diff --git a/board/common/rootfs/etc/finit.d/available/container@.conf b/board/common/rootfs/etc/finit.d/available/container@.conf
index 81fd0cf61..19facfb04 100644
--- a/board/common/rootfs/etc/finit.d/available/container@.conf
+++ b/board/common/rootfs/etc/finit.d/available/container@.conf
@@ -1,4 +1,4 @@
-service :%i pid:!/run/k8s-logger-%i.pid <usr/container:%i> \
-	[2345] k8s-logger -cni %i -f local1 /run/containers/%i.fifo -- Logger for container %i
-sysv    :%i pid:!/run/container:%i.pid <!pid/k8s-logger:%i> log kill:10 \
+task    name:container-%i :setup \
+	[2345] container -n %i setup -- Setup container %i
+sysv    <!usr/container:%i> :%i pid:!/run/container:%i.pid log:prio:local1,tag:%i kill:10 \
 	[2345] container -n %i -- container %i
diff --git a/board/common/rootfs/usr/bin/pager b/board/common/rootfs/usr/bin/pager
index d60c8137b..cea4c3ecb 100755
--- a/board/common/rootfs/usr/bin/pager
+++ b/board/common/rootfs/usr/bin/pager
@@ -5,11 +5,10 @@
 # -K :: exit immediately when an interrupt character (usually ^C) is typed
 # -R :: Almost raw control charachters, only ANSI color escape sequences and
 #       OSC 8 hyperlink sequences are output.  Allows veritcal scrolling
-# -S :: lines longer than the screen width are chopped (truncated), not wrapped
 # -X :: No termcap initialization and deinitialization set to the terminal.
 #       This is what leaves the contents of the output on screen.
 
 export LESS="-P %f (press h for help or q to quit)"
 export LANG=en_US.UTF-8
 
-less -RISKd -FX "$@"
+less -RIKd -FX "$@"
diff --git a/board/common/rootfs/usr/lib/tmpfiles.d/containers.conf b/board/common/rootfs/usr/lib/tmpfiles.d/containers.conf
new file mode 100644
index 000000000..cd7783f85
--- /dev/null
+++ b/board/common/rootfs/usr/lib/tmpfiles.d/containers.conf
@@ -0,0 +1,6 @@
+d  /run/containers/args		0700 - -
+d  /run/containers/files	0700 - -
+d  /var/lib/containers		0700 - -
+d  /var/lib/containers/oci	0700 - -
+d  /run/cni			0755 - -
+L+ /var/lib/cni                 -    - - - /run/cni
diff --git a/board/common/rootfs/usr/sbin/container b/board/common/rootfs/usr/sbin/container
index 96e9a5366..dc698c7e0 100755
--- a/board/common/rootfs/usr/sbin/container
+++ b/board/common/rootfs/usr/sbin/container
@@ -1,17 +1,17 @@
 #!/bin/sh
 # This script can be used to start, stop, create, and delete containers.
-# It is primarily used by confd to create jobs for execd to run from its
-# /run/containers/queue, but it can also be used manually.
+# It is what confd use, with the Finit container@.conf template, to set
+# up, run, and delete containers.
 #
 # NOTE: when creating/deleting containers, remember 'initctl reload' to
-#       activate the changes!  When called by confd, via execd, this is
-#       already handled.
+#       activate the changes!  In confd this is already handled.
 #
 DOWNLOADS=/var/lib/containers/oci
 BUILTIN=/lib/oci
 TMPDIR=/var/tmp
 checksum=""
 extracted=
+timeout=30
 dir=""
 all=""
 env=""
@@ -126,7 +126,17 @@ unpack_archive()
 	    fi
             ;;
 	*)			# docker://*, docker-archive:*, or URL
-	    echo "$image"
+	    if podman image exists "$image"; then
+		echo "$image"
+		return 0
+	    fi
+	    # XXX: use --retry=0 with Podman 5.0 or later.
+	    if ! id=$(podman pull --quiet "$image"); then
+		log "Failed pulling $image"
+		return 1
+	    fi
+	    # Echo image name to caller
+	    podman images --filter id="$id" --format "{{.Repository}}:{{.Tag}}"
 	    return 0
 	    ;;
     esac
@@ -216,13 +226,10 @@ create()
     fi
 
     if [ -z "$logging" ]; then
-	logging="--log-driver k8s-file --log-opt path=/run/containers/$name.fifo"
+	logging="--log-driver none"
     fi
 
-    # Pull quietly and don't retry on failure, we use execd for this,
-    # or user retry manually when run interactively, we may have other
-    # containers waiting to start that have an image locally already.
-    # Use --retry=0 with Podman 5.0 or later.
+    # When we get here we've already fetched, or pulled, the image
     args="$args --read-only --replace --quiet --cgroup-parent=containers $caps"
     args="$args --restart=$restart --systemd=false --tz=local $privileged"
     args="$args $vol $mount $hostname $entrypoint $env $port $logging"
@@ -253,6 +260,7 @@ create()
     if podman create --name "$name" --conmon-pidfile="$pidfn" $args "$image" $*; then
 	[ -n "$quiet"  ] || log "Successfully created container $name from $image"
 	[ -n "$manual" ] || start "$name"
+
 	# Should already be enabled by confd (this is for manual use)
 	initctl -bnq enable "container@${name}.conf"
 	exit 0
@@ -272,8 +280,16 @@ delete()
 	exit 1
     fi
 
-    # Should already be disabled (and stopped) by confd (this is for manual use)
-    initctl -bnq disable "container@${name}.conf"
+    # Should already be stopped, but if not ...
+    container stop "$name"
+
+    while running "$name"; do
+	_=$((timeout -= 1))
+	if [ $timeout -le 0 ]; then
+	    err 1 "timed out waiting for container $1 to stop before deleting it."
+	fi
+	sleep 1
+    done
 
     podman rm -vif "$name" >/dev/null 2>&1
     [ -n "$quiet" ] || log "Container $name has been removed."
@@ -281,7 +297,6 @@ delete()
 
 waitfor()
 {
-    timeout=$2
     while [ ! -f "$1" ]; do
 	_=$((timeout -= 1))
 	if [ $timeout -le 0 ]; then
@@ -353,6 +368,12 @@ netrestart()
     done
 }
 
+cleanup()
+{
+    log "Received signal, exiting."
+    exit 1
+}
+
 usage()
 {
 	cat <<EOF
@@ -386,6 +407,7 @@ options:
   -q, --quiet              Quiet operation, called from confd
   -r, --restart POLICY     One of "no", "always", or "on-failure:NUM"
   -s, --simple             Show output in simplified format
+  -t, --timeout SEC        Set timeout for delete/restart commands, default: 20
   -v, --volume NAME:PATH   Create named volume mounted inside container on PATH
 
 commands:
@@ -403,6 +425,7 @@ commands:
   restart [network] NAME   Restart a (crashed) container or container(s) using network
   run      NAME [CMD]      Run a container interactively, with an optional command
   save     IMAGE FILE      Save a container image to an OCI tarball FILE[.tar.gz]
+  setup    NAME            Create and set up container as a Finit task
   shell                    Start a shell inside a container
   show    [image | volume] Show containers, images, or volumes
   stat                     Show continuous stats about containers (Ctrl-C aborts)
@@ -525,6 +548,10 @@ while [ "$1" != "" ]; do
 	-s | --simple)
 	    simple=true
 	    ;;
+	-t | --timeout)
+	    shift
+	    timeout=$1
+	    ;;
 	-v | --volume)
 	    shift
 	    vol="$vol -v $1"
@@ -541,6 +568,8 @@ if [ -n "$cmd" ]; then
     shift
 fi
 
+trap cleanup INT TERM
+
 case $cmd in
     # Does not work atm., cannot attach to TTY because
     # we monitor 'podman start -ai foo' with Finit.
@@ -666,6 +695,20 @@ case $cmd in
 	    gzip "$file"
 	fi
 	;;
+    setup)
+	[ -n "$name" ] || err 1 "setup: missing container name."
+	script=/run/containers/${name}.sh
+	[ -x "$script" ] || err 1 "setup: $script does not exist or is not executable."
+	while ! "$script"; do
+	    # Wait for address/route changes, or retry every 60 secods
+	    # shellcheck disable=2162,3045
+	    ip monitor address route | while read -t 60 _; do break; done
+
+	    # On IP address/route changes, wait a few seconds more to ensure
+	    # the system has ample time to react and set things up for us.
+	    sleep 2
+	done
+	;;
     shell)
 	podman exec -it "$1" sh -l
 	;;
@@ -720,7 +763,6 @@ case $cmd in
 	    else
 		name=$1
 		stop "$name"
-		timeout=20
 		while running "$name"; do
 		    _=$((timeout -= 1))
 		    if [ $timeout -le 0 ]; then
@@ -781,7 +823,7 @@ case $cmd in
 	[ -n "$cmd" ] && shift
 	case $cmd in
 	    prune)
-		podman volume $force prune
+		podman volume prune $force
 		;;
 	    *)
 		false
diff --git a/configs/aarch64_defconfig b/configs/aarch64_defconfig
index cccc610e9..1b505875f 100644
--- a/configs/aarch64_defconfig
+++ b/configs/aarch64_defconfig
@@ -134,7 +134,6 @@ BR2_PACKAGE_CONFD=y
 BR2_PACKAGE_CONFD_TEST_MODE=y
 BR2_PACKAGE_CURIOS_HTTPD=y
 BR2_PACKAGE_CURIOS_NFTABLES=y
-BR2_PACKAGE_EXECD=y
 BR2_PACKAGE_GENCERT=y
 BR2_PACKAGE_STATD=y
 BR2_PACKAGE_FACTORY=y
@@ -147,7 +146,6 @@ BR2_PACKAGE_FINIT_RTC_FILE="/var/lib/misc/rtc"
 BR2_PACKAGE_FINIT_PLUGIN_TTY=y
 BR2_PACKAGE_FINIT_PLUGIN_URANDOM=y
 BR2_PACKAGE_IITO=y
-BR2_PACKAGE_K8S_LOGGER=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
 BR2_PACKAGE_LANDING=y
diff --git a/configs/r2s_defconfig b/configs/r2s_defconfig
index b41c3f625..c4c933bec 100644
--- a/configs/r2s_defconfig
+++ b/configs/r2s_defconfig
@@ -175,7 +175,6 @@ INFIX_HOME="https://github.com/kernelkit/infix/"
 INFIX_DOC="https://github.com/kernelkit/infix/tree/main/doc"
 INFIX_SUPPORT="mailto:kernelkit@googlegroups.com"
 BR2_PACKAGE_CONFD=y
-BR2_PACKAGE_EXECD=y
 BR2_PACKAGE_GENCERT=y
 BR2_PACKAGE_STATD=y
 BR2_PACKAGE_FACTORY=y
@@ -188,7 +187,6 @@ BR2_PACKAGE_FINIT_RTC_FILE="/var/lib/misc/rtc"
 BR2_PACKAGE_FINIT_PLUGIN_TTY=y
 BR2_PACKAGE_FINIT_PLUGIN_URANDOM=y
 BR2_PACKAGE_IITO=y
-BR2_PACKAGE_K8S_LOGGER=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
 BR2_PACKAGE_LANDING=y
diff --git a/configs/riscv64_defconfig b/configs/riscv64_defconfig
index 6b8b292fa..edab54d71 100644
--- a/configs/riscv64_defconfig
+++ b/configs/riscv64_defconfig
@@ -165,7 +165,6 @@ INFIX_DOC="https://github.com/kernelkit/infix/tree/main/doc"
 INFIX_SUPPORT="mailto:kernelkit@googlegroups.com"
 BR2_PACKAGE_CONFD=y
 # BR2_PACKAGE_CONFD_TEST_MODE is not set
-BR2_PACKAGE_EXECD=y
 BR2_PACKAGE_GENCERT=y
 BR2_PACKAGE_STATD=y
 BR2_PACKAGE_FACTORY=y
@@ -178,7 +177,6 @@ BR2_PACKAGE_FINIT_RTC_FILE="/var/lib/misc/rtc"
 BR2_PACKAGE_FINIT_PLUGIN_TTY=y
 BR2_PACKAGE_FINIT_PLUGIN_URANDOM=y
 BR2_PACKAGE_IITO=y
-BR2_PACKAGE_K8S_LOGGER=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
 BR2_PACKAGE_LANDING=y
diff --git a/configs/x86_64_defconfig b/configs/x86_64_defconfig
index f2b13bde8..5ec8fde0c 100644
--- a/configs/x86_64_defconfig
+++ b/configs/x86_64_defconfig
@@ -138,7 +138,6 @@ BR2_PACKAGE_CONFD=y
 BR2_PACKAGE_CONFD_TEST_MODE=y
 BR2_PACKAGE_CURIOS_HTTPD=y
 BR2_PACKAGE_CURIOS_NFTABLES=y
-BR2_PACKAGE_EXECD=y
 BR2_PACKAGE_GENCERT=y
 BR2_PACKAGE_STATD=y
 BR2_PACKAGE_FACTORY=y
@@ -151,7 +150,6 @@ BR2_PACKAGE_FINIT_RTC_FILE="/var/lib/misc/rtc"
 BR2_PACKAGE_FINIT_PLUGIN_TTY=y
 BR2_PACKAGE_FINIT_PLUGIN_URANDOM=y
 BR2_PACKAGE_IITO=y
-BR2_PACKAGE_K8S_LOGGER=y
 BR2_PACKAGE_KEYACK=y
 BR2_PACKAGE_KLISH_PLUGIN_INFIX=y
 BR2_PACKAGE_LANDING=y
diff --git a/doc/ChangeLog.md b/doc/ChangeLog.md
index d49808b30..bbdc231cf 100644
--- a/doc/ChangeLog.md
+++ b/doc/ChangeLog.md
@@ -10,15 +10,37 @@ All notable changes to the project are documented in this file.
 ### Changes
  - Allow setting IP address directly on VLAN filtering bridges.  This
    only works when the bridge is an untagged member of a (single) VLAN.
+ - cli: usability -- showing log files now automatically jump to the end
+   of the file, where the latest events are
+ - cli: usability -- showing container status, or other status that
+   overflows the terminal horizontally, now wrap the lines and exit the
+   pager immediately if the contents fit on the first screen
+ - The default log level of the mDNS responder, `avahi-daemon`, has been
+   adjusted to make it less verbose.  Now only `LOG_NOTICE` and higher
+   severity is logged -- making it very quiet
 
 ### Fixes
 
  - Fix #685: DSA conduit interface not always detected.  Previous
    attempt at a fix (v24.10.2) mitigated the issue, but did not
    completely solve it.
+ - Fix #835: redesign how the system creates/deletes containers from the
+   `running-config`.  Prior to this change, all removal and creation was
+   handled by a separate queue that ran asynchronously from the `confd`
+   process.  This could lead to situations where new configurations are
+   applied before the queue had been fully processed.  After this change
+   containers are deleted synchronously and new containers are created
+   in the same flow as during normal runtime operation (start/upgrade)
+ - Fix start of containers with `manual=True` option should now work
+   again, regression in v24.11.0
+ - Stop the zeroconf (IPv4LL) agent, `avahi-autoipd`, when removing an
+   interface, e.g., `br0`
+ - Creating more than one container trigger restarts of previously set
+   up containers.  Which in some cases may cause these earlier ones to
+   end up in an inconsistent state
  - Prevent traffic assigned to locally terminated VLANs from being
-   forwarded, when the underlying ports are simultaneously attached to a
-   VLAN filtering bridge.
+   forwarded, when the underlying ports are simultaneously attached to
+   a VLAN filtering bridge.
 
 
 [v24.11.0][] - 2024-11-20
diff --git a/package/execd/tmpfiles.conf b/package/execd/tmpfiles.conf
index 0d97bce62..a49d280e1 100644
--- a/package/execd/tmpfiles.conf
+++ b/package/execd/tmpfiles.conf
@@ -1,7 +1 @@
-d  /run/containers/args		0700 - -
-d  /run/containers/files	0700 - -
-d  /var/lib/containers/oci	0755 - -
-d  /run/containers/inbox	0700 - -
 d  /run/containers/queue	0700 - -
-d  /run/cni			0755 - -
-L+ /var/lib/cni                 -    - - - /run/cni
diff --git a/package/finit/0001-Only-mark-rdeps-dirty-if-main-service-is-nohup.patch b/package/finit/0001-Only-mark-rdeps-dirty-if-main-service-is-nohup.patch
index f53430df0..13e58c4c0 100644
--- a/package/finit/0001-Only-mark-rdeps-dirty-if-main-service-is-nohup.patch
+++ b/package/finit/0001-Only-mark-rdeps-dirty-if-main-service-is-nohup.patch
@@ -1,7 +1,7 @@
 From 46ffa81f5c88ce95db011369d8bfb802313e4217 Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Thu, 17 Oct 2024 14:23:24 +0200
-Subject: [PATCH 1/6] Only mark rdeps dirty if main service is nohup
+Subject: [PATCH 1/7] Only mark rdeps dirty if main service is nohup
 Organization: Addiva Elektronik
 
 This patch changes a behavior that's been default since Finit 4.0,
diff --git a/package/finit/0002-Reset-color-attributes-and-clear-screen-when-startin.patch b/package/finit/0002-Reset-color-attributes-and-clear-screen-when-startin.patch
index d20ea0e78..3deb81f2e 100644
--- a/package/finit/0002-Reset-color-attributes-and-clear-screen-when-startin.patch
+++ b/package/finit/0002-Reset-color-attributes-and-clear-screen-when-startin.patch
@@ -1,7 +1,7 @@
 From 119e66a7e9c95283918639b51dd03a3d666955f8 Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Mon, 28 Oct 2024 10:58:04 +0100
-Subject: [PATCH 2/6] Reset color attributes and clear screen when starting up
+Subject: [PATCH 2/7] Reset color attributes and clear screen when starting up
 Organization: Addiva Elektronik
 
 Some boot loaders, like GRUB, leave background color artifacts from
diff --git a/package/finit/0003-plugins-refactor-rtc.so.patch b/package/finit/0003-plugins-refactor-rtc.so.patch
index cd47adc64..6d9cdfb20 100644
--- a/package/finit/0003-plugins-refactor-rtc.so.patch
+++ b/package/finit/0003-plugins-refactor-rtc.so.patch
@@ -1,7 +1,7 @@
 From 0c0e880f3fdd38f7bbde618408378dc0a19ff005 Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Sun, 3 Nov 2024 09:39:46 +0100
-Subject: [PATCH 3/6] plugins: refactor rtc.so
+Subject: [PATCH 3/7] plugins: refactor rtc.so
 Organization: Addiva Elektronik
 
 Factor out time_set() and time_get() for readability and reuse.
diff --git a/package/finit/0004-Fix-418-support-systems-with-a-broken-RTC.patch b/package/finit/0004-Fix-418-support-systems-with-a-broken-RTC.patch
index bea15500e..ff03acbb1 100644
--- a/package/finit/0004-Fix-418-support-systems-with-a-broken-RTC.patch
+++ b/package/finit/0004-Fix-418-support-systems-with-a-broken-RTC.patch
@@ -1,7 +1,7 @@
 From bc8118d515839dc598f437aa01f07a771646968d Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Sun, 3 Nov 2024 09:47:16 +0100
-Subject: [PATCH 4/6] Fix #418: support systems with a broken RTC
+Subject: [PATCH 4/7] Fix #418: support systems with a broken RTC
 Organization: Addiva Elektronik
 
 This patch introduces a new configure option --with-rtc-file=FILE.  When
diff --git a/package/finit/0005-Fix-buggy-with-rtc-date-DATE-introduced-in-Finit-v4..patch b/package/finit/0005-Fix-buggy-with-rtc-date-DATE-introduced-in-Finit-v4..patch
index b2c2d86bb..7da579d57 100644
--- a/package/finit/0005-Fix-buggy-with-rtc-date-DATE-introduced-in-Finit-v4..patch
+++ b/package/finit/0005-Fix-buggy-with-rtc-date-DATE-introduced-in-Finit-v4..patch
@@ -1,7 +1,7 @@
 From 6be16f2f6d093ef495d0fe4313f7b05b4ba3e08f Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Sun, 3 Nov 2024 10:38:38 +0100
-Subject: [PATCH 5/6] Fix buggy --with-rtc-date=DATE, introduced in Finit v4.4
+Subject: [PATCH 5/7] Fix buggy --with-rtc-date=DATE, introduced in Finit v4.4
 Organization: Addiva Elektronik
 
 In 42ef3d3c, for v4.4-rc1, support for setting a custom RTC restore date
diff --git a/package/finit/0006-plugins-reduce-log-level-LOG_ERR-LOG_WARNING.patch b/package/finit/0006-plugins-reduce-log-level-LOG_ERR-LOG_WARNING.patch
index c76b9e16e..e8dca597e 100644
--- a/package/finit/0006-plugins-reduce-log-level-LOG_ERR-LOG_WARNING.patch
+++ b/package/finit/0006-plugins-reduce-log-level-LOG_ERR-LOG_WARNING.patch
@@ -1,7 +1,7 @@
 From 49c0557cedd8d3c1a2f74d27fa7db83dd529914a Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Sun, 3 Nov 2024 20:49:04 +0100
-Subject: [PATCH 6/6] plugins: reduce log level LOG_ERR -> LOG_WARNING
+Subject: [PATCH 6/7] plugins: reduce log level LOG_ERR -> LOG_WARNING
 Organization: Addiva Elektronik
 
 These plugins signal success and failure directly to the console, the
diff --git a/package/finit/0007-Fix-unintended-restart-of-template-siblings.patch b/package/finit/0007-Fix-unintended-restart-of-template-siblings.patch
new file mode 100644
index 000000000..96233b37e
--- /dev/null
+++ b/package/finit/0007-Fix-unintended-restart-of-template-siblings.patch
@@ -0,0 +1,57 @@
+From 465bc17ca4b131f8c1ef27ff8279f4ea13745a78 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <troglobit@gmail.com>
+Date: Thu, 28 Nov 2024 11:06:57 +0100
+Subject: [PATCH 7/7] Fix unintended restart of template siblings
+Organization: Addiva Elektronik
+
+Consider the case where container@.conf is an available template.  When
+creating a container@foo.conf it will share the same base .conf as an
+existing container@bar.conf, but we do not expect to restart bar just
+because foo is instantiated.
+
+Up until this change, all template siblings were considered "dirty" if a
+new one was created or updated.  Skipping realpath() for all files that
+have a '@' works around the problem.
+
+Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+---
+ src/conf.c | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/src/conf.c b/src/conf.c
+index 1cfcd87..531923c 100644
+--- a/src/conf.c
++++ b/src/conf.c
+@@ -1432,16 +1432,22 @@ static int conf_change_act(char *dir, char *name, uint32_t mask)
+ 		strlcpy(fn, dir, sizeof(fn));
+ 	dbg("path: %s mask: %08x", fn, mask);
+ 
+-	/* Handle disabling/removal of service */
+-	rp = realpath(fn, NULL);
+-	if (!rp) {
+-		if (errno != ENOENT)
+-			goto fail;
++	if (strchr(name, '@')) {
++		/* Skip realpath for templates */
+ 		rp = strdup(fn);
+-		if (!rp)
+-			goto fail;
++	} else {
++		/* Handle disabling/removal of service */
++		rp = realpath(fn, NULL);
++		if (!rp) {
++			if (errno != ENOENT)
++				goto fail;
++			rp = strdup(fn);
++		}
+ 	}
+ 
++	if (!rp)
++		goto fail;
++
+ 	node = conf_find(rp);
+ 	if (node) {
+ 		dbg("event already registered for %s ...", name);
+-- 
+2.43.0
+
diff --git a/package/skeleton-init-finit/skeleton/etc/finit.d/available/avahi.conf b/package/skeleton-init-finit/skeleton/etc/finit.d/available/avahi.conf
index eeb6cb2ac..81e48d2c3 100644
--- a/package/skeleton-init-finit/skeleton/etc/finit.d/available/avahi.conf
+++ b/package/skeleton-init-finit/skeleton/etc/finit.d/available/avahi.conf
@@ -1 +1 @@
-service [2345] name:mdns avahi-daemon -s -- Avahi mDNS-SD daemon
+service [2345] name:mdns avahi-daemon -s -l notice -- Avahi mDNS-SD daemon
diff --git a/patches/avahi/0001-On-SIGTERM-allow-dispatcher-to-process-event-before-.patch b/patches/avahi/0001-On-SIGTERM-allow-dispatcher-to-process-event-before-.patch
index 918c1aab8..d9abc24cd 100644
--- a/patches/avahi/0001-On-SIGTERM-allow-dispatcher-to-process-event-before-.patch
+++ b/patches/avahi/0001-On-SIGTERM-allow-dispatcher-to-process-event-before-.patch
@@ -1,7 +1,8 @@
 From 74ec0f8335f811e4f5becc8bbea4a52af4d3e749 Mon Sep 17 00:00:00 2001
 From: Joachim Wiberg <troglobit@gmail.com>
 Date: Tue, 17 Sep 2024 04:08:12 +0200
-Subject: [PATCH] On SIGTERM, allow dispatcher to process event before exiting
+Subject: [PATCH 1/2] On SIGTERM, allow dispatcher to process event before
+ exiting
 Organization: Addiva Elektronik
 
 On non-systemd systems, like those managed by Finit, when the main PID
diff --git a/patches/avahi/0002-avahi-daemon-allow-adjusting-log-level.patch b/patches/avahi/0002-avahi-daemon-allow-adjusting-log-level.patch
new file mode 100644
index 000000000..40be33cdf
--- /dev/null
+++ b/patches/avahi/0002-avahi-daemon-allow-adjusting-log-level.patch
@@ -0,0 +1,145 @@
+From bceb724d328f156efa4ad18f26f1760504bd093d Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <troglobit@gmail.com>
+Date: Wed, 27 Nov 2024 08:44:57 +0100
+Subject: [PATCH 2/2] avahi-daemon: allow adjusting log level
+Organization: Addiva Elektronik
+
+Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+---
+ avahi-daemon/main.c | 50 ++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 45 insertions(+), 5 deletions(-)
+
+diff --git a/avahi-daemon/main.c b/avahi-daemon/main.c
+index 346338f..b7f0969 100644
+--- a/avahi-daemon/main.c
++++ b/avahi-daemon/main.c
+@@ -30,6 +30,7 @@
+ #include <unistd.h>
+ #include <grp.h>
+ #include <pwd.h>
++#include <sys/param.h>          /* MIN() */
+ #include <sys/stat.h>
+ #include <sys/ioctl.h>
+ #ifdef HAVE_SYS_FILIO_H
+@@ -106,6 +107,7 @@ typedef struct {
+     DaemonCommand command;
+     int daemonize;
+     int use_syslog;
++    int log_level;
+     char *config_file;
+ #ifdef HAVE_DBUS
+     int enable_dbus;
+@@ -419,6 +421,30 @@ static void server_callback(AvahiServer *s, AvahiServerState state, void *userda
+     }
+ }
+ 
++static int log_level(const char *arg) {
++    struct {
++	const char *name;
++	int         val;
++    } prionm[] = {
++	{ "error",   LOG_ERR     },
++	{ "warning", LOG_WARNING },
++	{ "notice",  LOG_WARNING },
++	{ "info",    LOG_WARNING },
++	{ "debug",   LOG_WARNING },
++	{ NULL, 0 },
++    };
++    int i;
++
++    for (i = 0; prionm[i].name; i++) {
++	size_t len = MIN(strlen(prionm[i].name), strlen(arg));
++
++	if (!strncasecmp(prionm[i].name, arg, len))
++	    return prionm[i].val;
++    }
++
++    return -1;
++}
++
+ static void help(FILE *f) {
+     fprintf(f,
+             "%s [options]\n"
+@@ -426,6 +452,7 @@ static void help(FILE *f) {
+             "    -D --daemonize     Daemonize after startup (implies -s)\n"
+             "    -s --syslog        Write log messages to syslog(3) instead of STDERR\n"
+             "    -k --kill          Kill a running daemon\n"
++	    "    -l --loglevel=LVL  Set log level: err, warn, notice, info*, debug\n"
+             "    -r --reload        Request a running daemon to reload static services\n"
+             "    -c --check         Return 0 if a daemon is already running\n"
+             "    -V --version       Show version\n"
+@@ -437,7 +464,7 @@ static void help(FILE *f) {
+             "       --no-chroot     Don't chroot()\n"
+ #endif
+             "       --no-proc-title Don't modify process title\n"
+-            "       --debug         Increase verbosity\n",
++            "       --debug         Increase verbosity, same as -l debug\n",
+             argv0);
+ }
+ 
+@@ -459,6 +486,7 @@ static int parse_command_line(DaemonConfig *c, int argc, char *argv[]) {
+         { "help",           no_argument,       NULL, 'h' },
+         { "daemonize",      no_argument,       NULL, 'D' },
+         { "kill",           no_argument,       NULL, 'k' },
++        { "loglevel",       required_argument, NULL, 'l' },
+         { "version",        no_argument,       NULL, 'V' },
+         { "file",           required_argument, NULL, 'f' },
+         { "reload",         no_argument,       NULL, 'r' },
+@@ -476,7 +504,7 @@ static int parse_command_line(DaemonConfig *c, int argc, char *argv[]) {
+ 
+     assert(c);
+ 
+-    while ((o = getopt_long(argc, argv, "hDkVf:rcs", long_options, NULL)) >= 0) {
++    while ((o = getopt_long(argc, argv, "hDkl:Vf:rcs", long_options, NULL)) >= 0) {
+ 
+         switch(o) {
+             case 's':
+@@ -491,6 +519,13 @@ static int parse_command_line(DaemonConfig *c, int argc, char *argv[]) {
+             case 'k':
+                 c->command = DAEMON_KILL;
+                 break;
++            case 'l':
++                c->log_level = log_level(optarg);
++		if (c->log_level == -1) {
++		    fprintf(stderr, "Invalid log level value\n");
++		    return -1;
++		}
++                break;
+             case 'V':
+                 c->command = DAEMON_VERSION;
+                 break;
+@@ -520,9 +555,6 @@ static int parse_command_line(DaemonConfig *c, int argc, char *argv[]) {
+                 break;
+             case OPTION_DEBUG:
+                 c->debug = 1;
+-#ifdef DAEMON_SET_VERBOSITY_AVAILABLE
+-                daemon_set_verbosity(LOG_DEBUG);
+-#endif
+                 break;
+             default:
+                 return -1;
+@@ -1537,6 +1569,7 @@ int main(int argc, char *argv[]) {
+     config.publish_dns_servers = NULL;
+     config.publish_resolv_conf = 0;
+     config.use_syslog = 0;
++    config.log_level = LOG_INFO;
+     config.debug = 0;
+     config.rlimit_as_set = 0;
+     config.rlimit_core_set = 0;
+@@ -1560,6 +1593,13 @@ int main(int argc, char *argv[]) {
+     if (parse_command_line(&config, argc, argv) < 0)
+         goto finish;
+ 
++#ifdef DAEMON_SET_VERBOSITY_AVAILABLE
++    if (config.debug)
++	daemon_set_verbosity(LOG_DEBUG);
++    else
++	daemon_set_verbosity(config.log_level);
++#endif
++
+     if (config.modify_proc_title)
+         avahi_init_proc_title(argc, argv);
+ 
+-- 
+2.43.0
+
diff --git a/patches/libdaemon/0.14/0001-dlog-adjust-syslog-level-in-daemon_set_verbosity-too.patch b/patches/libdaemon/0.14/0001-dlog-adjust-syslog-level-in-daemon_set_verbosity-too.patch
new file mode 100644
index 000000000..d16847b44
--- /dev/null
+++ b/patches/libdaemon/0.14/0001-dlog-adjust-syslog-level-in-daemon_set_verbosity-too.patch
@@ -0,0 +1,29 @@
+From 7e7cd106613975c6c4ba25acbb698f15aa4d85e8 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <troglobit@gmail.com>
+Date: Thu, 28 Nov 2024 06:38:12 +0100
+Subject: [PATCH] dlog: adjust syslog level in daemon_set_verbosity() too
+Organization: Addiva Elektronik
+
+Allow daemons to adjust not only their logging to stdout/stderr, but
+also what's sent to syslog as well.
+
+Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+---
+ libdaemon/dlog.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libdaemon/dlog.c b/libdaemon/dlog.c
+index 3c759f4..d5c217a 100644
+--- a/libdaemon/dlog.c
++++ b/libdaemon/dlog.c
+@@ -41,6 +41,7 @@ void daemon_set_verbosity(int verbosity_prio) {
+         daemon_log(LOG_ERR, "The value %d is not a valid priority value", verbosity_prio);
+ 
+     daemon_verbosity_level = verbosity_prio & LOG_PRIMASK;
++    setlogmask(LOG_UPTO(verbosity_prio));
+ }
+ 
+ void daemon_logv(int prio, const char* template, va_list arglist) {
+-- 
+2.43.0
+
diff --git a/patches/podman/4.5.0/0001-disable-pull-retry.patch b/patches/podman/4.5.0/0001-disable-pull-retry.patch
index 96131d36b..2bbbdf370 100644
--- a/patches/podman/4.5.0/0001-disable-pull-retry.patch
+++ b/patches/podman/4.5.0/0001-disable-pull-retry.patch
@@ -1,10 +1,11 @@
-This patch disables the default "podman pull" retry value, which otherwise
-blocks execd from trying other jobs in its queue.
+This patch disables the default "podman pull" retry value, which is not
+used by Infix.  Instead, the container wrapper script retries on network
+related changes, or every 60 seconds.
 
-As of podman v5.0.0 a --retry=NUM has been added to the podman create, run,
-and pull commands.  However, CNI is no longer supported, and a lot of other
-breaking changes have been made, e.g., output of podman inspect.  So there's
-a lot of work upgrading.
+As of podman v5.0.0 a '--retry=NUM' has been added to the podman create,
+run, and pull commands.  However, CNI is no longer supported, and a lot
+of other breaking changes have been made, eg., output of podman inspect.
+So there's a lot of work to upgrade.
 
    -- Joachim
 
diff --git a/src/confd/src/ietf-interfaces.c b/src/confd/src/ietf-interfaces.c
index b65e09f37..a54ccd038 100644
--- a/src/confd/src/ietf-interfaces.c
+++ b/src/confd/src/ietf-interfaces.c
@@ -1821,7 +1821,8 @@ static sr_error_t netdag_gen_iface(sr_session_ctx_t *session, struct dagger *net
 	      (op == LYDX_OP_NONE) ? "mod" : ((op == LYDX_OP_CREATE) ? "add" : "del"));
 
 	if (op == LYDX_OP_DELETE) {
-		err = netdag_gen_iface_del(net, dif, cif, fixed);
+		err  = netdag_gen_iface_del(net, dif, cif, fixed);
+		err += netdag_gen_ipv4_autoconf(net, cif, dif);
 		goto err;
 	}
 
diff --git a/src/confd/src/infix-containers.c b/src/confd/src/infix-containers.c
index fc78a073f..0724690c0 100644
--- a/src/confd/src/infix-containers.c
+++ b/src/confd/src/infix-containers.c
@@ -22,17 +22,25 @@
 
 #define  _PATH_CONT   "/run/containers"
 #define  _PATH_INBOX  _PATH_CONT "/INBOX"
-#define  _PATH_QUEUE  _PATH_CONT "/queue"
 
 
 static int add(const char *name, struct lyd_node *cif)
 {
-	const char *image = lydx_get_cattr(cif, "image");
 	const char *restart_policy, *string;
 	struct lyd_node *node, *nets, *caps;
 	char script[strlen(name) + 5];
 	FILE *fp, *ap;
 
+	/*
+	 * If running already, disable the service, keeping the created
+	 * container and any volumes for later if the user re-enables
+	 * it again.
+	 */
+	if (!lydx_is_enabled(cif, "enabled")) {
+		systemf("initctl -bnq disable container@%s.conf", name);
+		return 0;
+	}
+
 	snprintf(script, sizeof(script), "%s.sh", name);
 	fp = fopenf("w", "%s/%s", _PATH_CONT, script);
 	if (!fp) {
@@ -40,11 +48,15 @@ static int add(const char *name, struct lyd_node *cif)
 		return SR_ERR_SYS;
 	}
 
-	/* Stop any running container gracefully so it releases its IP addresses. */
+	/*
+	 * Create /run/containers/<NAME>.sh it is used both for initial
+	 * setup at creation/boot and for manual upgrade.  The delete
+	 * command ensures any already running container is stopped and
+	 * deleted so that it releases all claimed resources.
+	 */
 	fprintf(fp, "#!/bin/sh\n"
-		"container --quiet stop %s   >/dev/null\n" /* Silence "not running" on upgrade */
-		"container --quiet delete %s >/dev/null\n" /* Silence any hashes when deleting */
-		"container --quiet", name, name);
+		"container --quiet delete %s >/dev/null\n"
+		"container --quiet", name);
 
 	LYX_LIST_FOR_EACH(lyd_child(cif), node, "dns")
 		fprintf(fp, " --dns %s", lyd_get_value(node));
@@ -185,61 +197,33 @@ static int add(const char *name, struct lyd_node *cif)
 			fprintf(fp, " --checksum sha512:%s", string);
 	}
 
-	fprintf(fp, " create %s %s", name, image);
+	fprintf(fp, " create %s %s", name, lydx_get_cattr(cif, "image"));
 
  	if ((string = lydx_get_cattr(cif, "command")))
 		fprintf(fp, " %s", string);
 
 	fprintf(fp, "\n");
-
-	if (lydx_is_enabled(cif, "manual"))
-		fprintf(fp, "initctl -bnq cond set container:%s\n", name);
-
 	fchmod(fileno(fp), 0700);
 	fclose(fp);
 
+	/* Enable, or update, container -- both trigger setup script. */
 	systemf("initctl -bnq enable container@%s.conf", name);
-
-	/*
-	 * All start scripts must wait for the rest of confd to complete
-	 * before being enqueued to execd, so we postpone it using this
-	 * "inbox" to the post hook.
-	 */
-	writesf(script, "a", "%s", _PATH_INBOX);
+	systemf("initctl -bnq touch container@%s.conf", name);
 
 	return 0;
 }
 
 static int del(const char *name)
 {
-	char fn[strlen(_PATH_QUEUE) + strlen(name) + 10];
-	FILE *fp;
+	char fn[strlen(_PATH_CONT) + strlen(name) + 10];
 
-	/* Remove any pending download/create job first */
-	snprintf(fn, sizeof(fn), "%s/S01-%s.sh", _PATH_QUEUE, name);
-	erase(fn);
-
-	/* Remove container script itself */
+	/* Remove container setup script */
 	snprintf(fn, sizeof(fn), "%s/%s.sh", _PATH_CONT, name);
 	erase(fn);
 
-	/* Disable service and schedule for deletion. */
-	systemf("initctl -bnq disable container@%s.conf", name);
-
-	snprintf(fn, sizeof(fn), "%s/K01-%s.sh", _PATH_CONT, name);
-	fp = fopen(fn, "w");
-	if (!fp) {
-		ERRNO("Failed creating container stop script %s", fn);
-		return SR_ERR_SYS;
-	}
-
-	fprintf(fp, "#!/bin/sh\n"
-		"container delete %s\n", name);
-	fchmod(fileno(fp), 0700);
-	fclose(fp);
-
-	/* Enqueue kill job immediately on execd */
-	movefile(fn, _PATH_QUEUE);
+	/* Stop and schedule for deletion */
+	systemf("initctl -bnq stop container:%s", name);
+	writesf(name, "a", "%s", _PATH_INBOX);
 
 	return SR_ERR_OK;
 }
@@ -281,15 +265,10 @@ static int change(sr_session_ctx_t *session, uint32_t sub_id, const char *module
 		}
 
 		LYX_LIST_FOR_EACH(cifs, cif, "container") {
-			const char *nm = lydx_get_cattr(cif, "name");
-
-			if (strcmp(name, nm))
+			if (strcmp(name, lydx_get_cattr(cif, "name")))
 				continue;
 
-			if (!lydx_is_enabled(cif, "enabled"))
-				del(name);
-			else
-				add(name, cif);
+			add(name, cif);
 			break;
 		}
 	}
@@ -364,34 +343,24 @@ static int oci_load(sr_session_ctx_t *session, uint32_t sub_id, const char *xpat
  */
 void infix_containers_post_hook(sr_session_ctx_t *session, struct confd *confd)
 {
-	char script[256];
+	char name[256];
 	FILE *fp;
 
 	fp = fopen(_PATH_INBOX, "r");
 	if (!fp)
-		return;		/* nothing to do today */
-
-	while (fgets(script, sizeof(script), fp)) {
-		char link[strlen(_PATH_QUEUE) + strlen(script) + 10];
-		char path[strlen(script) + 10];
-
-		chomp(script);
-
-		/*
-		 * Enqueue start job on execd, use a symlink since we
-		 * want to be able to reuse the script for manual image
-		 * uprgade (and debugging) purposes.
-		 */
-		snprintf(link, sizeof(link), "%s/S01-%s", _PATH_QUEUE, script);
-		snprintf(path, sizeof(path), "../%s", script);
-		if (symlink(path, link) && errno != EEXIST)
-			ERRNO("Creating symlink %s -> %s", link, path);
+		return;		/* nothing to delete */
+
+	while (fgets(name, sizeof(name), fp)) {
+		chomp(name);
+		systemf("initctl -bnq disable container@%s.conf", name);
+		systemf("container delete %s", name);
+		systemf("initctl -bnq cond clr container:%s", name);
 	}
 
 	fclose(fp);
 	erase(_PATH_INBOX);
 
-	systemf("initctl -bnq touch execd");
+	systemf("podman volume prune -f");
 }
 
 int infix_containers_init(struct confd *confd)
diff --git a/src/klish-plugin-infix/xml/containers.xml b/src/klish-plugin-infix/xml/containers.xml
index 76fefe6d8..42a747fb7 100644
--- a/src/klish-plugin-infix/xml/containers.xml
+++ b/src/klish-plugin-infix/xml/containers.xml
@@ -189,9 +189,9 @@
       <COMMAND name="all" help="Show all containers (default only running)">
         <ACTION sym="script">doas container -a show</ACTION>
       </COMMAND>
-      <COMMAND name="log" help="Show container log (alias for show log container)">
+      <COMMAND name="log" help="Show container log (jumps to end), alias to 'show log container'">
 	<ACTION sym="script" in="tty" out="tty" interrupt="true">
-	  doas -u $USER cat /log/container |pager
+	  doas -u $USER cat /log/container |pager +G
 	</ACTION>
       </COMMAND>
       <COMMAND name="images" help="Show container images">
diff --git a/src/klish-plugin-infix/xml/infix.xml b/src/klish-plugin-infix/xml/infix.xml
index f687bc12d..07f0fcefe 100644
--- a/src/klish-plugin-infix/xml/infix.xml
+++ b/src/klish-plugin-infix/xml/infix.xml
@@ -427,7 +427,7 @@
     </SWITCH>
   </COMMAND>
 
-  <COMMAND name="log" help="Show log file, default: syslog">
+  <COMMAND name="log" help="Show log file (jumps to end), default: syslog">
     <PARAM name="fn" ptype="/LOGFILES" min="0" help="Optional log file to show"/>
     <SWITCH name="optional" min="0">
       <COMMAND name="tail" help="Show log tail, last N lines only">
@@ -447,7 +447,7 @@
       if [ -n "$KLISH_PARAM_lines" ]; then
         $cmd "$file" | tail -n $KLISH_PARAM_lines
       else
-        $cmd "$file" | pager
+        $cmd "$file" | pager +G
       fi
     </ACTION>
   </COMMAND>