From a8006841ce73e0d2131c55d414e3e45a1827b6d6 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 1 Apr 2022 18:56:26 +0100
Subject: [PATCH] sysdeps: Only open oom_score_adj read/write if we need to
 write it

If we're running in a sandbox, we might not have write access to
oom_score_adj. In the common case where we don't have any special
protection from the OOM-killer, we can detect that with only read
access, and skip the part where we open it for writing.

(We would also not have write access to oom_score_adj if we're running
with elevated Linux capabilities while not root, but that should never
actually happen for dbus-daemon-launch-helper, which is setuid root
for production use or has no capabilities during unit-testing.)

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 dbus/dbus-sysdeps-util-unix.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
index 1fd9e464a..c4f1b6339 100644
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@@ -1580,12 +1580,12 @@ _dbus_reset_oom_score_adj (const char **error_str_p)
   const char *error_str = NULL;
 
 #ifdef O_CLOEXEC
-  fd = open ("/proc/self/oom_score_adj", O_RDWR | O_CLOEXEC);
+  fd = open ("/proc/self/oom_score_adj", O_RDONLY | O_CLOEXEC);
 #endif
 
   if (fd < 0)
     {
-      fd = open ("/proc/self/oom_score_adj", O_RDWR);
+      fd = open ("/proc/self/oom_score_adj", O_RDONLY);
       if (fd >= 0)
         _dbus_fd_set_close_on_exec (fd);
     }
@@ -1633,6 +1633,26 @@ _dbus_reset_oom_score_adj (const char **error_str_p)
           goto out;
         }
 
+      close (fd);
+#ifdef O_CLOEXEC
+      fd = open ("/proc/self/oom_score_adj", O_WRONLY | O_CLOEXEC);
+
+      if (fd < 0)
+#endif
+        {
+          fd = open ("/proc/self/oom_score_adj", O_WRONLY);
+          if (fd >= 0)
+            _dbus_fd_set_close_on_exec (fd);
+        }
+
+      if (fd < 0)
+        {
+          ret = FALSE;
+          error_str = "open(/proc/self/oom_score_adj) for writing";
+          saved_errno = errno;
+          goto out;
+        }
+
       if (pwrite (fd, "0", sizeof (char), 0) < 0)
         {
           ret = FALSE;
@@ -1653,7 +1673,7 @@ _dbus_reset_oom_score_adj (const char **error_str_p)
   else
     {
       ret = FALSE;
-      error_str = "open(/proc/self/oom_score_adj)";
+      error_str = "open(/proc/self/oom_score_adj) for reading";
       saved_errno = errno;
       goto out;
     }
-- 
2.47.3