Previously, we were relying on the system bus being able to reset
its OOM score adjustment after it forks, but before it execs the
dbus-daemon-launch-helper. However, it can't actually do that (leading
to dbus#378), because the system bus typically starts as root, uses its
root privileges to adjust resource limits, and then drops privileges
to the `@DBUS_USER@`, typically `dbus` or `messagebus`. This leaves the
pseudo-files in /proc for its process parameters owned by root, and the
`@DBUS_USER@` is not allowed to open them for writing.
The dbus-daemon-launch-helper is setuid root, so it can certainly
alter its OOM score adjustment before exec'ing the actual activated
service. We need to do this before dropping privileges, because after
dropping privileges we would be unable to write to this process
parameter.
This is a non-async-signal-safe context, so we can safely log errors
here, unlike the fork-and-exec code paths.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/378
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit
2efb462466d628d47d7f80c5a8e864a62b6154cc)
#include "activation-helper.h"
#include "activation-exit-codes.h"
+#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dbus/dbus-misc.h>
#include <dbus/dbus-shell.h>
#include <dbus/dbus-marshal-validate.h>
+#include <dbus/dbus-sysdeps-unix.h>
static BusDesktopFile *
desktop_file_for_name (BusConfigParser *parser,
char **argv;
int argc;
dbus_bool_t retval;
+ const char *error_str = NULL;
argc = 0;
retval = TRUE;
argv = NULL;
+ /* Resetting the OOM score adjustment is best-effort, so we don't
+ * treat a failure to do so as fatal. */
+ if (!_dbus_reset_oom_score_adj (&error_str))
+ _dbus_warn ("%s: %s", error_str, strerror (errno));
+
if (!switch_user (user, error))
return FALSE;
projects / platform / upstream / dbus.git / commitdiff