[thirdparty/systemd.git] / src / basic / fileio-label.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <sys/stat.h>

#include "fileio-label.h"
#include "fileio.h"
#include "selinux-util.h"

int write_string_file_atomic_label_ts(const char *fn, const char *line, struct timespec *ts) {
        int r;

        r = mac_selinux_create_file_prepare(fn, S_IFREG);
        if (r < 0)
                return r;

        r = write_string_file_ts(fn, line, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC, ts);

        mac_selinux_create_file_clear();

        return r;
}

int write_env_file_label(const char *fname, char **l) {
        int r;

        r = mac_selinux_create_file_prepare(fname, S_IFREG);
        if (r < 0)
                return r;

        r = write_env_file(fname, l);

        mac_selinux_create_file_clear();

        return r;
}

int fopen_temporary_label(const char *target,
                          const char *path, FILE **f, char **temp_path) {
        int r;

        r = mac_selinux_create_file_prepare(target, S_IFREG);
        if (r < 0)
                return r;

        r = fopen_temporary(path, f, temp_path);

        mac_selinux_create_file_clear();

        return r;
}

int create_shutdown_run_nologin_or_warn(void) {
        int r;

        /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go
         * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit
         * in advance. We use the same wording of the message in both cases. */

        r = write_string_file_atomic_label("/run/nologin",
                                           "System is going down. Unprivileged users are not permitted to log in anymore. "
                                           "For technical details, see pam_nologin(8).");
        if (r < 0)
                return log_error_errno(r, "Failed to create /run/nologin: %m");

        return 0;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
a5c32cff	2
11c3a366 TA	3	#include <sys/stat.h>
11c3a366 TA	4
d7b8eec7	5	#include "fileio-label.h"
11c3a366	6	#include "fileio.h"
93cc7779	7	#include "selinux-util.h"
a5c32cff	8
39c38d77	9	int write_string_file_atomic_label_ts(const char fn, const char line, struct timespec *ts) {
a5c32cff HH	10	int r;
a5c32cff HH	11
ecabcf8b	12	r = mac_selinux_create_file_prepare(fn, S_IFREG);
f7f628b5	13	if (r < 0)
a5c32cff HH	14	return r;
a5c32cff HH	15
39c38d77	16	r = write_string_file_ts(fn, line, WRITE_STRING_FILE_CREATE\|WRITE_STRING_FILE_ATOMIC, ts);
a5c32cff	17
ecabcf8b	18	mac_selinux_create_file_clear();
a5c32cff HH	19
	20	return r;
	21	}
	22
	23	int write_env_file_label(const char fname, char *l) {
	24	int r;
	25
ecabcf8b	26	r = mac_selinux_create_file_prepare(fname, S_IFREG);
f7f628b5	27	if (r < 0)
a5c32cff HH	28	return r;
a5c32cff HH	29
754fc0c7	30	r = write_env_file(fname, l);
a5c32cff	31
ecabcf8b	32	mac_selinux_create_file_clear();
a5c32cff HH	33
	34	return r;
	35	}
f7f628b5 ZJS	36
	37	int fopen_temporary_label(const char *target,
	38	const char path, FILE f, char *temp_path) {
	39	int r;
	40
ecabcf8b	41	r = mac_selinux_create_file_prepare(target, S_IFREG);
f7f628b5 ZJS	42	if (r < 0)
	43	return r;
	44
	45	r = fopen_temporary(path, f, temp_path);
	46
ecabcf8b	47	mac_selinux_create_file_clear();
f7f628b5 ZJS	48
	49	return r;
	50	}
6e11e7e6 LP	51
	52	int create_shutdown_run_nologin_or_warn(void) {
	53	int r;
	54
	55	/* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go
	56	* down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit
	57	* in advance. We use the same wording of the message in both cases. */
	58
	59	r = write_string_file_atomic_label("/run/nologin",
	60	"System is going down. Unprivileged users are not permitted to log in anymore. "
	61	"For technical details, see pam_nologin(8).");
	62	if (r < 0)
	63	return log_error_errno(r, "Failed to create /run/nologin: %m");
	64
	65	return 0;
	66	}