bus/containers: Enforce max_connections_per_container

Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
author: Simon McVittie <smcv@collabora.com> 2017-06-22 12:50:48 +0100
committer: Simon McVittie <smcv@collabora.com> 2017-12-11 16:05:34 +0000
commit: 3ca95828c863fb2327aff3628b2a70e17fc4685f (patch)
tree: 61e8bd5e6c5c3e342c25cd3fdf929a4ffccc9fe1
parent: c6d57bfc021b777520f3c295f6f030f1da5ea5f5 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/bus/containers.c b/bus/containers.c
index 7aa3e2b7..994f89b1 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -474,6 +474,19 @@ new_connection_cb (DBusServer     *server,
                    void           *data)
 {
   BusContainerInstance *instance = data;
+  int limit = bus_context_get_max_connections_per_container (instance->context);
+
+  /* This is O(n), but we assume n is small in practice. */
+  if (_dbus_list_get_length (&instance->connections) >= limit)
+    {
+      /* We can't send this error to the new connection, so just log it */
+      bus_context_log (instance->context, DBUS_SYSTEM_LOG_WARNING,
+                       "Closing connection to container server "
+                       "%s (%s \"%s\") because it would exceed resource limit "
+                       "(max_connections_per_container=%d)",
+                       instance->path, instance->type, instance->name, limit);
+      return;
+    }
 
   if (!dbus_connection_set_data (new_connection, contained_data_slot,
                                  bus_container_instance_ref (instance),
author	Simon McVittie <smcv@collabora.com>	2017-06-22 12:50:48 +0100
committer	Simon McVittie <smcv@collabora.com>	2017-12-11 16:05:34 +0000
commit	3ca95828c863fb2327aff3628b2a70e17fc4685f (patch)
tree	61e8bd5e6c5c3e342c25cd3fdf929a4ffccc9fe1
parent	c6d57bfc021b777520f3c295f6f030f1da5ea5f5 (diff)