!471 同步上游社区补丁，修复多个问题

From: @huyubiao 
Reviewed-by: @licunlong 
Signed-off-by: @licunlong

backport-core-make-sure-we-don-t-get-confused-when-setting-TE.patch

@@ -0,0 +1,41 @@
+From e8cf09b2a2ad0d48e5493050d54251d5f512d9b6 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 22 Apr 2020 21:52:22 +0200
+Subject: [PATCH] core: make sure we don't get confused when setting TERM for a
+ tty fd
+
+Fixes: #15344
+
+Conflict:NA
+
+Reference:https://github.com/systemd/systemd/pull/15548/commits/f1c90effb5e019b7012025d8bba2ca38a7c5bb9a
+
+---
+ src/core/execute.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index 5b9c30c82a..b5f77a15e4 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1820,12 +1820,13 @@ static int build_environment(
+ 
+                 tty_path = exec_context_tty_path(c);
+ 
+-                /* If we are forked off PID 1 and we are supposed to operate on /dev/console, then let's try to inherit
+-                 * the $TERM set for PID 1. This is useful for containers so that the $TERM the container manager
+-                 * passes to PID 1 ends up all the way in the console login shown. */
++                /* If we are forked off PID 1 and we are supposed to operate on /dev/console, then let's try
++                 * to inherit the $TERM set for PID 1. This is useful for containers so that the $TERM the
++                 * container manager passes to PID 1 ends up all the way in the console login shown. */
+ 
+-                if (path_equal(tty_path, "/dev/console") && getppid() == 1)
++                if (path_equal_ptr(tty_path, "/dev/console") && getppid() == 1)
+                         term = getenv("TERM");
++
+                 if (!term)
+                         term = default_term_for_tty(tty_path);
+ 
+-- 
+2.23.0
+

backport-core-transition-to-FINAL_SIGTERM-state-after-ExecSto.patch

@@ -0,0 +1,151 @@
+From c1566ef0d22ed786b9ecf4c476e53b8a91e67578 Mon Sep 17 00:00:00 2001
+From: Anita Zhang <the.anitazha@gmail.com>
+Date: Sat, 25 Jan 2020 16:46:16 +0100
+Subject: [PATCH] core: transition to FINAL_SIGTERM state after ExecStopPost=
+
+Fixes #14566
+
+Conflict:NA
+
+Reference:https://github.com/systemd/systemd/pull/14871/commits/eb5edd7d7baf376151f8bbb16ea1dfa060b004a6
+
+---
+ src/core/service.c                    | 10 +++++++
+ test/TEST-47-ISSUE-14566/Makefile     |  1 +
+ test/TEST-47-ISSUE-14566/repro.sh     |  5 ++++
+ test/TEST-47-ISSUE-14566/test.sh      | 43 +++++++++++++++++++++++++++
+ test/TEST-47-ISSUE-14566/testsuite.sh | 23 ++++++++++++++
+ 5 files changed, 82 insertions(+)
+ create mode 120000 test/TEST-47-ISSUE-14566/Makefile
+ create mode 100755 test/TEST-47-ISSUE-14566/repro.sh
+ create mode 100755 test/TEST-47-ISSUE-14566/test.sh
+ create mode 100755 test/TEST-47-ISSUE-14566/testsuite.sh
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 17f27a4abc..9a26271f72 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -3501,6 +3501,12 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+                                 break;
+ 
+                         case SERVICE_STOP_POST:
++
++                                if (control_pid_good(s) <= 0)
++                                        service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++
++                                break;
++
+                         case SERVICE_FINAL_SIGTERM:
+                         case SERVICE_FINAL_SIGKILL:
+ 
+@@ -3650,6 +3656,10 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+                                 break;
+ 
+                         case SERVICE_STOP_POST:
++                                if (main_pid_good(s) <= 0)
++                                        service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++                                break;
++
+                         case SERVICE_FINAL_SIGTERM:
+                         case SERVICE_FINAL_SIGKILL:
+                                 if (main_pid_good(s) <= 0)
+diff --git a/test/TEST-47-ISSUE-14566/Makefile b/test/TEST-47-ISSUE-14566/Makefile
+new file mode 120000
+index 0000000000..e9f93b1104
+--- /dev/null
++++ b/test/TEST-47-ISSUE-14566/Makefile
+@@ -0,0 +1 @@
++../TEST-01-BASIC/Makefile
+\ No newline at end of file
+diff --git a/test/TEST-47-ISSUE-14566/repro.sh b/test/TEST-47-ISSUE-14566/repro.sh
+new file mode 100755
+index 0000000000..5217602257
+--- /dev/null
++++ b/test/TEST-47-ISSUE-14566/repro.sh
+@@ -0,0 +1,5 @@
++#!/bin/bash
++
++sleep infinity &
++echo $! > /leakedtestpid
++wait $!
+diff --git a/test/TEST-47-ISSUE-14566/test.sh b/test/TEST-47-ISSUE-14566/test.sh
+new file mode 100755
+index 0000000000..35f862331c
+--- /dev/null
++++ b/test/TEST-47-ISSUE-14566/test.sh
+@@ -0,0 +1,43 @@
++#!/bin/bash
++set -e
++TEST_DESCRIPTION="Test that KillMode=mixed does not leave left over proccesses with ExecStopPost="
++. $TEST_BASE_DIR/test-functions
++
++test_setup() {
++    create_empty_image_rootdir
++
++    (
++        LOG_LEVEL=5
++        eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
++
++        setup_basic_environment
++        mask_supporting_services
++
++        # setup the testsuite service
++        cat >$initdir/etc/systemd/system/testsuite.service <<EOF
++[Unit]
++Description=Testsuite service
++
++[Service]
++ExecStart=/testsuite.sh
++Type=oneshot
++EOF
++        cat > $initdir/etc/systemd/system/issue_14566_test.service << EOF
++[Unit]
++Description=Issue 14566 Repro
++
++[Service]
++ExecStart=/repro.sh
++ExecStopPost=/bin/true
++KillMode=mixed
++EOF
++
++        cp testsuite.sh $initdir/
++        cp repro.sh $initdir/
++
++        setup_testsuite
++    )
++    setup_nspawn_root
++}
++
++do_test "$@"
+diff --git a/test/TEST-47-ISSUE-14566/testsuite.sh b/test/TEST-47-ISSUE-14566/testsuite.sh
+new file mode 100755
+index 0000000000..d917cf52ff
+--- /dev/null
++++ b/test/TEST-47-ISSUE-14566/testsuite.sh
+@@ -0,0 +1,23 @@
++#!/bin/bash
++set -ex
++set -o pipefail
++
++systemd-analyze log-level debug
++systemd-analyze log-target console
++
++systemctl start issue_14566_test
++systemctl status issue_14566_test
++
++leaked_pid=$(cat /leakedtestpid)
++
++systemctl stop issue_14566_test
++
++# Leaked PID will still be around if we're buggy.
++# I personally prefer to see 42.
++ps -p "$leaked_pid" && exit 42
++
++systemd-analyze log-level info
++
++echo OK > /testok
++
++exit 0
+-- 
+2.23.0
+

backport-mount-setup-change-the-system-mount-propagation-to-s.patch

@@ -0,0 +1,78 @@
+From f74349d88bb039a134b225653e8e59d04af4bb7f Mon Sep 17 00:00:00 2001
+From: Wen Yang <wenyang@linux.alibaba.com>
+Date: Mon, 23 Mar 2020 10:42:46 +0800
+Subject: [PATCH] mount-setup: change the system mount propagation to shared by
+ default only at bootup
+
+The commit b3ac5f8cb987 has changed the system mount propagation to
+shared by default, and according to the following patch:
+https://github.com/opencontainers/runc/pull/208
+When starting the container, the pouch daemon will call runc to execute
+make-private.
+
+However, if the systemctl daemon-reexec is executed after the container
+has been started, the system mount propagation will be changed to share
+again by default, and the make-private operation above will have no chance
+to execute.
+
+Conflict:NA
+
+Reference:https://github.com/systemd/systemd/pull/15196/commits/5b054354c2004dd67ebb2e9ee213e8528889687f
+
+---
+ src/core/main.c        | 2 +-
+ src/core/mount-setup.c | 4 ++--
+ src/core/mount-setup.h | 2 +-
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index d700b3afc5..db6521b924 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -2581,7 +2581,7 @@ int main(int argc, char *argv[]) {
+                 if (!skip_setup)
+                         kmod_setup();
+ 
+-                r = mount_setup(loaded_policy);
++                r = mount_setup(loaded_policy, skip_setup);
+                 if (r < 0) {
+                         error_message = "Failed to mount API filesystems";
+                         goto finish;
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 284e3f6b07..ffe3d4cc64 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -478,7 +478,7 @@ static int relabel_extra(void) {
+ }
+ #endif
+ 
+-int mount_setup(bool loaded_policy) {
++int mount_setup(bool loaded_policy, bool leave_propagation) {
+         int r = 0;
+ 
+         r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy);
+@@ -524,7 +524,7 @@ int mount_setup(bool loaded_policy) {
+          * needed. Note that we set this only when we are invoked directly by the kernel. If we are invoked by a
+          * container manager we assume the container manager knows what it is doing (for example, because it set up
+          * some directories with different propagation modes). */
+-        if (detect_container() <= 0)
++        if (detect_container() <= 0 && !leave_propagation)
+                 if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
+                         log_warning_errno(errno, "Failed to set up the root directory for shared mount propagation: %m");
+ 
+diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h
+index b4ca2cf4b4..bccd094961 100644
+--- a/src/core/mount-setup.h
++++ b/src/core/mount-setup.h
+@@ -4,7 +4,7 @@
+ #include <stdbool.h>
+ 
+ int mount_setup_early(void);
+-int mount_setup(bool loaded_policy);
++int mount_setup(bool loaded_policy, bool leave_propagation);
+ 
+ int mount_cgroup_controllers(void);
+ 
+-- 
+2.23.0
+

systemd.spec

@@ -16,7 +16,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        243
-Release:        66
+Release:        67
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -260,6 +260,9 @@ Patch0212:      backport-test-fix-rename_noreplace-test.patch
 Patch0213:      backport-logind-check-PolicyKit-before-allowing-VT-switch.patch
 Patch0214:      backport-errno-ETIMEDOUT-is-also-a-connection-error.patch
 Patch0215:      backport-sd-bus-break-the-loop-in-bus_ensure_running-if-the-b.patch
+Patch0216:      backport-core-make-sure-we-don-t-get-confused-when-setting-TE.patch
+Patch0217:      backport-mount-setup-change-the-system-mount-propagation-to-s.patch
+Patch0218:      backport-core-transition-to-FINAL_SIGTERM-state-after-ExecSto.patch
 
 #openEuler
 Patch9002:      1509-fix-journal-file-descriptors-leak-problems.patch
@@ -1667,6 +1670,11 @@ fi
 %exclude /usr/share/man/man3/*
 
 %changelog
+* Fri Dec 8 2023 huyubiao <huyubiao@huawei.com> - 243-67
+- add backport-core-make-sure-we-don-t-get-confused-when-setting-TE.patch
+      backport-mount-setup-change-the-system-mount-propagation-to-s.patch
+      backport-core-transition-to-FINAL_SIGTERM-state-after-ExecSto.patch
+
 * Thu Dec 7 2023 huyubiao <huyubiao@huawei.com> - 243-66
 - add backport-journalctl-allow-running-vacuum-on-remote-journals-t.patch
       backport-systemctl-skip-non-existent-units-in-the-cat-verb.patch