build: prefer mkostemp for multi-thread safety

https://bugzilla.redhat.com/show_bug.cgi?id=871756

Commit cd1e8d1 assumed that systems new enough to have journald
also have mkostemp; but this is not true for uclibc.

For that matter, use of mkstemp[s] is unsafe in a multi-threaded
program.  We should prefer mkostemp[s] in the first place.

* bootstrap.conf (gnulib_modules): Add mkostemp, mkostemps; drop
mkstemp and mkstemps.
* cfg.mk (sc_prohibit_mkstemp): New syntax check.
* tools/virsh.c (vshEditWriteToTempFile): Adjust caller.
* src/qemu/qemu_driver.c (qemuDomainScreenshot)
(qemudDomainMemoryPeek): Likewise.
* src/secret/secret_driver.c (replaceFile): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.

bootstrap.conf

@@ -69,8 +69,8 @@ listen
 localeconv
 maintainer-makefile
 manywarnings
-mkstemp
+mkostemp
-mkstemps
+mkostemps
 mktempd
 net_if
 netdb

cfg.mk

@@ -339,6 +339,12 @@ sc_prohibit_fork_wrappers:
 	halt='use virCommand for child processes'			\
 	  $(_sc_search_regexp)
 
+# Prefer mkostemp with O_CLOEXEC.
+sc_prohibit_mkstemp:
+	@prohibit='[^"]\<mkstemps? *\('					\
+	halt='use mkostemp with O_CLOEXEC instead of mkstemp'		\
+	  $(_sc_search_regexp)
+
 # access with X_OK accepts directories, but we can't exec() those.
 # access with F_OK or R_OK is okay, though.
 sc_prohibit_access_xok:

src/qemu/qemu_driver.c

@@ -3485,8 +3485,8 @@ qemuDomainScreenshot(virDomainPtr dom,
         goto endjob;
     }
 
-    if ((tmp_fd = mkstemp(tmp)) == -1) {
+    if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
-        virReportSystemError(errno, _("mkstemp(\"%s\") failed"), tmp);
+        virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp);
         goto endjob;
     }
     unlink_tmp = true;
@@ -9230,9 +9230,9 @@ qemudDomainMemoryPeek (virDomainPtr dom,
     }
 
     /* Create a temporary filename. */
-    if ((fd = mkstemp (tmp)) == -1) {
+    if ((fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
         virReportSystemError(errno,
-                             _("mkstemp(\"%s\") failed"), tmp);
+                             _("mkostemp(\"%s\") failed"), tmp);
         goto endjob;
     }
 

src/secret/secret_driver.c

@@ -171,9 +171,9 @@ replaceFile(const char *filename, void *data, size_t size)
         virReportOOMError();
         goto cleanup;
     }
-    fd = mkstemp (tmp_path);
+    fd = mkostemp(tmp_path, O_CLOEXEC);
     if (fd == -1) {
-        virReportSystemError(errno, _("mkstemp('%s') failed"), tmp_path);
+        virReportSystemError(errno, _("mkostemp('%s') failed"), tmp_path);
         goto cleanup;
     }
     if (fchmod(fd, S_IRUSR | S_IWUSR) != 0) {

src/vbox/vbox_tmpl.c

@@ -9157,8 +9157,8 @@ vboxDomainScreenshot(virDomainPtr dom,
         return NULL;
     }
 
-    if ((tmp_fd = mkstemp(tmp)) == -1) {
+    if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) {
-        virReportSystemError(errno, _("mkstemp(\"%s\") failed"), tmp);
+        virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp);
         VIR_FREE(tmp);
         VBOX_RELEASE(machine);
         return NULL;

tools/virsh.c

@@ -565,9 +565,9 @@ vshEditWriteToTempFile(vshControl *ctl, const char *doc)
         vshError(ctl, "%s", _("out of memory"));
         return NULL;
     }
-    fd = mkstemps(ret, 4);
+    fd = mkostemps(ret, 4, O_CLOEXEC);
     if (fd == -1) {
-        vshError(ctl, _("mkstemps: failed to create temporary file: %s"),
+        vshError(ctl, _("mkostemps: failed to create temporary file: %s"),
                  virStrerror(errno, ebuf, sizeof(ebuf)));
         VIR_FREE(ret);
         return NULL;