]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
a5c32cff | 2 | /*** |
96b2fb93 | 3 | Copyright © 2010 Harald Hoyer |
a5c32cff | 4 | ***/ |
a5c32cff | 5 | |
11c3a366 TA |
6 | #include <sys/stat.h> |
7 | ||
d7b8eec7 | 8 | #include "fileio-label.h" |
11c3a366 | 9 | #include "fileio.h" |
93cc7779 | 10 | #include "selinux-util.h" |
a5c32cff | 11 | |
39c38d77 | 12 | int write_string_file_atomic_label_ts(const char *fn, const char *line, struct timespec *ts) { |
a5c32cff HH |
13 | int r; |
14 | ||
ecabcf8b | 15 | r = mac_selinux_create_file_prepare(fn, S_IFREG); |
f7f628b5 | 16 | if (r < 0) |
a5c32cff HH |
17 | return r; |
18 | ||
39c38d77 | 19 | r = write_string_file_ts(fn, line, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC, ts); |
a5c32cff | 20 | |
ecabcf8b | 21 | mac_selinux_create_file_clear(); |
a5c32cff HH |
22 | |
23 | return r; | |
24 | } | |
25 | ||
26 | int write_env_file_label(const char *fname, char **l) { | |
27 | int r; | |
28 | ||
ecabcf8b | 29 | r = mac_selinux_create_file_prepare(fname, S_IFREG); |
f7f628b5 | 30 | if (r < 0) |
a5c32cff HH |
31 | return r; |
32 | ||
754fc0c7 | 33 | r = write_env_file(fname, l); |
a5c32cff | 34 | |
ecabcf8b | 35 | mac_selinux_create_file_clear(); |
a5c32cff HH |
36 | |
37 | return r; | |
38 | } | |
f7f628b5 ZJS |
39 | |
40 | int fopen_temporary_label(const char *target, | |
41 | const char *path, FILE **f, char **temp_path) { | |
42 | int r; | |
43 | ||
ecabcf8b | 44 | r = mac_selinux_create_file_prepare(target, S_IFREG); |
f7f628b5 ZJS |
45 | if (r < 0) |
46 | return r; | |
47 | ||
48 | r = fopen_temporary(path, f, temp_path); | |
49 | ||
ecabcf8b | 50 | mac_selinux_create_file_clear(); |
f7f628b5 ZJS |
51 | |
52 | return r; | |
53 | } | |
6e11e7e6 LP |
54 | |
55 | int create_shutdown_run_nologin_or_warn(void) { | |
56 | int r; | |
57 | ||
58 | /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go | |
59 | * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit | |
60 | * in advance. We use the same wording of the message in both cases. */ | |
61 | ||
62 | r = write_string_file_atomic_label("/run/nologin", | |
63 | "System is going down. Unprivileged users are not permitted to log in anymore. " | |
64 | "For technical details, see pam_nologin(8)."); | |
65 | if (r < 0) | |
66 | return log_error_errno(r, "Failed to create /run/nologin: %m"); | |
67 | ||
68 | return 0; | |
69 | } |