From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41451)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mlureau@redhat.com>) id 1boqKt-0007bq-UA
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 07:14:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mlureau@redhat.com>) id 1boqKo-0003Zf-Th
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 07:14:07 -0400
Received: from mx6-phx2.redhat.com ([209.132.183.39]:50169)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mlureau@redhat.com>) id 1boqKo-0003YL-KN
	for qemu-devel@nongnu.org; Tue, 27 Sep 2016 07:14:02 -0400
Date: Tue, 27 Sep 2016 07:13:55 -0400 (EDT)
From: =?utf-8?Q?Marc-Andr=C3=A9?= Lureau <mlureau@redhat.com>
Message-ID: <419845482.265853.1474974835801.JavaMail.zimbra@redhat.com>
In-Reply-To: <7220810B-7C81-4B51-BDE5-7BC0022F3605@canonical.com>
References: <20160927030621.20862-1-rafael.tinoco@canonical.com>
	<20160927083626.GC3967@redhat.com>
	<7220810B-7C81-4B51-BDE5-7BC0022F3605@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] util: secure memfd_create fallback
 mechanism
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Rafael David Tinoco <rafael.tinoco@canonical.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel <qemu-devel@nongnu.org>, 1626972@bugs.launchpad.net, marcandre lureau <marcandre.lureau@redhat.com>, mst@redhat.com

Hi

----- Original Message -----
> 
> > On Sep 27, 2016, at 05:36, Daniel P. Berrange <berrange@redhat.com> wrote:
> > 
> > On Tue, Sep 27, 2016 at 03:06:21AM +0000, Rafael David Tinoco wrote:
> > We should not have QEMU creating unpredictabile filenames in the
> > first place - any filenames should be determined by libvirt
> > explicitly.
> 
> Note that the filename, per se, is not as important as other files,
> since qemu won't provide it for being accessed by external programs, and,
> deletes the file, while keeping the descriptor, right after its creation
> (due to its nature, that is probably why it was created in /tmp).
> 
> Having libvirt to define a filename that would not be used for recent
> kernels (> 3.17) and would exist for a fraction of second doesn't seem
> right to me.
> 

There are other parts of qemu that rely on creating temporary files, and this seems to lack a bit of uniformity. Would it make sense to define a place where qemu could create those? Or setting TMPDIR should help too. Could libvirt set a per-vm TMPDIR with appropriate security rules?