Hello! > On Sep 27, 2016, at 08:13, Marc-André Lureau <mlur...@redhat.com> wrote: > >> Note that the filename, per se, is not as important as other files, >> since qemu won't provide it for being accessed by external programs, and, >> deletes the file, while keeping the descriptor, right after its creation >> (due to its nature, that is probably why it was created in /tmp). >> >> Having libvirt to define a filename that would not be used for recent >> kernels (> 3.17) and would exist for a fraction of second doesn't seem >> right to me. >> > > There are other parts of qemu that rely on creating temporary files, and this > seems to lack a bit of uniformity. Would it make sense to define a place > where qemu could create those? Or setting TMPDIR should help too. Could > libvirt set a per-vm TMPDIR with appropriate security rules?
You got a point. With a per-vm TMPDIR we don't have to care about filenames in future for the security driver, while still securing them per-instance base. I'll come back to you! Thank you!
