Commit b4a4323c authored by David King's avatar David King Committed by Simon McVittie
Browse files

bus: raise fd limits before dropping privs

Startup ordering was changed in #92832 to ensure that SELinux audit
messages could be sent. As a side effect, the raising of file descriptor
limits was moved to after the dropping of root privileges, resulting in
the limit change always failing.

Move the raise_file_descriptor_limit() call to ensure that it is called
before dropping root privileges.


[smcv: Call raise_file_descriptor_limit() even if !context->user]
Reviewed-by: Simon McVittie's avatarSimon McVittie <>

(cherry picked from commit 6e42964f)
parent 9a2846e1
......@@ -715,8 +715,6 @@ process_config_postinit (BusContext *context,
DBusHashTable *service_context_table;
DBusList *watched_dirs = NULL;
raise_file_descriptor_limit (context);
service_context_table = bus_config_parser_steal_service_context_table (parser);
if (!bus_registry_set_service_context_table (context->registry,
......@@ -940,6 +938,11 @@ bus_context_new (const DBusString *config_file,
!_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
_dbus_pipe_close (print_pid_pipe, NULL);
/* Raise the file descriptor limits before dropping the privileges
* required to do so.
raise_file_descriptor_limit (context);
/* Here we change our credentials if required,
* as soon as we've set up our sockets and pidfile.
* This must be done before initializing LSMs, so that the netlink
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment