How to Fix D-Bus Service Failures

Abdullah Yıldız ayildiz at cse.yeditepe.edu.tr
Sat Mar 8 10:26:06 UTC 2025 

Hi Simon,

Thank you for your detailed response and support. I shared my answers
inline below.

On Fri, Mar 7, 2025 at 6:00 PM Simon McVittie <smcv at collabora.com> wrote:
>
> On Fri, 07 Mar 2025 at 17:29:10 +0300, Abdullah Yıldız wrote:
> > Mar 05 07:46:08 compute-server xdg-desktop-por[35472]: error:
> > GDBus.Error:org.freedesktop.DBus.Error.LimitsExceeded: The maximum
> > number of active connections has been reached
> > Mar 05 07:46:18 compute-server dbus[1350]: [system] Failed to activate
> > service 'org.freedesktop.hostname1': timed out
> > Mar 05 07:46:24 compute-server dbus[1350]: [system] Connection has not
> > authenticated soon enough, closing it (auth_timeout=30000ms, elapsed:
> > 30006ms)
>
> This is your system bus. There is normally one per bootable system:
> at least one per kernel, but whole-system containers that behave like
> a full system from init upwards, like lxc, Incus or systemd-nspawn,
> sometimes have their own. It is intended to be for users to talk to
> system services, and for system services to talk to each other.
>
> > This is what I observe when I check /usr/share/dbus-1/session.conf
>
> This is configuration for your session bus (not the same thing), sometimes
> referred to as the user bus. There is normally one per (system,uid)
> pair. It is intended to be for unprivileged programs running as the user
> to talk to each other.
>
> Configuration files/directories with "system" in the name are for the
> system bus, configuration files/directories with "session" in the name
> are for the session bus (user bus), and neither affects the other bus.
>
> > I want to understand that overriding some of the D-Bus specific values
> > (as shown below) would help to fix the issue:
> >
> > <busconfig>
> >  <!-- default for this is 900 -->
> >  <limit name="max_completed_connections">32768</limit>
> >  <!-- default for this is 92 -->
> >  <limit name="max_incomplete_connections">1000</limit>
> >  <!-- default for this is 100000 -->
> >  <limit name="max_connections_per_user">150000</limit>
> > </busconfig>
>
> It probably would, but only if you override them in the right place.
>
> The system bus limits can be overridden by writing a file into
> /etc/dbus-1/system.d/*.conf (local configuration by the sysadmin)
> or /usr/share/dbus-1/system.d/*.conf (configuration by OS vendor or
> packages, e.g. from RPM or dpkg). Their defaults are hard-coded into
> the dbus-daemon, but for convenient reference there is a commented-out
> list of default values in /usr/share/dbus-1/system.conf (although I now
> notice that some of them are out of date).
>

In /usr/share/dbus-1/, there are no commented-out default values available
except session.conf:

$ grep -r "limit" /usr/share/dbus-1/
/usr/share/dbus-1/interfaces/org.freedesktop.PackageKit.Transaction.xml:
         whilst it is running. There is no limit to the number of times this
/usr/share/dbus-1/interfaces/org.freedesktop.PackageKit.Transaction.xml:
           This option is only really interesting on embedded devices with
a limited amount of
/usr/share/dbus-1/interfaces/org.freedesktop.PackageKit.Transaction.xml:
           The tree does not have any depth or bredth limits, although it
should be kept
/usr/share/dbus-1/interfaces/org.freedesktop.PackageKit.xml:
 The maximum number of past transactions to return, or 0 for no limit.
/usr/share/dbus-1/interfaces/org.freedesktop.portal.NetworkMonitor.xml:
   the default connection that is subject ot limitations
/usr/share/dbus-1/session.conf:  <!-- For the session bus, override the
default relatively-low limits
/usr/share/dbus-1/session.conf:       with essentially infinite limits,
since the bus is just running
/usr/share/dbus-1/session.conf:       to worry about. In some cases, we do
set the limits lower than
/usr/share/dbus-1/session.conf:       "all available memory" if exceeding
the limit is almost certainly a bug,
/usr/share/dbus-1/session.conf:       having the bus enforce a limit is
nicer than a huge memory leak. But the
/usr/share/dbus-1/session.conf:       intent is that these limits should
never be hit. -->
/usr/share/dbus-1/session.conf:  <!-- the memory limits are 1G instead of
say 4G because they can't exceed 32-bit signed int max -->
/usr/share/dbus-1/session.conf:  <limit
name="max_incoming_bytes">1000000000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_incoming_unix_fds">250000000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_outgoing_bytes">1000000000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_outgoing_unix_fds">250000000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_message_size">1000000000</limit>
/usr/share/dbus-1/session.conf:       limit is also relatively low -->
/usr/share/dbus-1/session.conf:  <limit
name="service_start_timeout">120000</limit>
/usr/share/dbus-1/session.conf:  <limit name="auth_timeout">240000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="pending_fd_timeout">150000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_completed_connections">900</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_incomplete_connections">92</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_connections_per_user">100000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_pending_service_starts">10000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_names_per_connection">50000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_match_rules_per_connection">50000</limit>
/usr/share/dbus-1/session.conf:  <limit
name="max_replies_per_connection">50000</limit>

> These are arbitrary limits intended to prevent denial of service attacks.
>
> For example, increasing the maximum number of completed connections
> might could look like this:
>
>     $ sudo tee /etc/dbus-1/system.d/local-max-connections.conf <<EOF
>     <busconfig>
>         <limit name="max_completed_connections">32768</limit>
>     </busconfig>
>     EOF
>
> If your system is massively multi-user, then, yes, you can expect to need
> to increase the arbitrary limits. The defaults are suitable for a system
> with perhaps 10 concurrent users - more if they are only running small
> text-based environments, but perhaps fewer if they are all running full
> GUI sessions.
>
> > Mar 05 07:46:08 compute-server xdg-desktop-por[35472]: error:
> > GDBus.Error:org.freedesktop.DBus.Error.LimitsExceeded: The maximum
> > number of active connections has been reached
>
> This indicates that either max_completed_connections is not high enough,
> or a malicious or buggy process is opening lots of connections.
> The default on the system bus is to allow 2048 completed (active)
> connections, with each user limited to 256 connections, so that users
> cannot carry out a denial-of-service on the whole system unless at least
> 8 users work together to achieve it.

Is there a way to check what the default is for the system bus as it (i.e.,
max_completed_connections) is not visible at both /etc/bus-1
and /usr/share/dbus-1/?

>
> The default on the session bus is 100000, and the session bus normally
> only allows connections from one user, so the limit on connections per
> user is also 100000.

This is defined as 900 in /usr/share/dbus-1/session.conf as shown in the
above code snippet.

>
> > Mar 05 07:46:18 compute-server dbus[1350]: [system] Failed to activate
> > service 'org.freedesktop.hostname1': timed out
>
> This could indicate that service_start_timeout is not high enough,
> although it's perhaps more likely to be a side-effect of running out
> of connection quota. The default on the system bus is 25000 (25 seconds).
> The default on the session bus is 120000 (120 seconds).

Is there a way to check what the default is for the system bus as it (i.e.,
service_start_timeout) is not visible at both /etc/bus-1
and /usr/share/dbus-1/?

>
> > Mar 05 07:46:24 compute-server dbus[1350]: [system] Connection has not
> > authenticated soon enough, closing it (auth_timeout=30000ms, elapsed:
> > 30006ms)
>
> This could indicate that auth_timeout is not high enough, or it could
> indicate extremely high load that results in client connections not
> getting scheduled promptly, or it could indicate a malicious or buggy
> client. The default on the system bus is 30000, meaning 30 seconds
> (system.conf says it's 5000, but that's actually wrong).  The default
> on the session bus is 240000 (240 seconds).

Is it possible to have this error as a side-effect of the connection issues?

>
> >  <!-- default for this is 900 -->
> >  <limit name="max_completed_connections">32768</limit>
>
> Where are you getting that default from? The default in dbus is
> 2048 for the system bus, and 100000 for the session bus.
> Does something else on your system set it to 900?

max_completed_connections is defined as 900 in
/usr/share/dbus-1/session.conf as shown in the above code snippet.

>
> >  <!-- default for this is 92 -->
> >  <limit name="max_incomplete_connections">1000</limit>
>
> Where are you getting that default from? The default in dbus is 64.
> Does something else on your system set it to 92?

max_incomplete_connections is defined as 92 in
/usr/share/dbus-1/session.conf as shown in the above code snippet.

>
> >  <!-- default for this is 100000 -->
> >  <limit name="max_connections_per_user">150000</limit>
> > </busconfig>
>
> The default for the system bus is 256. The default for the session
> bus is 100000, but the error messages you quoted are for the system bus.

max_connections_per_user is defined as 100000 in
/usr/share/dbus-1/session.conf as shown in the above code snippet.

>
> It never makes sense to set max_connections_per_user higher than
> max_completed_connections, and if you do that on the system bus, it's an
> easy denial of service attack: a malicious user could use up all of the
> connection quota on their own, preventing other users from connecting.

Is it possible that our D-Bus service is corrupted (as we never did any
modifications on these files)?

>
>     smcv

-- 
"Bu mesaj (ve ekleri) gizli bilgi içermektedir ve sadece gönderilen kişiye 
yöneliktir. Bu e-mailin muhatabı değilseniz veya içeriği ile ilginiz yoksa, 
Yeditepe Üniversitesinin onayı olmaksızın bu mesajın okunması, 
değiştirilmesi, kopyalanması, üçüncü kişilere açıklanması, yayınlanması, 
ifşa edilmesi veya iletilmesi yasaktır. Bu mesajın gönderilmek istendiği 
kişi değilseniz (ya da bu e-posta'yı yanlışlıkla aldıysanız), lütfen 
yollayan kişiyi hemen haberdar ediniz ve mesajı sisteminizden derhal 
siliniz. E-mail iletiminin güvenli veya hatasız olduğunun garantisi 
olmadığından geç veya eksik iletim veya içerik ve bilgilerde eksiklik, 
kayıp, değişiklik veya virüs olabilir. Bu nedenle, bu mesajın iletiminden 
dolayı, Yeditepe Üniversitesi , içerikteki hata, eksiklik, doğruluğun ve 
gizliliğin ihlalinden veya bu yolla bilgi paylaşımı, iletimi, depolanması 
gibi herhangi bir kullanımından hiçbir şekilde sorumlu değildir. Bu mesajın 
içeriği yazarına ait olup, Üniversitemizin görüşlerini içermeyebilir.

Bu 
mesajın içeriğinde geçen Üniversitemizin ad veya nanıma yaratılan fikri ve 
sınai haklar Üniversitemize ait olup, maddi ve manevi tüm hakları 
saklıdır.”

“This Message (including any attachments) contains confidential 
information and is intended only for the individual named. If you are not 
the named adressee or not related with the content of this Message, you are 
forbidden to read, disseminate, distribute, copy, reproduce or modify this 
mail by Yeditepe University. Please notfy the sender immediately if you 
have received this e-mail by mistake and delete this e-mail from your 
system. E-mail transmisson can not be guaranteed to be secure or error-free 
as the mail may arrive late or incomplete or the information could be 
intercepted, corrupted, lost, destroyed, amended, , or contain viruses. 
Yeditepe University therefore does not accept liability for any errors, 
loss of integrity or confidentiality or ommissions in the contents of this 
Message or for the information transmission, reception, storage of use of 
such in any way whatsoever, which arise as a result of e-mail transmission. 
Any opinions expressed in this message are those of the author and may not 
necessarily reflect the opinions of Our University.

Copyright in documents 
created by or on behalf of our University remains vested in us, and we 
assert all of our moral and intellectual property rights."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dbus/attachments/20250308/3b093a70/attachment-0001.htm>

More information about the dbus mailing list