core: add RemoveIPC= setting

[elogind.git] / src / login / logind-user.c

diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index 171a4a670e7222530bce43830a6f0cdd95b5f6a1..cd198c8d2623205ae116448897cff284e1ca4710 100644 (file)
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -52,7 +52,6 @@
 #if 1 /// elogind uses a static value here
 #  define SPECIAL_USER_SLICE "user.slice"
 #endif // 1
-
 int user_new(User **out, Manager *m, uid_t uid, gid_t gid, const char *name) {
         _cleanup_(user_freep) User *u = NULL;
         char lu[DECIMAL_STR_MAX(uid_t) + 1];
@@ -638,9 +637,14 @@ int user_finalize(User *u) {
         if (k < 0)
                 r = k;
 
-        /* Clean SysV + POSIX IPC objects */
-        if (u->manager->remove_ipc) {
-                k = clean_ipc(u->uid);
+        /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs
+         * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to
+         * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such
+         * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because
+         * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up,
+         * and do it only for normal users. */
+        if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) {
+                k = clean_ipc_by_uid(u->uid);
                 if (k < 0)
                         r = k;
         }