From: Lennart Poettering Date: Sat, 19 Jun 2010 14:57:54 +0000 (+0200) Subject: service: require KillMode=control-group when PAM is enabled X-Git-Tag: v1~136 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d0e5dbd52291ae49740adb006bfc2595b953ec5;p=systemd service: require KillMode=control-group when PAM is enabled --- diff --git a/src/mount.c b/src/mount.c index e3984203..081e92c0 100644 --- a/src/mount.c +++ b/src/mount.c @@ -303,6 +303,11 @@ static int mount_verify(Mount *m) { return -EBADMSG; } + if (m->exec_context.pam_name && m->kill_mode != KILL_CONTROL_GROUP) { + log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", m->meta.id); + return -EINVAL; + } + return 0; } diff --git a/src/service.c b/src/service.c index ba60b8f8..aff35511 100644 --- a/src/service.c +++ b/src/service.c @@ -817,7 +817,12 @@ static int service_verify(Service *s) { } if (s->type == SERVICE_DBUS && !s->bus_name) { - log_error("%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->meta.id); + log_error("%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", s->meta.id); + return -EINVAL; + } + + if (s->exec_context.pam_name && s->kill_mode != KILL_CONTROL_GROUP) { + log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", s->meta.id); return -EINVAL; } diff --git a/src/socket.c b/src/socket.c index ccbe4326..7a8624c8 100644 --- a/src/socket.c +++ b/src/socket.c @@ -153,7 +153,12 @@ static int socket_verify(Socket *s) { } if (s->accept && s->max_connections <= 0) { - log_error("%s's MaxConnection setting too small. Refusing.", UNIT(s)->meta.id); + log_error("%s's MaxConnection setting too small. Refusing.", s->meta.id); + return -EINVAL; + } + + if (s->exec_context.pam_name && s->kill_mode != KILL_CONTROL_GROUP) { + log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", s->meta.id); return -EINVAL; }