From 4d0e5dbd52291ae49740adb006bfc2595b953ec5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sat, 19 Jun 2010 16:57:54 +0200
Subject: service: require KillMode=control-group when PAM is enabled

---
 src/mount.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/mount.c')

diff --git a/src/mount.c b/src/mount.c
index e3984203ac..081e92c029 100644
--- a/src/mount.c
+++ b/src/mount.c
@@ -303,6 +303,11 @@ static int mount_verify(Mount *m) {
                 return -EBADMSG;
         }
 
+        if (m->exec_context.pam_name && m->kill_mode != KILL_CONTROL_GROUP) {
+                log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", m->meta.id);
+                return -EINVAL;
+        }
+
         return 0;
 }
 
-- 
cgit v1.2.3-54-g00ecf