Daniel P. Berrangé <berra...@redhat.com> writes: > On Mon, Mar 01, 2021 at 09:49:21AM -0600, Eric Blake wrote: >> On 3/1/21 9:41 AM, Daniel P. Berrangé wrote: >> > On Mon, Mar 01, 2021 at 03:31:59PM +0000, Stefan Hajnoczi wrote: >> >> The QMP monitor, NBD server, and vhost-user-blk export all support file >> >> descriptor passing. This is a useful technique because it allows the >> >> parent process to spawn and wait for qemu-storage-daemon without busy >> >> waiting, which may delay startup due to arbitrary sleep() calls. >> >> >> >> This Python example is inspired by the test case written for libnbd by >> >> Richard W.M. Jones <rjo...@redhat.com>: >> >> https://gitlab.com/nbdkit/libnbd/-/commit/89113f484effb0e6c322314ba75c1cbe07a04543 >> >> >> >> Thanks to Daniel P. Berrangé <berra...@redhat.com> for suggestions on >> >> how to get this working. Now let's document it! >> >> >> >> >> + sock_path = '/tmp/qmp-{}.sock'.format(os.getpid()) >> > >> > Example code inevitably gets cut+paste into real world apps, and this >> > example is a tmpfile CVE flaw. At least put it in $CWD instead. >> >> Except $CWD may be too long for a sock file name to be created. >> Creating the sock in a securely-created subdirectory of /tmp is more >> reliable. > > $XDG_RUNTIME_DIR then, which is /run/user/$UID, so safely per user on all > modern OS.
Reach under your pillow and check the standard library: import tempfile with tempfile.TemporaryDirectory() as tmpdirname: print('created temporary directory', tmpdirname) https://docs.python.org/3.6/library/tempfile.html#tempfile.TemporaryDirectory