projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| 53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
| a5c32cff | 2 | /*** |
| 96b2fb93 | 3 | Copyright © 2010 Harald Hoyer |
| a5c32cff | 4 | ***/ |
| a5c32cff | 5 | |
| 11c3a366 TA |
6 | #include <sys/stat.h> |
| 7 | ||
| d7b8eec7 | 8 | #include "fileio-label.h" |
| 11c3a366 | 9 | #include "fileio.h" |
| 93cc7779 | 10 | #include "selinux-util.h" |
| a5c32cff | 11 | |
| 39c38d77 | 12 | int write_string_file_atomic_label_ts(const char *fn, const char *line, struct timespec *ts) { |
| a5c32cff HH |
13 | int r; |
| 14 | ||
| ecabcf8b | 15 | r = mac_selinux_create_file_prepare(fn, S_IFREG); |
| f7f628b5 | 16 | if (r < 0) |
| a5c32cff HH |
17 | return r; |
| 18 | ||
| 39c38d77 | 19 | r = write_string_file_ts(fn, line, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC, ts); |
| a5c32cff | 20 | |
| ecabcf8b | 21 | mac_selinux_create_file_clear(); |
| a5c32cff HH |
22 | |
| 23 | return r; | |
| 24 | } | |
| 25 | ||
| 26 | int write_env_file_label(const char *fname, char **l) { | |
| 27 | int r; | |
| 28 | ||
| ecabcf8b | 29 | r = mac_selinux_create_file_prepare(fname, S_IFREG); |
| f7f628b5 | 30 | if (r < 0) |
| a5c32cff HH |
31 | return r; |
| 32 | ||
| 754fc0c7 | 33 | r = write_env_file(fname, l); |
| a5c32cff | 34 | |
| ecabcf8b | 35 | mac_selinux_create_file_clear(); |
| a5c32cff HH |
36 | |
| 37 | return r; | |
| 38 | } | |
| f7f628b5 ZJS |
39 | |
| 40 | int fopen_temporary_label(const char *target, | |
| 41 | const char *path, FILE **f, char **temp_path) { | |
| 42 | int r; | |
| 43 | ||
| ecabcf8b | 44 | r = mac_selinux_create_file_prepare(target, S_IFREG); |
| f7f628b5 ZJS |
45 | if (r < 0) |
| 46 | return r; | |
| 47 | ||
| 48 | r = fopen_temporary(path, f, temp_path); | |
| 49 | ||
| ecabcf8b | 50 | mac_selinux_create_file_clear(); |
| f7f628b5 ZJS |
51 | |
| 52 | return r; | |
| 53 | } | |
| 6e11e7e6 LP |
54 | |
| 55 | int create_shutdown_run_nologin_or_warn(void) { | |
| 56 | int r; | |
| 57 | ||
| 58 | /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go | |
| 59 | * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit | |
| 60 | * in advance. We use the same wording of the message in both cases. */ | |
| 61 | ||
| 62 | r = write_string_file_atomic_label("/run/nologin", | |
| 63 | "System is going down. Unprivileged users are not permitted to log in anymore. " | |
| 64 | "For technical details, see pam_nologin(8)."); | |
| 65 | if (r < 0) | |
| 66 | return log_error_errno(r, "Failed to create /run/nologin: %m"); | |
| 67 | ||
| 68 | return 0; | |
| 69 | } |