From 4dd0d6644c71149a0a1af89944b95325ac4d2f18 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 23 Sep 2015 11:26:58 +0200
Subject: [PATCH] shutdown: make sure /run/nologin has correct label

rhel-only for now, not yet posted upstream

Related: #1264073
---
 src/shutdownd/shutdownd.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/shutdownd/shutdownd.c b/src/shutdownd/shutdownd.c
index 701882b96d..e1917a626f 100644
--- a/src/shutdownd/shutdownd.c
+++ b/src/shutdownd/shutdownd.c
@@ -39,6 +39,8 @@
 #include "utmp-wtmp.h"
 #include "mkdir.h"
 #include "fileio.h"
+#include "selinux-util.h"
+#include "fileio-label.h"
 
 union shutdown_buffer {
         struct sd_shutdown_command command;
@@ -278,6 +280,8 @@ int main(int argc, char *argv[]) {
 
         umask(0022);
 
+        mac_selinux_init(NULL);
+
         n_fds = sd_listen_fds(true);
         if (n_fds < 0) {
                 log_error_errno(r, "Failed to read listening file descriptors from environment: %m");
@@ -404,7 +408,7 @@ int main(int argc, char *argv[]) {
 
                         log_info("Creating /run/nologin, blocking further logins...");
 
-                        e = write_string_file_atomic("/run/nologin", "System is going down.");
+                        e = write_string_file_atomic_label("/run/nologin", "System is going down.");
                         if (e < 0)
                                 log_error_errno(e, "Failed to create /run/nologin: %m");
                         else
@@ -433,6 +437,8 @@ finish:
 
         unlink("/run/systemd/shutdown/scheduled");
 
+        mac_selinux_finish();
+
         if (exec_shutdown && !b.command.dry_run) {
                 char sw[3];