Enable dbus-broker.service to use dbus-broker as system and session message bus backend.
- Name: David Herrmann
- Email: firstname.lastname@example.org
- Name: Tom Gundersen
- Email: email@example.com
- Release notes owner:
- Targeted release: Fedora 29
- Last updated: 2018-01-10
- Tracker bug:
The dbus-broker project is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for linux systems, and makes use of many modern features provided by recent linux kernel releases.
The main focus points of dbus-broker are reliability, scalability and security.
D-Bus aims to be reliable in the sense that message delivery is predictable, and in particular that no messages are silently dropped. dbus-broker achieves this as outlined on the wiki, whereas the reference implementation is not able to make this guarantee in all cases.
D-Bus is inherently non-scalable, due to its shared global state. However, dbus-broker improves the situation considerably, and this is an area of ongoing work.
The reference implementation is susceptible to several known DoS attacks, all of which have been addressed by dbus-broker. In particular, malicious resource exhaustion is a source of problems. dbus-broker uses a new per-UID resource accounting scheme to be able to stay operational in face of many more malicious users on the bus, while greatly loosening the constraints put on each client (which has been a difficult trade-off with the reference implementation, usually leading to systems running with insecure configuration).
Benefit to Fedora
D-Bus is a core part of Fedora, both used by system services, and in the user sessions. It will only become more critical as more things get containerized. This change provides a more scalable and more reliable implementation in place of the reference implementation. The reference implementation suffers from long-standing issues including potential dead-locks and susceptibility to denial of service attacks, which the replacement implementation does not.
- Proposal owners:
- Fix regressions.
- Other developers:
- Watch for regressions
dbus-broker.servicein system and user-global context of systemd (via systemd presets).
- Pull in
- Policies and guidelines: No changes needed.
- Trademark approval: No changes needed.
It is safe to switch back and forth between dbus-daemon and dbus-broker as backend for the system and session buses. There is no data migration needed. The configuration and data formats are equivalent for both implementations.
All known compatibility issues are listed and discussed on the project wiki.
How To Test
dbus-broker package and enable it via:
systemctl enable dbus-broker.service systemctl --global enable dbus-broker.service
After a reboot dbus-broker will be used as system and session message bus. This can be easily reverted by running the corresponding
systemctl disable commands.
No visible changes in behavior are expected, except for different log messages. Any visibly different behavior to dbus-daemon should be reported as a regression. Ideally, this change should only improve the performance and security of the message bus.
- Contingency mechanism: Revert to dbus-daemon.
- Contingency deadline: Any
- Blocks release? No
- Blocks product? None