summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-04-12 23:52:41 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-04-21 00:21:33 -0400
commit921f831d3e2e27a0da16d93ad3dc468263a63320 (patch)
treefe97928c18dba6cd939d0baeb9065c493e1594d9
parent95365a576f7e81f3e2f02fa3e8225c4b03f12214 (diff)
logind: make KillOnlyUsers override KillUserProcesses
Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be used to specify users to kill, independently of the KillUserProcesses setting. Having the settings orthogonal seems to make more sense. It also makes KillOnlyUsers symmetrical to KillExcludeUsers.
-rw-r--r--man/logind.conf.xml25
-rw-r--r--src/login/logind-core.c9
2 files changed, 16 insertions, 18 deletions
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index 6e587c3561..3217ece21a 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -124,7 +124,9 @@
corresponding to the session and all processes inside that scope will be
terminated. If false, the scope is "abandonded", see
<citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- and processes are not killed. Defaults to <literal>yes</literal>.</para>
+ and processes are not killed. Defaults to <literal>yes</literal>,
+ but see the options <varname>KillOnlyUsers=</varname> and
+ <varname>KillExcludeUsers=</varname> below.</para>
<para>In addition to session processes, user process may run under the user
manager unit <filename>user@.service</filename>. Depending on the linger
@@ -147,17 +149,16 @@
<term><varname>KillOnlyUsers=</varname></term>
<term><varname>KillExcludeUsers=</varname></term>
- <listitem><para>These settings take space-separated lists of usernames that
- determine to which users the <varname>KillUserProcesses=</varname> setting
- applies. A user name may be added to <varname>KillExcludeUsers=</varname> to
- exclude the processes in the session scopes of that user from being killed even if
- <varname>KillUserProcesses=yes</varname> is set. If
- <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user
- is excluded by default. <varname>KillExcludeUsers=</varname> may be set to an
- empty value to override this default. If a user is not excluded,
- <varname>KillOnlyUsers=</varname> is checked next. A list of user names may be
- specified in <varname>KillOnlyUsers=</varname>, to only include those
- users. Otherwise, all users are included.</para></listitem>
+ <listitem><para>These settings take space-separated lists of usernames that override
+ the <varname>KillUserProcesses=</varname> setting. A user name may be added to
+ <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
+ that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
+ <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
+ excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
+ to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
+ is checked next. If this setting is specified, only the session scopes of those users
+ will be killed. Otherwise, users are subject to the
+ <varname>KillUserProcesses=yes</varname> setting.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 73075274e0..cbf8d757fe 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -364,19 +364,16 @@ bool manager_shall_kill(Manager *m, const char *user) {
assert(m);
assert(user);
- if (!m->kill_user_processes)
- return false;
-
if (!m->kill_exclude_users && streq(user, "root"))
return false;
if (strv_contains(m->kill_exclude_users, user))
return false;
- if (strv_isempty(m->kill_only_users))
- return true;
+ if (!strv_isempty(m->kill_only_users))
+ return strv_contains(m->kill_only_users, user);
- return strv_contains(m->kill_only_users, user);
+ return m->kill_user_processes;
}
static int vt_is_busy(unsigned int vtnr) {