bus/containers: Enforce max_connections_per_container

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354

diff --git a/bus/containers.c b/bus/containers.c
index 7aa3e2b7ffea97e95e511bf84c6793b4ff602774..994f89b1aafa7bc81a268df607efe8e49736dfd8 100644 (file)
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -474,6 +474,19 @@ new_connection_cb (DBusServer     *server,
                    void           *data)
 {
   BusContainerInstance *instance = data;
+  int limit = bus_context_get_max_connections_per_container (instance->context);
+
+  /* This is O(n), but we assume n is small in practice. */
+  if (_dbus_list_get_length (&instance->connections) >= limit)
+    {
+      /* We can't send this error to the new connection, so just log it */
+      bus_context_log (instance->context, DBUS_SYSTEM_LOG_WARNING,
+                       "Closing connection to container server "
+                       "%s (%s \"%s\") because it would exceed resource limit "
+                       "(max_connections_per_container=%d)",
+                       instance->path, instance->type, instance->name, limit);
+      return;
+    }
 
   if (!dbus_connection_set_data (new_connection, contained_data_slot,
                                  bus_container_instance_ref (instance),