diff options
author | David King <dking@redhat.com> | 2018-02-07 14:37:24 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2018-02-20 17:40:01 +0000 |
commit | 6e42964f5f850f4108fd8f7f3cd385ab4d60f9f6 (patch) | |
tree | 2cc421b8e72dd2f1584831fe85c247ba781e9af5 | |
parent | 62d59c1a85da4b5e643414279eff20c9418fdc06 (diff) |
bus: raise fd limits before dropping privs
Startup ordering was changed in #92832 to ensure that SELinux audit
messages could be sent. As a side effect, the raising of file descriptor
limits was moved to after the dropping of root privileges, resulting in
the limit change always failing.
Move the raise_file_descriptor_limit() call to ensure that it is called
before dropping root privileges.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105165
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1529044
[smcv: Call raise_file_descriptor_limit() even if !context->user]
Reviewed-by: Simon McVittie <smcv@collabora.com>
-rw-r--r-- | bus/bus.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -738,8 +738,6 @@ process_config_postinit (BusContext *context, DBusHashTable *service_context_table; DBusList *watched_dirs = NULL; - raise_file_descriptor_limit (context); - service_context_table = bus_config_parser_steal_service_context_table (parser); if (!bus_registry_set_service_context_table (context->registry, service_context_table)) @@ -971,6 +969,11 @@ bus_context_new (const DBusString *config_file, !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) _dbus_pipe_close (print_pid_pipe, NULL); + /* Raise the file descriptor limits before dropping the privileges + * required to do so. + */ + raise_file_descriptor_limit (context); + /* Here we change our credentials if required, * as soon as we've set up our sockets and pidfile. * This must be done before initializing LSMs, so that the netlink |