From 9cccad5e3ed3ca69efbcbf90495b6c26a894caab Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Fri, 15 Oct 2021 11:23:22 +0200
Subject: [PATCH] tempfile: improve base path selection

The path is not /that/ relevant privacy wise as we try to use
`O_TMPFILE` anyway and defaulting to /run generates trouble for calls
from non-root processes.

Try the user session run dir first, then /run if root or /tmp else.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/PVE/Tools.pm | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index dcda526..2038abf 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1587,7 +1587,16 @@ sub tempfile {
     # default permissions are stricter than with file_set_contents
     $perm = 0600 if !defined($perm);
 
-    my $dir = $opts{dir} // '/run';
+    my $dir = $opts{dir};
+    if (!$dir) {
+	if (-d "/run/user/$<") {
+	    $dir = "/run/user/$<";
+	} elsif ($< == 0) {
+	    $dir = "/run";
+	} else {
+	    $dir = "/tmp";
+	}
+    }
     my $mode = $opts{mode} // O_RDWR;
     $mode |= O_EXCL if !$opts{allow_links};