diff --git a/src/basic/fileio-label.c b/src/basic/fileio-label.c index bf5fec1faa..b832b6bf04 100644 --- a/src/basic/fileio-label.c +++ b/src/basic/fileio-label.c @@ -67,3 +67,19 @@ int fopen_temporary_label(const char *target, return r; } + +int create_shutdown_run_nologin_or_warn(void) { + int r; + + /* This is used twice: once in systemd-user-sessions.service, in order to block logins when we actually go + * down, and once in systemd-logind.service when shutdowns are scheduled, and logins are to be turned off a bit + * in advance. We use the same wording of the message in both cases. */ + + r = write_string_file_atomic_label("/run/nologin", + "System is going down. Unprivileged users are not permitted to log in anymore. " + "For technical details, see pam_nologin(8)."); + if (r < 0) + return log_error_errno(r, "Failed to create /run/nologin: %m"); + + return 0; +} diff --git a/src/basic/fileio-label.h b/src/basic/fileio-label.h index 0adb895236..16d095f522 100644 --- a/src/basic/fileio-label.h +++ b/src/basic/fileio-label.h @@ -34,5 +34,6 @@ static inline int write_string_file_atomic_label(const char *fn, const char *lin return write_string_file_atomic_label_ts(fn, line, NULL); } int write_env_file_label(const char *fname, char **l); -int fopen_temporary_label(const char *target, - const char *path, FILE **f, char **temp_path); +int fopen_temporary_label(const char *target, const char *path, FILE **f, char **temp_path); + +int create_shutdown_run_nologin_or_warn(void); diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index aa4bbf7739..a8c1b71e7e 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1930,15 +1930,11 @@ static int nologin_timeout_handler( void *userdata) { Manager *m = userdata; - int r; log_info("Creating /run/nologin, blocking further logins..."); - r = write_string_file_atomic_label("/run/nologin", "System is going down."); - if (r < 0) - log_error_errno(r, "Failed to create /run/nologin: %m"); - else - m->unlink_nologin = true; + m->unlink_nologin = + create_shutdown_run_nologin_or_warn() >= 0; return 0; } diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c index 5e02ede402..8e8d43e1d4 100644 --- a/src/user-sessions/user-sessions.c +++ b/src/user-sessions/user-sessions.c @@ -51,12 +51,9 @@ int main(int argc, char*argv[]) { if (k < 0 && r >= 0) r = k; - } else if (streq(argv[1], "stop")) { - r = write_string_file_atomic_label("/run/nologin", "System is going down."); - if (r < 0) - log_error_errno(r, "Failed to create /run/nologin: %m"); - - } else { + } else if (streq(argv[1], "stop")) + r = create_shutdown_run_nologin_or_warn(); + else { log_error("Unknown verb '%s'.", argv[1]); r = -EINVAL; } diff --git a/tmpfiles.d/systemd-nologin.conf b/tmpfiles.d/systemd-nologin.conf index a30a8da604..df4dd63272 100644 --- a/tmpfiles.d/systemd-nologin.conf +++ b/tmpfiles.d/systemd-nologin.conf @@ -8,4 +8,4 @@ # See tmpfiles.d(5), systemd-user-session.service(5) and pam_nologin(8). # This file has special suffix so it is not run by mistake. -F! /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)" +F! /run/nologin 0644 - - - "System is booting up. Unprivileged users are not permitted to log in yet. Please come back later. For technical details, see pam_nologin(8)."