On Thu, Sep 27, 2012 at 02:51:35PM -0600, Eric Blake wrote: > On 09/27/2012 10:44 AM, Daniel P. Berrange wrote: > > + /* Message was too large, so dump to temporary file > > + * and pass an FD to the journal > > + */ > > + > > + if ((buffd = mkostemp(path, O_CLOEXEC|O_RDWR)) < 0) > > Is mkostemp async-signal safe? But if it isn't, I don't know how else > to generate a safe file name. Maybe we create ourselves a safe > temporary directory at process start where we don't care about the async > safety issues, and then in this function, we track a static counter that > we increment each time we create a new file within that directory. I've looked the glibc source and the only functions they use are open() and gettimeofday(), and the latter isn't actually used on most architectures, instead it uses inline asm to read a CPU timesource like the TSC. So IMHO, since this will be protected by a #ifdef __linux__ we will be safe in using it. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list