core: add RemoveIPC= setting

[thirdparty/systemd.git] / src / login / logind-user.c

diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index 63363035e715433cd8c4411e325c9c4dad73881b..11951aca5bc2c21b867848cf8954a391f0e0669c 100644 (file)
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -612,9 +612,14 @@ int user_finalize(User *u) {
         if (k < 0)
                 r = k;
 
-        /* Clean SysV + POSIX IPC objects */
-        if (u->manager->remove_ipc) {
-                k = clean_ipc(u->uid);
+        /* Clean SysV + POSIX IPC objects, but only if this is not a system user. Background: in many setups cronjobs
+         * are run in full PAM and thus logind sessions, even if the code run doesn't belong to actual users but to
+         * system components. Since enable RemoveIPC= globally for all users, we need to be a bit careful with such
+         * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because
+         * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up,
+         * and do it only for normal users. */
+        if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) {
+                k = clean_ipc_by_uid(u->uid);
                 if (k < 0)
                         r = k;
         }