fileio: introduce WRITE_STRING_FILE_NOFOLLOW flag for write_string_file() and friends

diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index f14afa5dce440d99cc94e23037d2db5635883547..fa6084e602a86484ad7815ad543157003297afa9 100644 (file)
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -160,7 +160,7 @@ int write_string_file_ts(
 
                 /* We manually build our own version of fopen(..., "we") that
                  * works without O_CREAT */
-                fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY);
+                fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | ((flags & WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0));
                 if (fd < 0) {
                         r = -errno;
                         goto fail;

diff --git a/src/basic/fileio.h b/src/basic/fileio.h
index 102d33d75f24ca42739a128f8c13c547930bd8c6..f8098484080780b48c822c30eebe10d5d5553329 100644 (file)
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -17,6 +17,7 @@ typedef enum {
         WRITE_STRING_FILE_VERIFY_ON_FAILURE = 1 << 3,
         WRITE_STRING_FILE_SYNC              = 1 << 4,
         WRITE_STRING_FILE_DISABLE_BUFFER    = 1 << 5,
+        WRITE_STRING_FILE_NOFOLLOW          = 1 << 6,
 
         /* And before you wonder, why write_string_file_atomic_label_ts() is a separate function instead of just one
            more flag here: it's about linking: we don't want to pull -lselinux into all users of write_string_file()