]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
a5c32cff | 2 | |
11c3a366 TA |
3 | #include <sys/stat.h> |
4 | ||
d7b8eec7 | 5 | #include "fileio-label.h" |
11c3a366 | 6 | #include "fileio.h" |
93cc7779 | 7 | #include "selinux-util.h" |
a5c32cff | 8 | |
39c38d77 | 9 | int write_string_file_atomic_label_ts(const char *fn, const char *line, struct timespec *ts) { |
a5c32cff HH |
10 | int r; |
11 | ||
ecabcf8b | 12 | r = mac_selinux_create_file_prepare(fn, S_IFREG); |
f7f628b5 | 13 | if (r < 0) |
a5c32cff HH |
14 | return r; |
15 | ||
39c38d77 | 16 | r = write_string_file_ts(fn, line, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC, ts); |
a5c32cff | 17 | |
ecabcf8b | 18 | mac_selinux_create_file_clear(); |
a5c32cff HH |
19 | |
20 | return r; | |
21 | } | |
22 | ||
23 | int write_env_file_label(const char *fname, char **l) { | |
24 | int r; | |
25 | ||
ecabcf8b | 26 | r = mac_selinux_create_file_prepare(fname, S_IFREG); |
f7f628b5 | 27 | if (r < 0) |
a5c32cff HH |
28 | return r; |
29 | ||
754fc0c7 | 30 | r = write_env_file(fname, l); |
a5c32cff | 31 | |
ecabcf8b | 32 | mac_selinux_create_file_clear(); |
a5c32cff HH |
33 | |
34 | return r; | |
35 | } | |
f7f628b5 ZJS |
36 | |
37 | int fopen_temporary_label(const char *target, | |
38 | const char *path, FILE **f, char **temp_path) { | |
39 | int r; | |
40 | ||
ecabcf8b | 41 | r = mac_selinux_create_file_prepare(target, S_IFREG); |
f7f628b5 ZJS |
42 | if (r < 0) |
43 | return r; | |
44 | ||
45 | r = fopen_temporary(path, f, temp_path); | |
46 | ||
ecabcf8b | 47 | mac_selinux_create_file_clear(); |
f7f628b5 ZJS |
48 | |
49 | return r; | |
50 | } | |
6e11e7e6 LP |
51 | |
52 | int create_shutdown_run_nologin_or_warn(void) { | |
53 | int r; | |
54 | ||
55 | /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go | |
56 | * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit | |
57 | * in advance. We use the same wording of the message in both cases. */ | |
58 | ||
59 | r = write_string_file_atomic_label("/run/nologin", | |
60 | "System is going down. Unprivileged users are not permitted to log in anymore. " | |
61 | "For technical details, see pam_nologin(8)."); | |
62 | if (r < 0) | |
63 | return log_error_errno(r, "Failed to create /run/nologin: %m"); | |
64 | ||
65 | return 0; | |
66 | } |