How to Fix D-Bus Service Failures

Simon McVittie smcv at collabora.com
Fri Mar 7 15:00:34 UTC 2025 

On Fri, 07 Mar 2025 at 17:29:10 +0300, Abdullah Yıldız wrote:
> Mar 05 07:46:08 compute-server xdg-desktop-por[35472]: error:
> GDBus.Error:org.freedesktop.DBus.Error.LimitsExceeded: The maximum
> number of active connections has been reached
> Mar 05 07:46:18 compute-server dbus[1350]: [system] Failed to activate
> service 'org.freedesktop.hostname1': timed out
> Mar 05 07:46:24 compute-server dbus[1350]: [system] Connection has not
> authenticated soon enough, closing it (auth_timeout=30000ms, elapsed:
> 30006ms)

This is your system bus. There is normally one per bootable system:
at least one per kernel, but whole-system containers that behave like
a full system from init upwards, like lxc, Incus or systemd-nspawn,
sometimes have their own. It is intended to be for users to talk to
system services, and for system services to talk to each other.

> This is what I observe when I check /usr/share/dbus-1/session.conf

This is configuration for your session bus (not the same thing), sometimes
referred to as the user bus. There is normally one per (system,uid)
pair. It is intended to be for unprivileged programs running as the user
to talk to each other.

Configuration files/directories with "system" in the name are for the
system bus, configuration files/directories with "session" in the name
are for the session bus (user bus), and neither affects the other bus.

> I want to understand that overriding some of the D-Bus specific values
> (as shown below) would help to fix the issue:
> 
> <busconfig>
>  <!-- default for this is 900 -->
>  <limit name="max_completed_connections">32768</limit>
>  <!-- default for this is 92 -->
>  <limit name="max_incomplete_connections">1000</limit>
>  <!-- default for this is 100000 -->
>  <limit name="max_connections_per_user">150000</limit>
> </busconfig>

It probably would, but only if you override them in the right place.

The system bus limits can be overridden by writing a file into
/etc/dbus-1/system.d/*.conf (local configuration by the sysadmin)
or /usr/share/dbus-1/system.d/*.conf (configuration by OS vendor or
packages, e.g. from RPM or dpkg). Their defaults are hard-coded into
the dbus-daemon, but for convenient reference there is a commented-out
list of default values in /usr/share/dbus-1/system.conf (although I now
notice that some of them are out of date).

These are arbitrary limits intended to prevent denial of service attacks.

For example, increasing the maximum number of completed connections
might could look like this:

    $ sudo tee /etc/dbus-1/system.d/local-max-connections.conf <<EOF
    <busconfig>
        <limit name="max_completed_connections">32768</limit>
    </busconfig>
    EOF

If your system is massively multi-user, then, yes, you can expect to need
to increase the arbitrary limits. The defaults are suitable for a system
with perhaps 10 concurrent users - more if they are only running small
text-based environments, but perhaps fewer if they are all running full
GUI sessions.

> Mar 05 07:46:08 compute-server xdg-desktop-por[35472]: error:
> GDBus.Error:org.freedesktop.DBus.Error.LimitsExceeded: The maximum
> number of active connections has been reached

This indicates that either max_completed_connections is not high enough,
or a malicious or buggy process is opening lots of connections.
The default on the system bus is to allow 2048 completed (active)
connections, with each user limited to 256 connections, so that users
cannot carry out a denial-of-service on the whole system unless at least
8 users work together to achieve it.

The default on the session bus is 100000, and the session bus normally
only allows connections from one user, so the limit on connections per
user is also 100000.

> Mar 05 07:46:18 compute-server dbus[1350]: [system] Failed to activate
> service 'org.freedesktop.hostname1': timed out

This could indicate that service_start_timeout is not high enough,
although it's perhaps more likely to be a side-effect of running out
of connection quota. The default on the system bus is 25000 (25 seconds).
The default on the session bus is 120000 (120 seconds).

> Mar 05 07:46:24 compute-server dbus[1350]: [system] Connection has not
> authenticated soon enough, closing it (auth_timeout=30000ms, elapsed:
> 30006ms)

This could indicate that auth_timeout is not high enough, or it could
indicate extremely high load that results in client connections not
getting scheduled promptly, or it could indicate a malicious or buggy
client. The default on the system bus is 30000, meaning 30 seconds
(system.conf says it's 5000, but that's actually wrong).  The default
on the session bus is 240000 (240 seconds).

>  <!-- default for this is 900 -->
>  <limit name="max_completed_connections">32768</limit>

Where are you getting that default from? The default in dbus is
2048 for the system bus, and 100000 for the session bus.
Does something else on your system set it to 900?

>  <!-- default for this is 92 -->
>  <limit name="max_incomplete_connections">1000</limit>

Where are you getting that default from? The default in dbus is 64.
Does something else on your system set it to 92?

>  <!-- default for this is 100000 -->
>  <limit name="max_connections_per_user">150000</limit>
> </busconfig>

The default for the system bus is 256. The default for the session
bus is 100000, but the error messages you quoted are for the system bus.

It never makes sense to set max_connections_per_user higher than
max_completed_connections, and if you do that on the system bus, it's an
easy denial of service attack: a malicious user could use up all of the
connection quota on their own, preventing other users from connecting.

    smcv

More information about the dbus mailing list