projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| 53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
| a5c32cff HH |
2 | /*** |
| 3 | This file is part of systemd. | |
| 4 | ||
| 5 | Copyright 2010 Lennart Poettering | |
| 6 | Copyright 2010 Harald Hoyer | |
| a5c32cff | 7 | ***/ |
| a5c32cff | 8 | |
| 11c3a366 TA |
9 | #include <sys/stat.h> |
| 10 | ||
| d7b8eec7 | 11 | #include "fileio-label.h" |
| 11c3a366 | 12 | #include "fileio.h" |
| 93cc7779 | 13 | #include "selinux-util.h" |
| a5c32cff | 14 | |
| 39c38d77 | 15 | int write_string_file_atomic_label_ts(const char *fn, const char *line, struct timespec *ts) { |
| a5c32cff HH |
16 | int r; |
| 17 | ||
| ecabcf8b | 18 | r = mac_selinux_create_file_prepare(fn, S_IFREG); |
| f7f628b5 | 19 | if (r < 0) |
| a5c32cff HH |
20 | return r; |
| 21 | ||
| 39c38d77 | 22 | r = write_string_file_ts(fn, line, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC, ts); |
| a5c32cff | 23 | |
| ecabcf8b | 24 | mac_selinux_create_file_clear(); |
| a5c32cff HH |
25 | |
| 26 | return r; | |
| 27 | } | |
| 28 | ||
| 29 | int write_env_file_label(const char *fname, char **l) { | |
| 30 | int r; | |
| 31 | ||
| ecabcf8b | 32 | r = mac_selinux_create_file_prepare(fname, S_IFREG); |
| f7f628b5 | 33 | if (r < 0) |
| a5c32cff HH |
34 | return r; |
| 35 | ||
| 754fc0c7 | 36 | r = write_env_file(fname, l); |
| a5c32cff | 37 | |
| ecabcf8b | 38 | mac_selinux_create_file_clear(); |
| a5c32cff HH |
39 | |
| 40 | return r; | |
| 41 | } | |
| f7f628b5 ZJS |
42 | |
| 43 | int fopen_temporary_label(const char *target, | |
| 44 | const char *path, FILE **f, char **temp_path) { | |
| 45 | int r; | |
| 46 | ||
| ecabcf8b | 47 | r = mac_selinux_create_file_prepare(target, S_IFREG); |
| f7f628b5 ZJS |
48 | if (r < 0) |
| 49 | return r; | |
| 50 | ||
| 51 | r = fopen_temporary(path, f, temp_path); | |
| 52 | ||
| ecabcf8b | 53 | mac_selinux_create_file_clear(); |
| f7f628b5 ZJS |
54 | |
| 55 | return r; | |
| 56 | } | |
| 6e11e7e6 LP |
57 | |
| 58 | int create_shutdown_run_nologin_or_warn(void) { | |
| 59 | int r; | |
| 60 | ||
| 61 | /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go | |
| 62 | * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit | |
| 63 | * in advance. We use the same wording of the message in both cases. */ | |
| 64 | ||
| 65 | r = write_string_file_atomic_label("/run/nologin", | |
| 66 | "System is going down. Unprivileged users are not permitted to log in anymore. " | |
| 67 | "For technical details, see pam_nologin(8)."); | |
| 68 | if (r < 0) | |
| 69 | return log_error_errno(r, "Failed to create /run/nologin: %m"); | |
| 70 | ||
| 71 | return 0; | |
| 72 | } |