chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 399ab2b)
service: require KillMode=control-group when PAM is enabled
authorLennart Poettering <lennart@poettering.net>
Sat, 19 Jun 2010 14:57:54 +0000 (16:57 +0200)
committerLennart Poettering <lennart@poettering.net>
Sat, 19 Jun 2010 14:57:54 +0000 (16:57 +0200)
src/mount.c patch | blob | history
src/service.c patch | blob | history
src/socket.c patch | blob | history

diff --git a/src/mount.c b/src/mount.c
index e3984203ac3d33b37b21351cacb30523578a9a03..081e92c029a172b43cf0c65bb746cc935ae3147d 100644 (file)
--- a/src/mount.c
+++ b/src/mount.c
@@ -303,6 +303,11 @@ static int mount_verify(Mount *m) {
                 return -EBADMSG;
         }
 
+        if (m->exec_context.pam_name && m->kill_mode != KILL_CONTROL_GROUP) {
+                log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", m->meta.id);
+                return -EINVAL;
+        }
+
         return 0;
 }
 
diff --git a/src/service.c b/src/service.c
index ba60b8f8796f16ba3543538d658794b418dda258..aff355112dbd342ce3d256e8c3aa1aaf2e5bd68b 100644 (file)
--- a/src/service.c
+++ b/src/service.c
@@ -817,7 +817,12 @@ static int service_verify(Service *s) {
         }
 
         if (s->type == SERVICE_DBUS && !s->bus_name) {
-                log_error("%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", UNIT(s)->meta.id);
+                log_error("%s is of type D-Bus but no D-Bus service name has been specified. Refusing.", s->meta.id);
+                return -EINVAL;
+        }
+
+        if (s->exec_context.pam_name && s->kill_mode != KILL_CONTROL_GROUP) {
+                log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", s->meta.id);
                 return -EINVAL;
         }
 
diff --git a/src/socket.c b/src/socket.c
index ccbe4326c160dc5b0903f26e4e6e3e976cf170f1..7a8624c848fc962495eeb90371aab6863137c077 100644 (file)
--- a/src/socket.c
+++ b/src/socket.c
@@ -153,7 +153,12 @@ static int socket_verify(Socket *s) {
         }
 
         if (s->accept && s->max_connections <= 0) {
-                log_error("%s's MaxConnection setting too small. Refusing.", UNIT(s)->meta.id);
+                log_error("%s's MaxConnection setting too small. Refusing.", s->meta.id);
+                return -EINVAL;
+        }
+
+        if (s->exec_context.pam_name && s->kill_mode != KILL_CONTROL_GROUP) {
+                log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", s->meta.id);
                 return -EINVAL;
         }
 
Unnamed repository; edit this file 'description' to name the repository.