src/basic/fileio-label.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 /***
   3   This file is part of systemd.
   4
   5   Copyright 2010 Lennart Poettering
   6   Copyright 2010 Harald Hoyer
   7 ***/
   8
   9 #include <sys/stat.h>
  10
  11 #include "fileio-label.h"
  12 #include "fileio.h"
  13 #include "selinux-util.h"
  14
  15 int write_string_file_atomic_label_ts(const char *fn, const char *line, struct timespec *ts) {
  16         int r;
  17
  18         r = mac_selinux_create_file_prepare(fn, S_IFREG);
  19         if (r < 0)
  20                 return r;
  21
  22         r = write_string_file_ts(fn, line, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC, ts);
  23
  24         mac_selinux_create_file_clear();
  25
  26         return r;
  27 }
  28
  29 int write_env_file_label(const char *fname, char **l) {
  30         int r;
  31
  32         r = mac_selinux_create_file_prepare(fname, S_IFREG);
  33         if (r < 0)
  34                 return r;
  35
  36         r = write_env_file(fname, l);
  37
  38         mac_selinux_create_file_clear();
  39
  40         return r;
  41 }
  42
  43 int fopen_temporary_label(const char *target,
  44                           const char *path, FILE **f, char **temp_path) {
  45         int r;
  46
  47         r = mac_selinux_create_file_prepare(target, S_IFREG);
  48         if (r < 0)
  49                 return r;
  50
  51         r = fopen_temporary(path, f, temp_path);
  52
  53         mac_selinux_create_file_clear();
  54
  55         return r;
  56 }
  57
  58 int create_shutdown_run_nologin_or_warn(void) {
  59         int r;
  60
  61         /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go
  62          * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit
  63          * in advance. We use the same wording of the message in both cases. */
  64
  65         r = write_string_file_atomic_label("/run/nologin",
  66                                            "System is going down. Unprivileged users are not permitted to log in anymore. "
  67                                            "For technical details, see pam_nologin(8).");
  68         if (r < 0)
  69                 return log_error_errno(r, "Failed to create /run/nologin: %m");
  70
  71         return 0;
  72 }