diff --git a/bsc1153630-prevent-systemd-pam_mount.patch b/bsc1153630-prevent-systemd-pam_mount.patch
new file mode 100644
index 0000000..1c75edb
--- /dev/null
+++ b/bsc1153630-prevent-systemd-pam_mount.patch
@@ -0,0 +1,17 @@
+Index: pam-config-1.2/src/mod_pam_mount.c
+===================================================================
+--- pam-config-1.2.orig/src/mod_pam_mount.c
++++ pam-config-1.2/src/mod_pam_mount.c
+@@ -135,7 +135,12 @@ write_config_mount (  pam_module_t *this
+     }
+     /* pam_thinkfinger.so is not enabled so we can safely add
+      * pam_mount.so
++     * We'll also add a line preventing systemd-user from invoking pam_mount.so as it
++     * causes problems at least when (trying) to umount a user partition as it drops privileges between
++     * opening and closing a (PAM) session.
++     * Note that this doesn't break anything if systemd is not used.
+      */
++    fprintf(fp, "session  [success=1 default=ignore]\tpam_succeed_if.so\tservice = systemd-user\n");
+     fprintf (fp, "session  optional\tpam_mount.so\n");
+   }
+   return close_service_file (fp,gl_service);
diff --git a/pam-config.changes b/pam-config.changes
index dd7f10b..1f04180 100644
--- a/pam-config.changes
+++ b/pam-config.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Nov 25 08:02:48 UTC 2019 - Josef Möllers <josef.moellers@suse.com>
+
+- Prevent systemd-user to call pam_mount when opening/closing a
+  (PAM) session as it drops privileges in between and so when closing
+  it may be unable to undo things set up during opening.
+  [bsc#1153630, bsc1153630-prevent-systemd-pam_mount.patch]
+
 -------------------------------------------------------------------
 Fri Aug 16 17:37:33 UTC 2019 - kukuk@suse.de
 
diff --git a/pam-config.spec b/pam-config.spec
index 291eccf..23f19e7 100644
--- a/pam-config.spec
+++ b/pam-config.spec
@@ -24,6 +24,7 @@ License:        GPL-2.0-only
 Group:          System/Management
 URL:            https://github.com/SUSE/pam-config
 Source:         %{name}-%{version}.tar.xz
+Patch1:         bsc1153630-prevent-systemd-pam_mount.patch
 PreReq:         pam >= 1.3.0
 
 %description
@@ -36,6 +37,8 @@ add/adjust/remove other PAM modules and their options.
 %prep
 %setup -q
 
+%patch1 -p1
+
 %build
 %configure
 make %{?_smp_mflags}