These will be enforced in subsequent commits.
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Fix whitespace]
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
return context->limits.reply_timeout;
}
+int bus_context_get_max_containers (BusContext *context)
+{
+ return context->limits.max_containers;
+}
+
+int bus_context_get_max_containers_per_user (BusContext *context)
+{
+ return context->limits.max_containers_per_user;
+}
+
+int bus_context_get_max_container_metadata_bytes (BusContext *context)
+{
+ return context->limits.max_container_metadata_bytes;
+}
+
+int bus_context_get_max_connections_per_container (BusContext *context)
+{
+ return context->limits.max_connections_per_container;
+}
+
DBusRLimit *
bus_context_get_initial_fd_limit (BusContext *context)
{
int max_match_rules_per_connection; /**< Max number of match rules for a single connection */
int max_replies_per_connection; /**< Max number of replies that can be pending for each connection */
int reply_timeout; /**< How long to wait before timing out a reply */
+ int max_containers; /**< Max number of restricted servers for app-containers */
+ int max_containers_per_user; /**< Max number of restricted servers for app-containers, per user */
+ int max_connections_per_container; /**< Max number of connections per restricted server */
+ int max_container_metadata_bytes; /**< Max number of bytes of metadata per restricted server */
} BusLimits;
typedef enum
int bus_context_get_max_match_rules_per_connection (BusContext *context);
int bus_context_get_max_replies_per_connection (BusContext *context);
int bus_context_get_reply_timeout (BusContext *context);
+int bus_context_get_max_containers (BusContext *context);
+int bus_context_get_max_containers_per_user (BusContext *context);
+int bus_context_get_max_container_metadata_bytes (BusContext *context);
+int bus_context_get_max_connections_per_container (BusContext *context);
DBusRLimit * bus_context_get_initial_fd_limit (BusContext *context);
dbus_bool_t bus_context_get_using_syslog (BusContext *context);
void bus_context_log (BusContext *context,
else
{
- /* Make up some numbers! woot! */
+ /* Make up some numbers! woot!
+ * Please keep these hard-coded values in sync with the comments
+ * in bus/system.conf.in. */
+
parser->limits.max_incoming_bytes = _DBUS_ONE_MEGABYTE * 127;
parser->limits.max_outgoing_bytes = _DBUS_ONE_MEGABYTE * 127;
parser->limits.max_message_size = _DBUS_ONE_MEGABYTE * 32;
parser->limits.max_incomplete_connections = 64;
parser->limits.max_connections_per_user = 256;
+ parser->limits.max_containers_per_user = 16;
/* Note that max_completed_connections / max_connections_per_user
* is the number of users that would have to work together to
- * DOS all the other users.
+ * DOS all the other users. The same applies to containers.
*/
parser->limits.max_completed_connections = 2048;
+ parser->limits.max_containers = 512;
+ /* Similarly max_connections_per_user / max_connections_per_container
+ * is the number of app-containers per user that would have to work
+ * together to DoS all the other processes of that user */
+ parser->limits.max_connections_per_container = 8;
+ /* Someone trying to do a denial of service attack can make us store
+ * this much data per app-container */
+ parser->limits.max_container_metadata_bytes = 4096;
parser->limits.max_pending_activations = 512;
parser->limits.max_services_per_connection = 512;
must_be_int = TRUE;
parser->limits.max_replies_per_connection = value;
}
+ else if (strcmp (name, "max_containers") == 0)
+ {
+ must_be_positive = TRUE;
+ must_be_int = TRUE;
+ parser->limits.max_containers = value;
+ }
+ else if (strcmp (name, "max_containers_per_user") == 0)
+ {
+ must_be_positive = TRUE;
+ must_be_int = TRUE;
+ parser->limits.max_containers_per_user = value;
+ }
+ else if (strcmp (name, "max_container_metadata_bytes") == 0)
+ {
+ must_be_positive = TRUE;
+ must_be_int = TRUE;
+ parser->limits.max_container_metadata_bytes = value;
+ }
+ else if (strcmp (name, "max_connections_per_container") == 0)
+ {
+ must_be_positive = TRUE;
+ must_be_int = TRUE;
+ parser->limits.max_connections_per_container = value;
+ }
else
{
dbus_set_error (error, DBUS_ERROR_FAILED,
<limit name="max_names_per_connection">50000</limit>
<limit name="max_match_rules_per_connection">50000</limit>
<limit name="max_replies_per_connection">50000</limit>
+ <limit name="max_containers">10000</limit>
+ <limit name="max_containers_per_user">10000</limit>
+ <limit name="max_container_metadata_bytes">1000000000</limit>
+ <!-- This is relatively low so that app-containers (which we do not fully
+ trust) do not cause DoS. -->
+ <limit name="max_connections_per_container">16</limit>
</busconfig>
<!-- <limit name="max_names_per_connection">512</limit> -->
<!-- <limit name="max_match_rules_per_connection">512</limit> -->
<!-- <limit name="max_replies_per_connection">128</limit> -->
+ <!-- <limit name="max_containers">512</limit> -->
+ <!-- <limit name="max_containers_per_user">16</limit> -->
+ <!-- <limit name="max_container_metadata_bytes">4096</limit> -->
+ <!-- <limit name="max_connections_per_container">8</limit> -->
<!-- Config files are placed here that among other things, punch
holes in the above policy for specific services. -->
(number of calls-in-progress)
"reply_timeout" : milliseconds (thousandths)
until a method call times out
+ "max_containers" : max number of restricted servers for use
+ in app-containers, in total
+ "max_containers_per_user" : max number of app-containers per Unix uid
+ "max_container_metadata_bytes": max number of bytes of metadata to store
+ for each app-container
+ "max_connections_per_container": max number of (authenticated or
+ unauthenticated) connections to each
+ app-container
</literallayout> <!-- .fi -->
projects / thirdparty / dbus.git / commitdiff
