diff --git a/man/busctl.xml b/man/busctl.xml
index 1add61728bb..8cb9a4bfa59 100644
--- a/man/busctl.xml
+++ b/man/busctl.xml
@@ -449,6 +449,7 @@
       <xi:include href="user-system-options.xml" xpointer="system" />
       <xi:include href="user-system-options.xml" xpointer="host" />
       <xi:include href="user-system-options.xml" xpointer="machine" />
+      <xi:include href="user-system-options.xml" xpointer="capsule" />
 
       <varlistentry>
         <term><option>-l</option></term>
diff --git a/man/capsule@.service.xml b/man/capsule@.service.xml
new file mode 100644
index 00000000000..d20b1dd9a39
--- /dev/null
+++ b/man/capsule@.service.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+
+<refentry id="capsule_.service">
+  <refentryinfo>
+    <title>capsule@.service</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>capsule@.service</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>capsule@.service</refname>
+    <refpurpose>System unit for the capsule service manager</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>capsule@<replaceable>NAME</replaceable>.service</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para>Service managers for capsules run in
+    <filename>capsule@<replaceable>NAME</replaceable>.service</filename> system units, with the capsule name as the
+    instance identifier. Capsules are way to run additional instances of the service manager, under dynamic
+    user IDs, i.e. UIDs that are allocated when the capsule service manager is started, and released when it
+    is stopped.</para>
+
+    <para>In many ways <filename>capsule@.service</filename> is similar to the per-user
+    <filename>user@.service</filename> service manager, but there are a few important distinctions:</para>
+
+    <itemizedlist>
+      <listitem><para>The capsule service manager utilizes <varname>DynamicUser=</varname> (see
+      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>) to
+      allocate a new UID dynamically on invocation. The user name is automatically generated from the capsule
+      name, by prefixng <literal>p_</literal>. The UID is released when the service is terminated. The user
+      service manager on the other hand operates under a statically allocated user ID that must be
+      pre-existing, before the user service manager is invoked.</para></listitem>
+
+      <listitem><para>User service managers register themselves with <citerefentry
+      project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>, capsule
+      service managers do not.</para></listitem>
+
+      <listitem><para>User service managers typically read their configuration from a
+      <varname>$HOME</varname> directory below <filename>/home/</filename>, capsule service managers from a
+      <varname>$HOME</varname> directory below <filename>/var/lib/capsules/</filename>.</para></listitem>
+
+      <listitem><para>User service managers are collectively contained in the <filename>user.slice</filename>
+      unit, capsule service managers in <filename>capsule.slice</filename>. Also see
+      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para></listitem>
+
+      <listitem><para>User service managers start the user unit <filename>default.target</filename>
+      initially. Capsule service managers invoke the user unit <filename>capsule@.target</filename>
+      instead.</para></listitem>
+    </itemizedlist>
+
+    <para>The capsule service manager and the capsule's bus broker can be reached via the
+    <option>--capsule=</option> switch to
+    <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
+    <citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
+
+    <para>New capsules can be started via a simple <command>systemctl start
+    capsule@<replaceable>NAME</replaceable>.service</command> command, and stopped via <command>systemctl
+    stop capsule@<replaceable>NAME</replaceable>.service</command>. Starting a capsule will implicitly create
+    a home directory <filename>/var/lib/capsules/<replaceable>NAME</replaceable>/</filename>, if missing. A
+    runtime directory is created as <filename>/run/capsules/<replaceable>NAME</replaceable>/</filename>. To
+    remove these resources use <command>systemctl clean capsule@<replaceable>NAME</replaceable>.service</command>,
+    for example with the <option>--what=all</option> switch.</para>
+
+    <para>The <filename>capsule@.service</filename> unit invokes a <command>systemd --user</command>
+    service manager process. This means unit files are looked for according to the sames rules as for regular user
+    service managers, for example in
+    <filename>/var/lib/capsules/<replaceable>NAME</replaceable>/.config/systemd/user/</filename>.</para>
+
+    <para>Capsule names may be chosen freely by the user, however, they must be suitable as UNIX filenames
+    (i.e. 255 characters max, and contain no <literal>/</literal>), and when prefixed with
+    <literal>p-</literal> be suitable as a user name matching strict POSIX rules, see <ulink
+    url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink> for details.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Examples</title>
+    <example>
+      <title>Create a new capsule, invoke two programs in it (one interactively), terminate it, and clean everything up</title>
+
+      <programlisting># systemctl start capsule@tatze.service
+# systemd-run --capsule=tatze --unit=sleeptest.service sleep 999
+# systemctl --capsule=tatze status sleeptest.service
+# systemd-run -t --capsule=tatze bash
+# systemctl --capsule=tatze stop sleeptest.service
+# systemctl stop capsule@tatze.service
+# systemctl clean --all capsule@tatze.service</programlisting>
+    </example>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+</refentry>
diff --git a/man/rules/meson.build b/man/rules/meson.build
index 1f07e606c96..f1ac6288ca6 100644
--- a/man/rules/meson.build
+++ b/man/rules/meson.build
@@ -8,6 +8,7 @@ manpages = [
  ['bootctl', '1', [], ''],
  ['bootup', '7', [], ''],
  ['busctl', '1', [], ''],
+ ['capsule@.service', '5', [], ''],
  ['coredump.conf', '5', ['coredump.conf.d'], 'ENABLE_COREDUMP'],
  ['coredumpctl', '1', [], 'ENABLE_COREDUMP'],
  ['crypttab', '5', [], 'HAVE_LIBCRYPTSETUP'],
diff --git a/man/systemctl.xml b/man/systemctl.xml
index a8c12b2f35c..ce560bf2e5b 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -2813,6 +2813,7 @@ EOF
 
       <xi:include href="user-system-options.xml" xpointer="host" />
       <xi:include href="user-system-options.xml" xpointer="machine" />
+      <xi:include href="user-system-options.xml" xpointer="capsule" />
 
       <xi:include href="standard-options.xml" xpointer="no-pager" />
       <xi:include href="standard-options.xml" xpointer="legend" />
diff --git a/man/systemd-run.xml b/man/systemd-run.xml
index e891920c630..51041a39f04 100644
--- a/man/systemd-run.xml
+++ b/man/systemd-run.xml
@@ -517,6 +517,7 @@
       <xi:include href="user-system-options.xml" xpointer="system" />
       <xi:include href="user-system-options.xml" xpointer="host" />
       <xi:include href="user-system-options.xml" xpointer="machine" />
+      <xi:include href="user-system-options.xml" xpointer="capsule" />
 
       <xi:include href="standard-options.xml" xpointer="help" />
       <xi:include href="standard-options.xml" xpointer="version" />
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 988b7175ba8..a8717d65c45 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -96,9 +96,10 @@
     <filename>umount.target</filename>,
     <filename>usb-gadget.target</filename>,
     <!-- slices --><filename>-.slice</filename>,
+    <filename>capsule.slice</filename>,
+    <filename>machine.slice</filename>,
     <filename>system.slice</filename>,
     <filename>user.slice</filename>,
-    <filename>machine.slice</filename>,
     <!-- the rest --><filename>-.mount</filename>,
     <filename>dbus.service</filename>,
     <filename>dbus.socket</filename>,
@@ -1291,18 +1292,39 @@
         <varlistentry>
           <term><filename>-.slice</filename></term>
           <listitem>
-            <para>The root slice is the root of the slice hierarchy. It usually does not contain
-            units directly, but may be used to set defaults for the whole tree.</para>
+            <para>The root slice is the root of the slice hierarchy. It usually does not contain units
+            directly, but may be used to set defaults for the whole tree.</para>
 
             <xi:include href="version-info.xml" xpointer="v206"/>
           </listitem>
         </varlistentry>
 
+        <varlistentry>
+          <term><filename>machine.slice</filename></term>
+          <listitem>
+            <para>By default, all virtual machines and containers registered with
+            <command>systemd-machined</command> are found in this slice. This is pulled in by
+            <filename>systemd-machined.service</filename>.</para>
+
+            <xi:include href="version-info.xml" xpointer="v206"/>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><filename>capsule.slice</filename></term>
+          <listitem>
+            <para>By default, all capsules encapsulated in <filename>capsule@.service</filename> are found in
+            this slice.</para>
+
+            <xi:include href="version-info.xml" xpointer="v255"/>
+          </listitem>
+        </varlistentry>
+
         <varlistentry>
           <term><filename>system.slice</filename></term>
           <listitem>
-            <para>By default, all system services started by
-            <command>systemd</command> are found in this slice.</para>
+            <para>By default, all system services started by <command>systemd</command> are found in this
+            slice.</para>
 
             <xi:include href="version-info.xml" xpointer="v206"/>
           </listitem>
@@ -1320,17 +1342,6 @@
           </listitem>
         </varlistentry>
 
-        <varlistentry>
-          <term><filename>machine.slice</filename></term>
-          <listitem>
-            <para>By default, all virtual machines and containers
-            registered with <command>systemd-machined</command> are
-            found in this slice. This is pulled in by
-            <filename>systemd-machined.service</filename>.</para>
-
-            <xi:include href="version-info.xml" xpointer="v206"/>
-          </listitem>
-        </varlistentry>
       </variablelist>
     </refsect2>
   </refsect1>
@@ -1348,16 +1359,31 @@
         <varlistentry>
           <term><filename>default.target</filename></term>
           <listitem>
-            <para>This is the main target of the user session, started by default. Various services that
-            compose the normal user session should be pulled into this target. In this regard,
-            <filename>default.target</filename> is similar to <filename>multi-user.target</filename> in the
-            system instance, but it is a real unit, not an alias.</para>
+            <para>This is the main target of the user service manager, started by default when the service
+            manager is invoked. Various services that compose the normal user session should be pulled into
+            this target. In this regard, <filename>default.target</filename> is similar to
+            <filename>multi-user.target</filename> in the system instance, but it is a real unit, not an
+            alias.</para>
 
             <xi:include href="version-info.xml" xpointer="v242"/>
           </listitem>
         </varlistentry>
       </variablelist>
 
+      <variablelist>
+        <varlistentry>
+          <term><filename>capsule@.target</filename></term>
+          <listitem>
+            <para>This is the main target of capsule service managers, started by default, instantiated with
+            the capsule name. This may be used to define different sets of units that are started for
+            different capsules via generic unit definitions. For details about capsules see
+            <citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+            <xi:include href="version-info.xml" xpointer="v255"/>
+          </listitem>
+        </varlistentry>
+      </variablelist>
+
       <para>In addition, the following units are available which have definitions similar to their
       system counterparts:
       <filename>exit.target</filename>,
diff --git a/man/user-system-options.xml b/man/user-system-options.xml
index 952ac18a4f9..b7d7882171c 100644
--- a/man/user-system-options.xml
+++ b/man/user-system-options.xml
@@ -55,4 +55,15 @@
       implied.</para>
     </listitem>
   </varlistentry>
+
+  <varlistentry id='capsule'>
+    <term><option>-C</option></term>
+    <term><option>--capsule=</option></term>
+
+    <listitem id='capsule-text'>
+      <para>Execute operation on a capsule. Specify a capsule name to connect to. See
+      <citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+      details about capsules.</para>
+    </listitem>
+  </varlistentry>
 </variablelist>
diff --git a/man/user@.service.xml b/man/user@.service.xml
index 819fd6feace..ba57f1b3316 100644
--- a/man/user@.service.xml
+++ b/man/user@.service.xml
@@ -188,6 +188,7 @@ TasksMax=33%</programlisting>
       <member><citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
       <member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
+      <member><citerefentry><refentrytitle>capsule@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
       <member><citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
     </simplelist></para>
   </refsect1>