From: David King Date: Wed, 7 Feb 2018 14:37:24 +0000 (+0000) Subject: bus: raise fd limits before dropping privs X-Git-Tag: dbus-1.12.6~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4a4323c68f38fb4852840c879c7b2c5e0b565cf;p=thirdparty%2Fdbus.git bus: raise fd limits before dropping privs Startup ordering was changed in #92832 to ensure that SELinux audit messages could be sent. As a side effect, the raising of file descriptor limits was moved to after the dropping of root privileges, resulting in the limit change always failing. Move the raise_file_descriptor_limit() call to ensure that it is called before dropping root privileges. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105165 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1529044 [smcv: Call raise_file_descriptor_limit() even if !context->user] Reviewed-by: Simon McVittie (cherry picked from commit 6e42964f5f850f4108fd8f7f3cd385ab4d60f9f6) --- diff --git a/bus/bus.c b/bus/bus.c index f0f07f6c4..30ce4e104 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -715,8 +715,6 @@ process_config_postinit (BusContext *context, DBusHashTable *service_context_table; DBusList *watched_dirs = NULL; - raise_file_descriptor_limit (context); - service_context_table = bus_config_parser_steal_service_context_table (parser); if (!bus_registry_set_service_context_table (context->registry, service_context_table)) @@ -940,6 +938,11 @@ bus_context_new (const DBusString *config_file, !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) _dbus_pipe_close (print_pid_pipe, NULL); + /* Raise the file descriptor limits before dropping the privileges + * required to do so. + */ + raise_file_descriptor_limit (context); + /* Here we change our credentials if required, * as soon as we've set up our sockets and pidfile. * This must be done before initializing LSMs, so that the netlink