summaryrefslogtreecommitdiff
path: root/src/journal-remote/browse.html
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2015-09-04 11:13:32 +0200
committerDavid Herrmann <dh.herrmann@gmail.com>2015-09-04 11:13:32 +0200
commited15589c983ee46a3a0fb1e6f348f673c2b8f2aa (patch)
tree27a15573c2a6d7c793a07c9a39cce0d09bf926f7 /src/journal-remote/browse.html
parentc7f837628b18b2e531fd36e175ca424c2ed30c9e (diff)
bus-proxy: increase NOFILE limit
The bus-proxy manages the kdbus connections of all users on the system (regarding the system bus), hence, it needs an elevated NOFILE. Otherwise, a single user can trigger ENFILE by opening NOFILE connections to the bus-proxy. Note that the bus-proxy still does per-user accounting, indirectly via the proxy/fake API of kdbus. Hence, the effective per-user limit is not raised by this. However, we now prevent one user from consuming the whole FD limit of the shared proxy. Also note that there is no *perfect* way to set this. The proxy is a shared object, so it needs a larger NOFILE limit than the highest limit of all users. This limit can be changed dynamically, though. Hence, we cannot protect against it. However, a raised NOFILE limit is a privilege, so we just treat it as such and basically allow these privileged users to be able to consume more resources than normal users (and, maybe, cause some limits to be exceeded by this). Right now, kdbus hard-codes 1024 max connections per user on each bus. However, we *must not* rely on this. This limits could be easily dropped entirely, as the NOFILE limit is a suitable limit on its on.
Diffstat (limited to 'src/journal-remote/browse.html')
0 files changed, 0 insertions, 0 deletions