logind: make KillOnlyUsers override KillUserProcesses

Instead of KillOnlyUsers being a filter for KillUserProcesses, it can now be
used to specify users to kill, independently of the KillUserProcesses
setting. Having the settings orthogonal seems to make more sense. It also
makes KillOnlyUsers symmetrical to KillExcludeUsers.

diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index 6e587c3..3217ece 100644 (file)
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -124,7 +124,9 @@
         corresponding to the session and all processes inside that scope will be
         terminated. If false, the scope is "abandonded", see
         <citerefentry><refentrytitle>systemd.scope</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-        and processes are not killed. Defaults to <literal>yes</literal>.</para>
+        and processes are not killed. Defaults to <literal>yes</literal>,
+        but see the options <varname>KillOnlyUsers=</varname> and
+        <varname>KillExcludeUsers=</varname> below.</para>
 
         <para>In addition to session processes, user process may run under the user
         manager unit <filename>user@.service</filename>. Depending on the linger
@@ -147,17 +149,16 @@
         <term><varname>KillOnlyUsers=</varname></term>
         <term><varname>KillExcludeUsers=</varname></term>
 
-        <listitem><para>These settings take space-separated lists of usernames that
-        determine to which users the <varname>KillUserProcesses=</varname> setting
-        applies. A user name may be added to <varname>KillExcludeUsers=</varname> to
-        exclude the processes in the session scopes of that user from being killed even if
-        <varname>KillUserProcesses=yes</varname> is set. If
-        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user
-        is excluded by default. <varname>KillExcludeUsers=</varname> may be set to an
-        empty value to override this default. If a user is not excluded,
-        <varname>KillOnlyUsers=</varname> is checked next. A list of user names may be
-        specified in <varname>KillOnlyUsers=</varname>, to only include those
-        users. Otherwise, all users are included.</para></listitem>
+        <listitem><para>These settings take space-separated lists of usernames that override
+        the <varname>KillUserProcesses=</varname> setting. A user name may be added to
+        <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
+        that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
+        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
+        excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
+        to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
+        is checked next. If this setting is specified, only the session scopes of those users
+        will be killed. Otherwise, users are subject to the
+        <varname>KillUserProcesses=yes</varname> setting.</para></listitem>
       </varlistentry>
 
       <varlistentry>

diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 7307527..cbf8d75 100644 (file)
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -364,19 +364,16 @@ bool manager_shall_kill(Manager *m, const char *user) {
         assert(m);
         assert(user);
 
-        if (!m->kill_user_processes)
-                return false;
-
         if (!m->kill_exclude_users && streq(user, "root"))
                 return false;
 
         if (strv_contains(m->kill_exclude_users, user))
                 return false;
 
-        if (strv_isempty(m->kill_only_users))
-                return true;
+        if (!strv_isempty(m->kill_only_users))
+                return strv_contains(m->kill_only_users, user);
 
-        return strv_contains(m->kill_only_users, user);
+        return m->kill_user_processes;
 }
 
 static int vt_is_busy(unsigned int vtnr) {