From 921f831d3e2e27a0da16d93ad3dc468263a63320 Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Tue, 12 Apr 2016 23:52:41 -0400
Subject: logind: make KillOnlyUsers override KillUserProcesses

Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be
used to specify users to kill, independently of the KillUserProcesses
setting. Having the settings orthogonal seems to make more sense. It also
makes KillOnlyUsers symmetrical to KillExcludeUsers.
---
 man/logind.conf.xml     | 25 +++++++++++++------------
 src/login/logind-core.c |  9 +++------
 2 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index 6e587c3561..3217ece21a 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -124,7 +124,9 @@
         corresponding to the session and all processes inside that scope will be
         terminated. If false, the scope is "abandonded", see
         <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-        and processes are not killed. Defaults to <literal>yes</literal>.</para>
+        and processes are not killed. Defaults to <literal>yes</literal>,
+        but see the options <varname>KillOnlyUsers=</varname> and
+        <varname>KillExcludeUsers=</varname> below.</para>
 
         <para>In addition to session processes, user process may run under the user
         manager unit <filename>user@.service</filename>. Depending on the linger
@@ -147,17 +149,16 @@
         <term><varname>KillOnlyUsers=</varname></term>
         <term><varname>KillExcludeUsers=</varname></term>
 
-        <listitem><para>These settings take space-separated lists of usernames that
-        determine to which users the <varname>KillUserProcesses=</varname> setting
-        applies. A user name may be added to <varname>KillExcludeUsers=</varname> to
-        exclude the processes in the session scopes of that user from being killed even if
-        <varname>KillUserProcesses=yes</varname> is set. If
-        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user
-        is excluded by default. <varname>KillExcludeUsers=</varname> may be set to an
-        empty value to override this default. If a user is not excluded,
-        <varname>KillOnlyUsers=</varname> is checked next. A list of user names may be
-        specified in <varname>KillOnlyUsers=</varname>, to only include those
-        users. Otherwise, all users are included.</para></listitem>
+        <listitem><para>These settings take space-separated lists of usernames that override
+        the <varname>KillUserProcesses=</varname> setting. A user name may be added to
+        <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
+        that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
+        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
+        excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
+        to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
+        is checked next. If this setting is specified, only the session scopes of those users
+        will be killed. Otherwise, users are subject to the
+        <varname>KillUserProcesses=yes</varname> setting.</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 73075274e0..cbf8d757fe 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -364,19 +364,16 @@ bool manager_shall_kill(Manager *m, const char *user) {
         assert(m);
         assert(user);
 
-        if (!m->kill_user_processes)
-                return false;
-
         if (!m->kill_exclude_users && streq(user, "root"))
                 return false;
 
         if (strv_contains(m->kill_exclude_users, user))
                 return false;
 
-        if (strv_isempty(m->kill_only_users))
-                return true;
+        if (!strv_isempty(m->kill_only_users))
+                return strv_contains(m->kill_only_users, user);
 
-        return strv_contains(m->kill_only_users, user);
+        return m->kill_user_processes;
 }
 
 static int vt_is_busy(unsigned int vtnr) {
-- 
cgit v1.2.3-54-g00ecf