mirror of
https://github.com/systemd/systemd.git
synced 2024-12-12 11:44:13 +08:00
ed15589c98
The bus-proxy manages the kdbus connections of all users on the system (regarding the system bus), hence, it needs an elevated NOFILE. Otherwise, a single user can trigger ENFILE by opening NOFILE connections to the bus-proxy. Note that the bus-proxy still does per-user accounting, indirectly via the proxy/fake API of kdbus. Hence, the effective per-user limit is not raised by this. However, we now prevent one user from consuming the whole FD limit of the shared proxy. Also note that there is no *perfect* way to set this. The proxy is a shared object, so it needs a larger NOFILE limit than the highest limit of all users. This limit can be changed dynamically, though. Hence, we cannot protect against it. However, a raised NOFILE limit is a privilege, so we just treat it as such and basically allow these privileged users to be able to consume more resources than normal users (and, maybe, cause some limits to be exceeded by this). Right now, kdbus hard-codes 1024 max connections per user on each bus. However, we *must not* rely on this. This limits could be easily dropped entirely, as the NOFILE limit is a suitable limit on its on.
26 lines
1.0 KiB
Plaintext
26 lines
1.0 KiB
Plaintext
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Legacy D-Bus Protocol Compatibility Daemon
|
|
|
|
[Service]
|
|
ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/sys/fs/kdbus/0-system/bus
|
|
ExecReload=@bindir@/busctl --address=unix:path=/run/dbus/system_bus_socket call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus ReloadConfig
|
|
NotifyAccess=main
|
|
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
|
|
PrivateTmp=yes
|
|
PrivateDevices=yes
|
|
PrivateNetwork=yes
|
|
ProtectSystem=full
|
|
ProtectHome=yes
|
|
|
|
# The proxy manages connections of all users, so it needs an elevated file
|
|
# limit. It does proper per-user accounting (indirectly via kdbus), therefore,
|
|
# the effective per-user limits stay the same.
|
|
LimitNOFILE=16384
|