X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fupdate-done%2Fupdate-done.c;h=44d9df75284b074b6e69dee33430966c81a38a4f;hp=10ba85ca924ca97ec3673dc84332ee87ddaaa07b;hb=da927ba997d68401563b927f92e6e40e021a8e5c;hpb=8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4b

diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
index 10ba85ca9..44d9df752 100644
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -20,6 +20,12 @@
 ***/
 
 #include "util.h"
+#include "label.h"
+
+#define MESSAGE                                                         \
+        "This file was created by systemd-update-done. Its only \n"     \
+        "purpose is to hold a timestamp of the time this directory\n"   \
+        "was updated. See systemd-update-done.service(8).\n"
 
 static int apply_timestamp(const char *path, struct timespec *ts) {
         struct timespec twice[2];
@@ -51,10 +57,20 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
 
         } else if (errno == ENOENT) {
                 _cleanup_close_ int fd = -1;
+                int r;
 
                 /* The timestamp file doesn't exist yet? Then let's create it. */
 
+                r = mac_selinux_create_file_prepare(path, S_IFREG);
+                if (r < 0) {
+                        log_error("Failed to set SELinux context for %s: %s",
+                                  path, strerror(-r));
+                        return r;
+                }
+
                 fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+                mac_selinux_create_file_clear();
+
                 if (fd < 0) {
 
                         if (errno == EROFS) {
@@ -66,6 +82,8 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
                         return -errno;
                 }
 
+                (void) loop_write(fd, MESSAGE, strlen(MESSAGE), false);
+
                 twice[0] = *ts;
                 twice[1] = *ts;
 
@@ -83,7 +101,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
 
 int main(int argc, char *argv[]) {
         struct stat st;
-        int r, q;
+        int r, q = 0;
 
         log_set_target(LOG_TARGET_AUTO);
         log_parse_environment();
@@ -94,11 +112,15 @@ int main(int argc, char *argv[]) {
                 return EXIT_FAILURE;
         }
 
-        r = apply_timestamp("/etc/.updated", &st.st_mtim);
+        r = mac_selinux_init(NULL);
+        if (r < 0) {
+                log_error_errno(r, "SELinux setup failed: %m");
+                goto finish;
+        }
 
+        r = apply_timestamp("/etc/.updated", &st.st_mtim);
         q = apply_timestamp("/var/.updated", &st.st_mtim);
-        if (q < 0 && r == 0)
-                r = q;
 
-        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+finish:
+        return r < 0 || q < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 }