From Fedora Project Wiki
(Added benefits section)
(Fleshed out description)
Line 24: Line 24:
  
 
The dbus-broker project is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for linux systems, and makes use of many modern features provided by recent linux kernel releases.
 
The dbus-broker project is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for linux systems, and makes use of many modern features provided by recent linux kernel releases.
 +
 +
The main focus points of dbus-broker are reliability, scalability and security.
 +
 +
D-Bus aims to be reliable in the sense that message delivery is predictable, and in particular that no messages are silently dropped. dbus-broker achieves this as outlined on the [https://github.com/bus1/dbus-broker/wiki/Reliability wiki], whereas the reference implementation is not able to make this guarantee in all cases.
 +
 +
D-Bus is inherently non-scalable, due to its shared global state. However, dbus-broker [https://github.com/bus1/dbus-broker/wiki/Scalability improves] the situation considerably, and this is an area of ongoing work.
 +
 +
The reference implementation is susceptible to several known DoS attacks, all of which have been addressed by dbus-broker. In particular, malicious resource exhaustion is a source of problems. dbus-broker uses a new [https://github.com/bus1/dbus-broker/wiki/Accounting per-UID resource accounting scheme] to be able to stay operational in face of many more malicious users on the bus, while greatly loosening the constraints put on each client (which has been a difficult trade-off with the reference implementation, usually leading to systems running with insecure configuration).
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==

Revision as of 12:47, 10 January 2018

Enable dbus-broker

Summary

Enable dbus-broker.service to use dbus-broker as system and session message bus backend.

Owner

  • Release notes owner:

Current status

  • Targeted release: Fedora 29
  • Last updated: 2018-01-10
  • Tracker bug:

Detailed Description

The dbus-broker project is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for linux systems, and makes use of many modern features provided by recent linux kernel releases.

The main focus points of dbus-broker are reliability, scalability and security.

D-Bus aims to be reliable in the sense that message delivery is predictable, and in particular that no messages are silently dropped. dbus-broker achieves this as outlined on the wiki, whereas the reference implementation is not able to make this guarantee in all cases.

D-Bus is inherently non-scalable, due to its shared global state. However, dbus-broker improves the situation considerably, and this is an area of ongoing work.

The reference implementation is susceptible to several known DoS attacks, all of which have been addressed by dbus-broker. In particular, malicious resource exhaustion is a source of problems. dbus-broker uses a new per-UID resource accounting scheme to be able to stay operational in face of many more malicious users on the bus, while greatly loosening the constraints put on each client (which has been a difficult trade-off with the reference implementation, usually leading to systems running with insecure configuration).

Benefit to Fedora

D-Bus is a core part of Fedora, both used by system services, and in the user sessions. It will only become more critical as more things get containerized. This change provides a more scalable and more reliable implementation in place of the reference implementation. The reference implementation suffers from long-standing issues including potential dead-locks and susceptibility to denial of service attacks, which the replacement implementation does not.

Scope

  • Proposal owners:
    • Fix regressions.
  • Other developers:
    • Watch for regressions
    • Enable dbus-broker.service in system and user-global context of systemd (via systemd presets).
    • Pull in dbus-broker package from dbus package.
  • Policies and guidelines: No changes needed.
  • Trademark approval: No changes needed.

Upgrade/compatibility impact

It is safe to switch back and forth between dbus-daemon and dbus-broker as backend for the system and session buses. There is no data migration needed. The configuration and data formats are equivalent for both implementations.

All known compatibility issues are listed and discussed on the project wiki.

How To Test

Install the dbus-broker package and enable it via:

   systemctl enable dbus-broker.service
   systemctl --global enable dbus-broker.service

After a reboot dbus-broker will be used as system and session message bus. This can be easily reverted by running the corresponding systemctl disable commands.

User Experience

No visible changes in behavior are expected, except for different log messages. Any visibly different behavior to dbus-daemon should be reported as a regression. Ideally, this change should only improve the performance and security of the message bus.

Dependencies

N/A

Contingency Plan

  • Contingency mechanism: Revert to dbus-daemon.
  • Contingency deadline: Any
  • Blocks release? No
  • Blocks product? None

Documentation

Release Notes

WIP