Merge pull request #2100 from msekletar/nologin-label

user-sessions: make sure /run/nologin has correct SELinux label

2 files changed, 8 insertions, 2 deletions

diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index d0875cf930..c1643cf41a 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1820,7 +1820,7 @@ static int nologin_timeout_handler(
 
         log_info("Creating /run/nologin, blocking further logins...");
 
-        r = write_string_file("/run/nologin", "System is going down.", WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
+        r = write_string_file_atomic_label("/run/nologin", "System is going down.");
         if (r < 0)
                 log_error_errno(r, "Failed to create /run/nologin: %m");
         else
diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c
index 252cbdb26c..d28b196c4e 100644
--- a/src/user-sessions/user-sessions.c
+++ b/src/user-sessions/user-sessions.c
@@ -23,7 +23,9 @@
 #include <unistd.h>
 
 #include "fileio.h"
+#include "fileio-label.h"
 #include "log.h"
+#include "selinux-util.h"
 #include "string-util.h"
 #include "util.h"
 
@@ -40,6 +42,8 @@ int main(int argc, char*argv[]) {
 
         umask(0022);
 
+        mac_selinux_init(NULL);
+
         if (streq(argv[1], "start")) {
                 int r = 0;
 
@@ -65,7 +69,7 @@ int main(int argc, char*argv[]) {
         } else if (streq(argv[1], "stop")) {
                 int r;
 
-                r = write_string_file("/run/nologin", "System is going down.", WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
+                r = write_string_file_atomic_label("/run/nologin", "System is going down.");
                 if (r < 0) {
                         log_error_errno(r, "Failed to create /run/nologin: %m");
                         return EXIT_FAILURE;
@@ -76,5 +80,7 @@ int main(int argc, char*argv[]) {
                 return EXIT_FAILURE;
         }
 
+        mac_selinux_finish();
+
         return EXIT_SUCCESS;
 }