mirror of
https://gitlab.freedesktop.org/dbus/dbus.git
synced 2026-02-05 04:10:35 +01:00
94bacc6955
Linux systems have traditionally set the soft limit to 1024 and the hard
limit to 4096. Recent versions of systemd keep the soft fd limit at
1024 to avoid breaking programs that still use select(), but raise the
hard limit to 512*1024, while in recent Debian versions a complicated
interaction between components gives a soft limit of 1024 and a hard
limit of 1024*1024. If we can, we might as well elevate our soft limit
to match the hard limit, minimizing the chance that we will run out of
file descriptor slots.
Unlike the previous code to raise the hard and soft limits to at least
65536, we do this even if we don't have privileges: privileges are
unnecessary to raise the soft limit up to the hard limit.
If we *do* have privileges, we also continue to raise the hard and soft
limits to at least 65536 if they weren't already that high, making
it harder to carry out a denial of service attack on the system bus on
systems that use the traditional limit (CVE-2014-7824).
As was previously the case on the system bus, we'll drop the limits back
to our initial limits before we execute a subprocess for traditional
(non-systemd) activation, if enabled.
systemd activation doesn't involve us starting subprocesses at all,
so in both cases activated services will still inherit the same limits
they did previously.
This change also fixes a bug when the hard limit is very large but
the soft limit is not, for example seen as a regression when upgrading
to systemd >= 240 (Debian #928877). In such environments, dbus-daemon
would previously have changed its fd limit to 64K soft/64K hard. Because
this hard limit is less than its original hard limit, it was unable to
restore its original hard limit as intended when carrying out traditional
activation, leaving activated subprocesses with unintended limits (while
logging a warning).
Reviewed-by: Lennart Poettering <lennart@poettering.net>
[smcv: Correct a comment based on Lennart's review, reword commit message]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| legacy-config | ||
| systemd-user | ||
| sysusers.d | ||
| tmpfiles.d | ||
| .gitignore | ||
| activation-exit-codes.h | ||
| activation-helper-bin.c | ||
| activation-helper.c | ||
| activation-helper.h | ||
| activation.c | ||
| activation.h | ||
| apparmor.c | ||
| apparmor.h | ||
| audit.c | ||
| audit.h | ||
| bus.c | ||
| bus.h | ||
| config-loader-expat.c | ||
| config-parser-common.c | ||
| config-parser-common.h | ||
| config-parser-trivial.c | ||
| config-parser-trivial.h | ||
| config-parser.c | ||
| config-parser.h | ||
| connection.c | ||
| connection.h | ||
| dbus.service.in | ||
| dbus.socket.in | ||
| desktop-file.c | ||
| desktop-file.h | ||
| dir-watch-default.c | ||
| dir-watch-inotify.c | ||
| dir-watch-kqueue.c | ||
| dir-watch.h | ||
| dispatch.c | ||
| dispatch.h | ||
| driver.c | ||
| driver.h | ||
| example-session-disable-stats.conf.in | ||
| example-system-enable-stats.conf.in | ||
| expirelist.c | ||
| expirelist.h | ||
| main.c | ||
| Makefile.am | ||
| org.freedesktop.dbus-session.plist.in | ||
| policy.c | ||
| policy.h | ||
| selinux.c | ||
| selinux.h | ||
| services.c | ||
| services.h | ||
| session.conf.in | ||
| signals.c | ||
| signals.h | ||
| stats.c | ||
| stats.h | ||
| system.conf.in | ||
| test-launch-helper.c | ||
| test-main.c | ||
| test-system.c | ||
| test.c | ||
| test.h | ||
| utils.c | ||
| utils.h | ||