From 478bfe544742915c0534f707bc3be349a943c3c0 Mon Sep 17 00:00:00 2001
From: David King <dking@redhat.com>
Date: Wed, 7 Feb 2018 14:37:24 +0000
Subject: [PATCH] bus: raise fd limits before dropping privs

Startup ordering was changed in #92832 to ensure that SELinux audit
messages could be sent. As a side effect, the raising of file descriptor
limits was moved to after the dropping of root privileges, resulting in
the limit change always failing.

Move the raise_file_descriptor_limit() call to ensure that it is called
before dropping root privileges.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105165
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1529044
---
 bus/bus.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/bus/bus.c b/bus/bus.c
index a6f8db47..e5c8c1ee 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -738,8 +738,6 @@ process_config_postinit (BusContext      *context,
   DBusHashTable *service_context_table;
   DBusList *watched_dirs = NULL;
 
-  raise_file_descriptor_limit (context);
-
   service_context_table = bus_config_parser_steal_service_context_table (parser);
   if (!bus_registry_set_service_context_table (context->registry,
 					       service_context_table))
@@ -980,6 +978,11 @@ bus_context_new (const DBusString *config_file,
    */
   if (context->user != NULL)
     {
+      /* Raise the file descriptor limits before dropping the privileges
+       * required to do so.
+       */
+      raise_file_descriptor_limit (context);
+
       if (!_dbus_change_to_daemon_user (context->user, error))
 	{
 	  _DBUS_ASSERT_ERROR_IS_SET (error);
-- 
2.14.3