diff --git a/0017-fix-capsh-drop-but-ping-success.patch b/0017-fix-capsh-drop-but-ping-success.patch index b112369900750f67226fc8e0e4d00164069a3254..eb82ea43707ed6cd23083aaae6272d37314e487f 100644 --- a/0017-fix-capsh-drop-but-ping-success.patch +++ b/0017-fix-capsh-drop-but-ping-success.patch @@ -18,12 +18,12 @@ index 41bd1f9..4d9bef8 100644 @@ -36,7 +36,7 @@ net.ipv4.conf.all.promote_secondaries = 1 # #define GID_T_MAX (((gid_t)~0U) >> 1) # That's not so bad because values between 2^31 and 2^32-1 are reserved on - # systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary + # systemd-based systems anyway: https://systemd.io/UIDS-GIDS#summary --net.ipv4.ping_group_range = 0 2147483647 +net.ipv4.ping_group_range = 1 0 # Fair Queue CoDel packet scheduler to fight bufferbloat - net.core.default_qdisc = fq_codel + -net.core.default_qdisc = fq_codel -- 1.8.3.1 diff --git a/0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch index bb17fc1867fd464eccec7580bb21404e80c71b8b..1ab3033eb492ee4fcc4bbce4eb640f103be7a120 100644 --- a/0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +++ b/0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -30,7 +30,7 @@ index 50989a6b0a..95a51a574a 100644 + log_warning_errno(errno, + "Could not create /etc/resolv.conf symlink: %m"); + - /* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */ + /* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */ r = drop_privileges(uid, gid, (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */ diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 diff --git a/systemd.spec b/systemd.spec index fcade86f871eed6bd466c443d2dc3d3d9db7cb8a..8dad0b4da6b1fe8bc81148ce2411cd13bf00fd8b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -20,7 +20,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 248 -Release: 8 +Release: 9 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -62,8 +62,8 @@ Patch0013: 0013-sd-bus-properly-initialize-containers.patch Patch0014: 0014-Revert-core-one-step-back-again-for-nspawn-we-actual.patch Patch0015: 0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch Patch0016: 0016-systemd-change-time-log-level.patch -#Patch0017: 0017-fix-capsh-drop-but-ping-success.patch -#Patch0018: 0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Patch0017: 0017-fix-capsh-drop-but-ping-success.patch +Patch0018: 0018-resolved-create-etc-resolv.conf-symlink-at-runtime.patch #Patch0019: 0019-core-serialize-u-pids-until-the-processes-have-been-.patch #Patch0020: 0020-scope-on-unified-make-sure-to-unwatch-all-PIDs-once-.patch Patch0021: 0021-journald-enforce-longer-line-length-limit-during-set.patch @@ -1532,6 +1532,9 @@ fi %exclude /usr/share/man/man3/* %changelog +* Thu Aug 26 2021 xujing <17826839720@163.com> - 248-9 +- enable some patches to fix bugs + * Mon Aug 16 2021 yangmingtai - 248-8 - udev: exec daemon-reload after installation