From 868113fa1d219a6bc0da3fe4918fdbe67682d5c5 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 21 Jun 2017 16:35:34 +0100 Subject: [PATCH] bus: Add (unused) settings for resource limits for containers These will be enforced in subsequent commits. Signed-off-by: Simon McVittie https://bugs.freedesktop.org/show_bug.cgi?id=101354 --- bus/bus.c | 20 ++++++++++++++++++++ bus/bus.h | 8 ++++++++ bus/config-parser.c | 40 ++++++++++++++++++++++++++++++++++++++-- bus/session.conf.in | 6 ++++++ bus/system.conf.in | 4 ++++ doc/dbus-daemon.1.xml.in | 8 ++++++++ 6 files changed, 84 insertions(+), 2 deletions(-) diff --git a/bus/bus.c b/bus/bus.c index c46dc6e6..760703bb 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -1394,6 +1394,26 @@ bus_context_get_reply_timeout (BusContext *context) return context->limits.reply_timeout; } +int bus_context_get_max_containers (BusContext *context) +{ + return context->limits.max_containers; +} + +int bus_context_get_max_containers_per_user (BusContext *context) +{ + return context->limits.max_containers_per_user; +} + +int bus_context_get_max_container_metadata_bytes (BusContext *context) +{ + return context->limits.max_container_metadata_bytes; +} + +int bus_context_get_max_connections_per_container (BusContext *context) +{ + return context->limits.max_connections_per_container; +} + DBusRLimit * bus_context_get_initial_fd_limit (BusContext *context) { diff --git a/bus/bus.h b/bus/bus.h index c19650bd..380eaddd 100644 --- a/bus/bus.h +++ b/bus/bus.h @@ -66,6 +66,10 @@ typedef struct int max_match_rules_per_connection; /**< Max number of match rules for a single connection */ int max_replies_per_connection; /**< Max number of replies that can be pending for each connection */ int reply_timeout; /**< How long to wait before timing out a reply */ + int max_containers; /**< Max number of restricted servers for app-containers*/ + int max_containers_per_user; /**< Max number of restricted servers for app-containers, per user */ + int max_connections_per_container; /**< Max number of connections per restricted server */ + int max_container_metadata_bytes; /**< Max number of bytes of metadata per restricted server */ } BusLimits; typedef enum @@ -123,6 +127,10 @@ int bus_context_get_max_services_per_connection (BusContext int bus_context_get_max_match_rules_per_connection (BusContext *context); int bus_context_get_max_replies_per_connection (BusContext *context); int bus_context_get_reply_timeout (BusContext *context); +int bus_context_get_max_containers (BusContext *context); +int bus_context_get_max_containers_per_user (BusContext *context); +int bus_context_get_max_container_metadata_bytes (BusContext *context); +int bus_context_get_max_connections_per_container (BusContext *context); DBusRLimit * bus_context_get_initial_fd_limit (BusContext *context); dbus_bool_t bus_context_get_using_syslog (BusContext *context); void bus_context_log (BusContext *context, diff --git a/bus/config-parser.c b/bus/config-parser.c index 7b3aabb2..9aadd464 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -480,7 +480,10 @@ bus_config_parser_new (const DBusString *basedir, else { - /* Make up some numbers! woot! */ + /* Make up some numbers! woot! + * Please keep these hard-coded values in sync with the comments + * in bus/system.conf.in. */ + parser->limits.max_incoming_bytes = _DBUS_ONE_MEGABYTE * 127; parser->limits.max_outgoing_bytes = _DBUS_ONE_MEGABYTE * 127; parser->limits.max_message_size = _DBUS_ONE_MEGABYTE * 32; @@ -513,12 +516,21 @@ bus_config_parser_new (const DBusString *basedir, parser->limits.max_incomplete_connections = 64; parser->limits.max_connections_per_user = 256; + parser->limits.max_containers_per_user = 16; /* Note that max_completed_connections / max_connections_per_user * is the number of users that would have to work together to - * DOS all the other users. + * DOS all the other users. The same applies to containers. */ parser->limits.max_completed_connections = 2048; + parser->limits.max_containers = 512; + /* Similarly max_connections_per_user / max_connections_per_container + * is the number of app-containers per user that would have to work + * together to DoS all the other processes of that user */ + parser->limits.max_connections_per_container = 8; + /* Someone trying to do a denial of service attack can make us store + * this much data per app-container */ + parser->limits.max_container_metadata_bytes = 4096; parser->limits.max_pending_activations = 512; parser->limits.max_services_per_connection = 512; @@ -2093,6 +2105,30 @@ set_limit (BusConfigParser *parser, must_be_int = TRUE; parser->limits.max_replies_per_connection = value; } + else if (strcmp (name, "max_containers") == 0) + { + must_be_positive = TRUE; + must_be_int = TRUE; + parser->limits.max_containers = value; + } + else if (strcmp (name, "max_containers_per_user") == 0) + { + must_be_positive = TRUE; + must_be_int = TRUE; + parser->limits.max_containers_per_user = value; + } + else if (strcmp (name, "max_container_metadata_bytes") == 0) + { + must_be_positive = TRUE; + must_be_int = TRUE; + parser->limits.max_container_metadata_bytes = value; + } + else if (strcmp (name, "max_connections_per_container") == 0) + { + must_be_positive = TRUE; + must_be_int = TRUE; + parser->limits.max_connections_per_container = value; + } else { dbus_set_error (error, DBUS_ERROR_FAILED, diff --git a/bus/session.conf.in b/bus/session.conf.in index affa7f1d..ace073c9 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -76,5 +76,11 @@ 50000 50000 50000 + 10000 + 10000 + 1000000000 + + 16 diff --git a/bus/system.conf.in b/bus/system.conf.in index f139b557..2ca4ae58 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -124,6 +124,10 @@ + + + + diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index a9a46eef..da899a85 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -749,6 +749,14 @@ Available limit names are: (number of calls-in-progress) "reply_timeout" : milliseconds (thousandths) until a method call times out + "max_containers" : max number of restricted servers for use + in app-containers, in total + "max_containers_per_user" : max number of app-containers per Unix uid + "max_container_metadata_bytes": max number of bytes of metadata to store + for each app-container + "max_connections_per_container": max number of (authenticated or + unauthenticated) connections to each + app-container -- 2.13.3