From 4d2e682d4f20c123b2c86a86c670e9635d1c5d51 Mon Sep 17 00:00:00 2001
From: openeuler-basic <shenyangyang4@huawei.com>
Date: Fri, 17 Jan 2020 23:11:47 +0800
Subject: [PATCH] modify

---
 ...error-caused-by-device-disconnection.patch | 71 +++++++++++++++++++
 fix-capsh-drop-but-ping-success.patch         | 29 ++++++++
 systemd.spec                                  | 10 ++-
 3 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 0001-udev-ignore-error-caused-by-device-disconnection.patch
 create mode 100644 fix-capsh-drop-but-ping-success.patch

diff --git a/0001-udev-ignore-error-caused-by-device-disconnection.patch b/0001-udev-ignore-error-caused-by-device-disconnection.patch
new file mode 100644
index 0000000..26336b4
--- /dev/null
+++ b/0001-udev-ignore-error-caused-by-device-disconnection.patch
@@ -0,0 +1,71 @@
+From b64b83d13eedfdfc616c16c4a108ef28bf6d3b33 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 12 Nov 2019 14:58:25 +0900
+Subject: [PATCH] udev: ignore error caused by device disconnection
+
+During an add or change event, the device may be disconnected.
+
+Fixes #13976.
+---
+ src/udev/udev-node.c | 23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
+index 2d72570..a34b8d6 100644
+--- a/src/udev/udev-node.c
++++ b/src/udev/udev-node.c
+@@ -296,8 +296,11 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
+         else
+                 mode |= S_IFCHR;
+ 
+-        if (lstat(devnode, &stats) < 0)
++        if (lstat(devnode, &stats) < 0) {
++                if (errno == ENOENT)
++                        return 0; /* this is necessarily racey, so ignore missing the device */
+                 return log_device_debug_errno(dev, errno, "cannot stat() node %s: %m", devnode);
++        }
+ 
+         if ((mode != MODE_INVALID && (stats.st_mode & S_IFMT) != (mode & S_IFMT)) || stats.st_rdev != devnum)
+                 return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST),
+@@ -322,11 +325,13 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
+ 
+                         r = chmod_and_chown(devnode, mode, uid, gid);
+                         if (r < 0)
+-                                log_device_warning_errno(dev, r, "Failed to set owner/mode of %s to uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o: %m",
+-                                                         devnode,
+-                                                         uid_is_valid(uid) ? uid : stats.st_uid,
+-                                                         gid_is_valid(gid) ? gid : stats.st_gid,
+-                                                         mode != MODE_INVALID ? mode & 0777 : stats.st_mode & 0777);
++                                log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r,
++                                                "Failed to set owner/mode of %s to uid=" UID_FMT
++                                                ", gid=" GID_FMT ", mode=%#o: %m",
++                                                devnode,
++                                                uid_is_valid(uid) ? uid : stats.st_uid,
++                                                gid_is_valid(gid) ? gid : stats.st_gid,
++                                                mode != MODE_INVALID ? mode & 0777 : stats.st_mode & 0777);
+                 } else
+                         log_device_debug(dev, "Preserve permissions of %s, uid=" UID_FMT ", gid=" GID_FMT ", mode=%#o",
+                                          devnode,
+@@ -343,7 +348,8 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
+ 
+                                 q = mac_selinux_apply(devnode, label);
+                                 if (q < 0)
+-                                        log_device_error_errno(dev, q, "SECLABEL: failed to set SELinux label '%s': %m", label);
++                                        log_device_full(dev, q == -ENOENT ? LOG_DEBUG : LOG_ERR, q,
++                                                        "SECLABEL: failed to set SELinux label '%s': %m", label);
+                                 else
+                                         log_device_debug(dev, "SECLABEL: set SELinux label '%s'", label);
+ 
+@@ -352,7 +358,8 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac,
+ 
+                                 q = mac_smack_apply(devnode, SMACK_ATTR_ACCESS, label);
+                                 if (q < 0)
+-                                        log_device_error_errno(dev, q, "SECLABEL: failed to set SMACK label '%s': %m", label);
++                                        log_device_full(dev, q == -ENOENT ? LOG_DEBUG : LOG_ERR, q,
++                                                        "SECLABEL: failed to set SMACK label '%s': %m", label);
+                                 else
+                                         log_device_debug(dev, "SECLABEL: set SMACK label '%s'", label);
+ 
+-- 
+1.8.3.1
+
diff --git a/fix-capsh-drop-but-ping-success.patch b/fix-capsh-drop-but-ping-success.patch
new file mode 100644
index 0000000..b112369
--- /dev/null
+++ b/fix-capsh-drop-but-ping-success.patch
@@ -0,0 +1,29 @@
+From c20f91b6d99ac98a7d883e77f609e52482fe7c3b Mon Sep 17 00:00:00 2001
+From: openEuler Buildteam <buildteam@openeuler.org>
+Date: Fri, 17 Jan 2020 23:00:49 +0800
+Subject: [PATCH] change
+fix capsh --drop=cap_net_raw -- -c "/bin/ping -c 1 localhost"
+but ping success, the reson is github issue.
+
+https://github.com/systemd/systemd/pull/13141/commits/0a8ce60ee87de9a817284b31c6ccba062664057f
+
+---
+ sysctl.d/50-default.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
+index 41bd1f9..4d9bef8 100644
+--- a/sysctl.d/50-default.conf
++++ b/sysctl.d/50-default.conf
+@@ -36,7 +36,7 @@ net.ipv4.conf.all.promote_secondaries = 1
+ #   #define GID_T_MAX (((gid_t)~0U) >> 1)
+ # That's not so bad because values between 2^31 and 2^32-1 are reserved on
+ # systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
+--net.ipv4.ping_group_range = 0 2147483647
++net.ipv4.ping_group_range = 1 0
+ 
+ # Fair Queue CoDel packet scheduler to fight bufferbloat
+ net.core.default_qdisc = fq_codel
+-- 
+1.8.3.1
+
diff --git a/systemd.spec b/systemd.spec
index 5fa4f14..d8dafb8 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -16,7 +16,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        243
-Release:        9
+Release:        10
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -45,6 +45,7 @@ Source106:	write_net_rules
 Source107:	detect_virt
 
 Patch0001:      0001-udev-use-bfq-as-the-default-scheduler.patch 
+Patch0002:      0001-udev-ignore-error-caused-by-device-disconnection.patch
 
 #openEuler
 Patch9002:      1509-fix-journal-file-descriptors-leak-problems.patch
@@ -57,6 +58,7 @@ Patch9008:      1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserizatio
 #Patch9006:  core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch
 #Patch9009:  systemd-core-Close-and-free-dbus-when-bus-authentica.patch
 Patch9009:      systemd-change-time-log-level.patch
+Patch9010:      fix-capsh-drop-but-ping-success.patch
 
 BuildRequires:  gcc, gcc-c++
 BuildRequires:  libcap-devel, libmount-devel, pam-devel, libselinux-devel
@@ -1429,6 +1431,12 @@ fi
 %exclude /usr/share/man/man3/*
 
 %changelog
+* Fri Jan 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-10
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix capsh drop but ping success and udev ignore error caused by device disconnection
+
 * Wed Jan 15 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-9
 - Type:NA
 - ID:NA
-- 
Gitee