logind: make KillOnlyUsers override KillUserProcesses

Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be used to specify users to kill, independently of the KillUserProcesses setting. Having the settings orthogonal seems to make more sense. It also makes KillOnlyUsers symmetrical to KillExcludeUsers.
2024-07-22 18:55:10 +00:00 · 2016-04-12 23:52:41 -04:00 · 2016-04-12 23:52:41 -04:00 · 921f831d3e
parent 95365a576f
commit 921f831d3e
2 changed files with 16 additions and 18 deletions
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@ -124,7 +124,9 @@
        corresponding to the session and all processes inside that scope will be
        terminated. If false, the scope is "abandonded", see
        <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-        and processes are not killed. Defaults to <literal>yes</literal>.</para>
+        and processes are not killed. Defaults to <literal>yes</literal>,
+        but see the options <varname>KillOnlyUsers=</varname> and
+        <varname>KillExcludeUsers=</varname> below.</para>

        <para>In addition to session processes, user process may run under the user
        manager unit <filename>user@.service</filename>. Depending on the linger
@ -147,17 +149,16 @@
        <term><varname>KillOnlyUsers=</varname></term>
        <term><varname>KillExcludeUsers=</varname></term>

-        <listitem><para>These settings take space-separated lists of usernames that
-        determine to which users the <varname>KillUserProcesses=</varname> setting
-        applies. A user name may be added to <varname>KillExcludeUsers=</varname> to
-        exclude the processes in the session scopes of that user from being killed even if
-        <varname>KillUserProcesses=yes</varname> is set. If
-        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user
-        is excluded by default. <varname>KillExcludeUsers=</varname> may be set to an
-        empty value to override this default. If a user is not excluded,
-        <varname>KillOnlyUsers=</varname> is checked next. A list of user names may be
-        specified in <varname>KillOnlyUsers=</varname>, to only include those
-        users. Otherwise, all users are included.</para></listitem>
+        <listitem><para>These settings take space-separated lists of usernames that override
+        the <varname>KillUserProcesses=</varname> setting. A user name may be added to
+        <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
+        that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
+        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
+        excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
+        to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
+        is checked next. If this setting is specified, only the session scopes of those users
+        will be killed. Otherwise, users are subject to the
+        <varname>KillUserProcesses=yes</varname> setting.</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@ -364,19 +364,16 @@ bool manager_shall_kill(Manager *m, const char *user) {
        assert(m);
        assert(user);

-        if (!m->kill_user_processes)
-                return false;
-
        if (!m->kill_exclude_users && streq(user, "root"))
                return false;

        if (strv_contains(m->kill_exclude_users, user))
                return false;

-        if (strv_isempty(m->kill_only_users))
-                return true;
+        if (!strv_isempty(m->kill_only_users))
+                return strv_contains(m->kill_only_users, user);

-        return strv_contains(m->kill_only_users, user);
+        return m->kill_user_processes;
 }

 static int vt_is_busy(unsigned int vtnr) {