         int r;
@@ -2854,8 +3222,10 @@ static int source_dispatch(sd_event_source *s) {
                 r = s->child.callback(s, &s->child.siginfo, s->userdata);
 
                 /* Now, reap the PID for good. */
-                if (zombie)
+                if (zombie) {
                         (void) waitid(P_PID, s->child.pid, &s->child.siginfo, WNOHANG|WEXITED);
+                        s->child.waited = true;
+                }
 
                 break;
         }
@@ -3056,6 +3426,11 @@ _public_ int sd_event_prepare(sd_event *e) {
         assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
         assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
 
+        /* Let's check that if we are a default event loop we are executed in the correct thread. We only do
+         * this check here once, since gettid() is typically not cached, and thus want to minimize
+         * syscalls */
+        assert_return(!e->default_event_ptr || e->tid == gettid(), -EREMOTEIO);
+
         if (e->exit_requested)
                 goto pending;
 
@@ -3151,12 +3526,33 @@ _public_ int sd_event_wait(sd_event *e, uint64_t timeout) {
 
                         switch (*t) {
 
-                        case WAKEUP_EVENT_SOURCE:
-                                r = process_io(e, ev_queue[i].data.ptr, ev_queue[i].events);
+                        case WAKEUP_EVENT_SOURCE: {
+                                sd_event_source *s = ev_queue[i].data.ptr;
+
+                                assert(s);
+
+                                switch (s->type) {
+
+                                case SOURCE_IO:
+                                        r = process_io(e, s, ev_queue[i].events);
+                                        break;
+
+                                case SOURCE_CHILD:
+                                        r = process_pidfd(e, s, ev_queue[i].events);
+                                        break;
+
+                                default:
+                                        assert_not_reached("Unexpected event source type");
+                                }
+
                                 break;
+                        }
 
                         case WAKEUP_CLOCK_DATA: {
                                 struct clock_data *d = ev_queue[i].data.ptr;
+
+                                assert(d);
+
                                 r = flush_timer(e, d->fd, ev_queue[i].events, &d->next);
                                 break;
                         }
@@ -3481,7 +3877,7 @@ _public_ int sd_event_set_watchdog(sd_event *e, int b) {
 
         } else {
                 if (e->watchdog_fd >= 0) {
-                        epoll_ctl(e->epoll_fd, EPOLL_CTL_DEL, e->watchdog_fd, NULL);
+                        (void) epoll_ctl(e->epoll_fd, EPOLL_CTL_DEL, e->watchdog_fd, NULL);
                         e->watchdog_fd = safe_close(e->watchdog_fd);
                 }
         }
diff --git a/src/systemd/src/libsystemd/sd-id128/id128-util.c b/src/systemd/src/libsystemd/sd-id128/id128-util.c
index f8f0883caf..11ae9037a3 100644
--- a/src/systemd/src/libsystemd/sd-id128/id128-util.c
+++ b/src/systemd/src/libsystemd/sd-id128/id128-util.c
@@ -14,7 +14,7 @@
 #include "stdio-util.h"
 
 #if 0 /* NM_IGNORED */
-char *id128_to_uuid_string(sd_id128_t id, char s[37]) {
+char *id128_to_uuid_string(sd_id128_t id, char s[static ID128_UUID_STRING_MAX]) {
         unsigned n, k = 0;
 
         assert(s);
diff --git a/src/systemd/src/libsystemd/sd-id128/id128-util.h b/src/systemd/src/libsystemd/sd-id128/id128-util.h
index 82a69a77f3..fe0149a8aa 100644
--- a/src/systemd/src/libsystemd/sd-id128/id128-util.h
+++ b/src/systemd/src/libsystemd/sd-id128/id128-util.h
@@ -8,7 +8,9 @@
 #include "hash-funcs.h"
 #include "macro.h"
 
-char *id128_to_uuid_string(sd_id128_t id, char s[37]);
+#define ID128_UUID_STRING_MAX 37
+
+char *id128_to_uuid_string(sd_id128_t id, char s[static ID128_UUID_STRING_MAX]);
 
 bool id128_is_valid(const char *s) _pure_;
 
diff --git a/src/systemd/src/systemd/sd-event.h b/src/systemd/src/systemd/sd-event.h
index b14c92697b..2ec726a897 100644
--- a/src/systemd/src/systemd/sd-event.h
+++ b/src/systemd/src/systemd/sd-event.h
@@ -23,6 +23,7 @@
 #include <sys/inotify.h>
 #include <sys/signalfd.h>
 #include <sys/types.h>
+#include <sys/wait.h>
 #include <time.h>
 
 #include "_sd-common.h"
@@ -89,6 +90,7 @@ int sd_event_add_io(sd_event *e, sd_event_source **s, int fd, uint32_t events, s
 int sd_event_add_time(sd_event *e, sd_event_source **s, clockid_t clock, uint64_t usec, uint64_t accuracy, sd_event_time_handler_t callback, void *userdata);
 int sd_event_add_signal(sd_event *e, sd_event_source **s, int sig, sd_event_signal_handler_t callback, void *userdata);
 int sd_event_add_child(sd_event *e, sd_event_source **s, pid_t pid, int options, sd_event_child_handler_t callback, void *userdata);
+int sd_event_add_child_pidfd(sd_event *e, sd_event_source **s, int pidfd, int options, sd_event_child_handler_t callback, void *userdata);
 int sd_event_add_inotify(sd_event *e, sd_event_source **s, const char *path, uint32_t mask, sd_event_inotify_handler_t callback, void *userdata);
 int sd_event_add_defer(sd_event *e, sd_event_source **s, sd_event_handler_t callback, void *userdata);
 int sd_event_add_post(sd_event *e, sd_event_source **s, sd_event_handler_t callback, void *userdata);
@@ -141,6 +143,16 @@ int sd_event_source_set_time_accuracy(sd_event_source *s, uint64_t usec);
 int sd_event_source_get_time_clock(sd_event_source *s, clockid_t *clock);
 int sd_event_source_get_signal(sd_event_source *s);
 int sd_event_source_get_child_pid(sd_event_source *s, pid_t *pid);
+int sd_event_source_get_child_pidfd(sd_event_source *s);
+int sd_event_source_get_child_pidfd_own(sd_event_source *s);
+int sd_event_source_set_child_pidfd_own(sd_event_source *s, int own);
+int sd_event_source_get_child_process_own(sd_event_source *s);
+int sd_event_source_set_child_process_own(sd_event_source *s, int own);
+#if defined _GNU_SOURCE || (defined _POSIX_C_SOURCE && _POSIX_C_SOURCE >= 199309L)
+int sd_event_source_send_child_signal(sd_event_source *s, int sig, const siginfo_t *si, unsigned flags);
+#else
+int sd_event_source_send_child_signal(sd_event_source *s, int sig, const void *si, unsigned flags);
+#endif
 int sd_event_source_get_inotify_mask(sd_event_source *s, uint32_t *ret);
 int sd_event_source_set_destroy_callback(sd_event_source *s, sd_event_destroy_t callback);
 int sd_event_source_get_destroy_callback(sd_event_source *s, sd_event_destroy_t *ret);
diff --git a/src/systemd/src/systemd/sd-ipv4acd.h b/src/systemd/src/systemd/sd-ipv4acd.h
index 039ed3c7f2..ebf723fc22 100644
--- a/src/systemd/src/systemd/sd-ipv4acd.h
+++ b/src/systemd/src/systemd/sd-ipv4acd.h
@@ -20,6 +20,7 @@
 
 #include <net/ethernet.h>
 #include <netinet/in.h>
+#include <stdbool.h>
 
 #include "sd-event.h"
 
@@ -44,7 +45,7 @@ int sd_ipv4acd_set_mac(sd_ipv4acd *acd, const struct ether_addr *addr);
 int sd_ipv4acd_set_ifindex(sd_ipv4acd *acd, int interface_index);
 int sd_ipv4acd_set_address(sd_ipv4acd *acd, const struct in_addr *address);
 int sd_ipv4acd_is_running(sd_ipv4acd *acd);
-int sd_ipv4acd_start(sd_ipv4acd *acd);
+int sd_ipv4acd_start(sd_ipv4acd *acd, bool reset_conflicts);
 int sd_ipv4acd_stop(sd_ipv4acd *acd);
 sd_ipv4acd *sd_ipv4acd_ref(sd_ipv4acd *acd);
 sd_ipv4acd *sd_ipv4acd_unref(sd_ipv4acd *acd);
diff --git a/src/tests/test-core-with-expect.c b/src/tests/test-core-with-expect.c
index 74e1043b33..555b962473 100644
--- a/src/tests/test-core-with-expect.c
+++ b/src/tests/test-core-with-expect.c
@@ -20,7 +20,7 @@
 static void
 test_nm_utils_monotonic_timestamp_as_boottime (void)
 {
-	gint64 timestamp_ns_per_tick, now, now_boottime, now_boottime_2, now_boottime_3;
+	gint64 timestamp_nsec_per_tick, now, now_boottime, now_boottime_2, now_boottime_3;
 	struct timespec tp;
 	clockid_t clockid;
 	guint i;
@@ -35,22 +35,22 @@ test_nm_utils_monotonic_timestamp_as_boottime (void)
 
 		if (clock_gettime (clockid, &tp) != 0)
 			g_assert_not_reached ();
-		now_boottime = ( ((gint64) tp.tv_sec) * NM_UTILS_NS_PER_SECOND ) + ((gint64) tp.tv_nsec);
+		now_boottime = ( ((gint64) tp.tv_sec) * NM_UTILS_NSEC_PER_SEC ) + ((gint64) tp.tv_nsec);
 
-		now = nm_utils_get_monotonic_timestamp_ns ();
+		now = nm_utils_get_monotonic_timestamp_nsec ();
 
 		now_boottime_2 = nm_utils_monotonic_timestamp_as_boottime (now, 1);
 		g_assert_cmpint (now_boottime_2, >=, 0);
 		g_assert_cmpint (now_boottime_2, >=, now_boottime);
-		g_assert_cmpint (now_boottime_2 - now_boottime, <=, NM_UTILS_NS_PER_SECOND / 10);
+		g_assert_cmpint (now_boottime_2 - now_boottime, <=, NM_UTILS_NSEC_PER_SEC / 10);
 
 		g_assert_cmpint (now, ==, nm_utils_monotonic_timestamp_from_boottime (now_boottime_2, 1));
 
-		for (timestamp_ns_per_tick = 1; timestamp_ns_per_tick <= NM_UTILS_NS_PER_SECOND; timestamp_ns_per_tick *= 10) {
-			now_boottime_3 = nm_utils_monotonic_timestamp_as_boottime (now / timestamp_ns_per_tick, timestamp_ns_per_tick);
+		for (timestamp_nsec_per_tick = 1; timestamp_nsec_per_tick <= NM_UTILS_NSEC_PER_SEC; timestamp_nsec_per_tick *= 10) {
+			now_boottime_3 = nm_utils_monotonic_timestamp_as_boottime (now / timestamp_nsec_per_tick, timestamp_nsec_per_tick);
 
-			g_assert_cmpint (now_boottime_2 / timestamp_ns_per_tick, ==, now_boottime_3);
-			g_assert_cmpint (now / timestamp_ns_per_tick, ==, nm_utils_monotonic_timestamp_from_boottime (now_boottime_3, timestamp_ns_per_tick));
+			g_assert_cmpint (now_boottime_2 / timestamp_nsec_per_tick, ==, now_boottime_3);
+			g_assert_cmpint (now / timestamp_nsec_per_tick, ==, nm_utils_monotonic_timestamp_from_boottime (now_boottime_3, timestamp_nsec_per_tick));
 		}
 	}
 }
diff --git a/src/tests/test-systemd.c b/src/tests/test-systemd.c
index faed0e567b..6425c29488 100644
--- a/src/tests/test-systemd.c
+++ b/src/tests/test-systemd.c
@@ -27,7 +27,7 @@ _nm_utils_set_testing (NMUtilsTestFlags flags)
 }
 
 gint32
-nm_utils_get_monotonic_timestamp_s (void)
+nm_utils_get_monotonic_timestamp_sec (void)
 {
 	return 1;
 }
author	Thomas Haller <thaller@redhat.com>	2019-12-17 09:58:12 +0100
committer	Thomas Haller <thaller@redhat.com>	2019-12-17 09:58:12 +0100
commit	bc2ca6e603002cef1f563fe1b3f0dca7af441baa (patch)
tree	2a0fbac06d5d5579e71dceaa25daf623e3dd739e
parent	7fe734f8bc0661ff476204a034eb987df43ee461 (diff)
parent	5f9bcc91c79c67073c62cf4edebddac56d9a1dc1 (diff)