]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
a5c32cff HH |
2 | /*** |
3 | This file is part of systemd. | |
4 | ||
5 | Copyright 2010 Lennart Poettering | |
6 | Copyright 2010 Harald Hoyer | |
a5c32cff | 7 | ***/ |
a5c32cff | 8 | |
11c3a366 TA |
9 | #include <sys/stat.h> |
10 | ||
d7b8eec7 | 11 | #include "fileio-label.h" |
11c3a366 | 12 | #include "fileio.h" |
93cc7779 | 13 | #include "selinux-util.h" |
a5c32cff | 14 | |
39c38d77 | 15 | int write_string_file_atomic_label_ts(const char *fn, const char *line, struct timespec *ts) { |
a5c32cff HH |
16 | int r; |
17 | ||
ecabcf8b | 18 | r = mac_selinux_create_file_prepare(fn, S_IFREG); |
f7f628b5 | 19 | if (r < 0) |
a5c32cff HH |
20 | return r; |
21 | ||
39c38d77 | 22 | r = write_string_file_ts(fn, line, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC, ts); |
a5c32cff | 23 | |
ecabcf8b | 24 | mac_selinux_create_file_clear(); |
a5c32cff HH |
25 | |
26 | return r; | |
27 | } | |
28 | ||
29 | int write_env_file_label(const char *fname, char **l) { | |
30 | int r; | |
31 | ||
ecabcf8b | 32 | r = mac_selinux_create_file_prepare(fname, S_IFREG); |
f7f628b5 | 33 | if (r < 0) |
a5c32cff HH |
34 | return r; |
35 | ||
754fc0c7 | 36 | r = write_env_file(fname, l); |
a5c32cff | 37 | |
ecabcf8b | 38 | mac_selinux_create_file_clear(); |
a5c32cff HH |
39 | |
40 | return r; | |
41 | } | |
f7f628b5 ZJS |
42 | |
43 | int fopen_temporary_label(const char *target, | |
44 | const char *path, FILE **f, char **temp_path) { | |
45 | int r; | |
46 | ||
ecabcf8b | 47 | r = mac_selinux_create_file_prepare(target, S_IFREG); |
f7f628b5 ZJS |
48 | if (r < 0) |
49 | return r; | |
50 | ||
51 | r = fopen_temporary(path, f, temp_path); | |
52 | ||
ecabcf8b | 53 | mac_selinux_create_file_clear(); |
f7f628b5 ZJS |
54 | |
55 | return r; | |
56 | } | |
6e11e7e6 LP |
57 | |
58 | int create_shutdown_run_nologin_or_warn(void) { | |
59 | int r; | |
60 | ||
61 | /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go | |
62 | * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit | |
63 | * in advance. We use the same wording of the message in both cases. */ | |
64 | ||
65 | r = write_string_file_atomic_label("/run/nologin", | |
66 | "System is going down. Unprivileged users are not permitted to log in anymore. " | |
67 | "For technical details, see pam_nologin(8)."); | |
68 | if (r < 0) | |
69 | return log_error_errno(r, "Failed to create /run/nologin: %m"); | |
70 | ||
71 | return 0; | |
72 | } |