service: require KillMode=control-group when PAM is enabled

4d0e5dbd · Lennart Poettering · 399ab2b1 · 4d0e5dbd · 4d0e5dbd · 4d0e5dbd
Commit 4d0e5dbd authored Jun 19, 2010 by Lennart Poettering
--- a/src/mount.c
+++ b/src/mount.c
@@ -303,6 +303,11 @@ static int mount_verify(Mount *m) {
                return -EBADMSG;
        }

+        if (m->exec_context.pam_name && m->kill_mode != KILL_CONTROL_GROUP) {
+                log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", m->meta.id);
+                return -EINVAL;
+        }
+
        return 0;
 }


--- a/src/service.c
+++ b/src/service.c
@@ -817,7 +817,12 @@ static int service_verify(Service *s) {
        }

        if (s->type == SERVICE_DBUS && !s->bus_name) {
-                log_error("%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->meta.id);
+                log_error("%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", s->meta.id);
+                return -EINVAL;
+        }
+
+        if (s->exec_context.pam_name && s->kill_mode != KILL_CONTROL_GROUP) {
+                log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", s->meta.id);
                return -EINVAL;
        }


--- a/src/socket.c
+++ b/src/socket.c
@@ -153,7 +153,12 @@ static int socket_verify(Socket *s) {
        }

        if (s->accept && s->max_connections <= 0) {
-                log_error("%s's MaxConnection setting too small. Refusing.", UNIT(s)->meta.id);
+                log_error("%s's MaxConnection setting too small. Refusing.", s->meta.id);
+                return -EINVAL;
+        }
+
+        if (s->exec_context.pam_name && s->kill_mode != KILL_CONTROL_GROUP) {
+                log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", s->meta.id);
                return -EINVAL;
        }