</varlistentry>
<varlistentry>
- <term><option>keep-root=</option></term>
+ <term><option>kill-only-users=</option></term>
- <listitem><para>Takes a boolean
- argument. If true, all processes
- created by the root user (UID 0) during his
- session and from his session will be
- kept around after he logged out. This
- option allows cancelling the effect of
- <option>kill-session=1</option> and
- <option>kill-user=1</option> for the
- root user.</para></listitem>
+ <listitem><para>Takes a comma
+ separated list of user names or
+ numeric user ids as argument. If this
+ option is used the effect of the
+ <option>kill-session=</option> and
+ <option>kill-user=</option> options
+ will apply only to the listed
+ users. If this option is not used the
+ option applies to all local
+ users. Note that
+ <option>kill-exclude-users=</option>
+ takes precedence over this list and is
+ hence subtracted from the list
+ specified here.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>kill-exclude-users=</option></term>
+
+ <listitem><para>Takes a comma
+ separated list of user names or
+ numeric user ids as argument. Users
+ listed in this argument will not be
+ subject to the effect of
+ <option>kill-session=</option> or
+ <option>kill-user=</option>. Note
+ that that this option takes precedence
+ over
+ <option>kill-only-users=</option>, and
+ hence whatever is listed for
+ <option>kill-exclude-users=</option>
+ is guaranteed to never be killed by
+ this PAM module, independent of any
+ other configuration
+ setting.</para></listitem>
</varlistentry>
<varlistentry>
separated list of cgroup controllers
in which hierarchies a user/session
cgroup will be created by default for
- each user logging in. If ommited,
- defaults to 'cpu', meaning that in
- addition to creating per-user and
- per-session cgroups in systemd's own
- hierarchy, groups are created in the
- 'cpu' hierarchy, on order to ensure
- that every use and every sessions gets
- an equal amount of CPU time,
- regardless how many processes a user
- or session might
- own.</para></listitem>
+ each user logging in, in addition to
+ the cgroup in the named 'name=systemd'
+ hierarchy. If ommited, defaults to an
+ empty list. This may be used to move
+ user sessions into their own groups in
+ the 'cpu' hierarchy which ensures that
+ every logged in user gets an equal
+ amount of CPU time regardless how many
+ processes he has
+ started.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>reset-controllers=</option></term>
+
+ <listitem><para>Takes a comma
+ separated list of cgroup controllers
+ in which hierarchies the logged in
+ processes will be reset to the root
+ cgroup. If ommited, defaults to 'cpu',
+ meaning that a 'cpu' cgroup grouping
+ inherited from the login manager will
+ be reset for the processes of the
+ logged in user.</para></listitem>
</varlistentry>
</variablelist>
<option>create-session=1</option>,
<option>kill-session=0</option>,
<option>kill-user=0</option>,
- <option>keep-root=1</option>.</para>
+ <option>reset-controllers=cpu</option>,
+ <option>kill-only-users=</option>,
+ <option>kill-exclude-users=root</option>.</para>
</refsect1>
<refsect1>
~ianmdlvl / elogind.git / blobdiff