1. 27 Feb, 2022 3 commits
  2. 25 Feb, 2022 6 commits
  3. 23 Feb, 2022 6 commits
  4. 22 Feb, 2022 7 commits
    • Simon McVittie's avatar
      sysdeps-unix: Diagnose failure to open /proc/self/oom_score_adj · 226f2414
      Simon McVittie authored
      
      
      Previously, we silently ignored this, but now that we're more careful
      about the contexts in which we try to reset the OOM score and whether
      we log failures as a warning, we can let the dbus-daemon-launch-helper
      show a message if it can't write there.
      
      Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
      226f2414
    • Simon McVittie's avatar
      spawn-unix: Don't log an error if unable to reset Linux OOM score · 7ee72a27
      Simon McVittie authored
      
      
      We cannot safely log between fork() and exec() because it isn't an
      async-signal-safe operation (in particular it might allocate memory).
      
      We also don't want to treat a failure here as a real problem, because
      it might legitimately not work: in a system dbus-daemon that has dropped
      privileges from root, the pseudo-file representing this process parameter
      remains owned by root and cannot be altered by the unprivileged user.
      
      For the main use-case for this operation, the system dbus-daemon, we
      have another opportunity to do this in the dbus-daemon-launch-helper
      (see the previous commit).
      
      Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
      7ee72a27
    • Simon McVittie's avatar
      dbus-daemon-launch-helper: Reset Linux OOM score adjustment here · 2efb4624
      Simon McVittie authored
      Previously, we were relying on the system bus being able to reset
      its OOM score adjustment after it forks, but before it execs the
      dbus-daemon-launch-helper. However, it can't actually do that (leading
      to dbus#378), because the system bus typically starts as root, uses its
      root privileges to adjust resource limits, and then drops privileges
      to the `@DBUS_USER@`, typically `dbus` or `messagebus`. This leaves the
      pseudo-files in /proc for its process parameters owned by root, and the
      `@DBUS_USER@` is not allowed to open them for writing.
      
      The dbus-daemon-launch-helper is setuid root, so it can certainly
      alter its OOM score adjustment before exec'ing the actual activated
      service. We need to do this before dropping privileges, because after
      dropping privileges we would be unable to write to this process
      parameter.
      
      This is a non-async-signal-safe context, so we can safely log errors
      here, unlike the fork-and-exec code paths.
      
      Resolves: dbus/dbus#378
      
      
      Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
      2efb4624
    • Simon McVittie's avatar
      spawn-unix: On Linux, don't try to increase OOM-killer protection · c42bb644
      Simon McVittie authored
      The oom_score_adj parameter is a signed integer, with increasingly
      positive values being more likely to be killed by the OOM-killer,
      and increasingly negative values being less likely.
      
      Previously, we assumed that oom_score_adj would be negative or zero,
      and reset it to zero, which does not require privileges because it
      meant we're voluntarily giving up our OOM-killer protection.
      In particular, bus/dbus.service.in has OOMScoreAdjust=-900, which
      we don't want system services to inherit.
      
      However, systemd >= 250 has started putting a positive oom_score_adj
      on user processes, to make it more likely that the OOM killer will kill
      a user process rather than a system process. Changing from a positive
      oom_score_adj to zero is increasing protection from the OOM-killer,
      which only a privileged process is allowed to do, resulting in warnings
      whenever we carry out traditional (non-systemd) service activation
      on the session bus.
      
      To avoid this, do the equivalent of:
      
          if (oom_score_adj < 0)
              oom_score_adj = 0;
      
      which is always allowed.
      
      Resolves: dbus/dbus#374
      
      
      Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
      c42bb644
    • Simon McVittie's avatar
      f3ffe9a8
    • Simon McVittie's avatar
      spawn-unix: Correct indentation · 715a1a92
      Simon McVittie authored
      
      
      Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
      715a1a92
    • Simon McVittie's avatar
      Merge branch 'integration-test' into 'master' · 9b7bea10
      Simon McVittie authored
      tests: Ensure session bus has started before integration test
      
      See merge request dbus/dbus!256
      9b7bea10
  5. 21 Feb, 2022 7 commits
  6. 17 Feb, 2022 5 commits
  7. 16 Feb, 2022 4 commits
  8. 01 Feb, 2022 1 commit
  9. 27 Jan, 2022 1 commit