Index: b/lib/routines.c
===================================================================
--- a/lib/routines.c
+++ b/lib/routines.c
@@ -242,3 +242,50 @@
   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
   unlink (filename);
 }
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char **	tempfiles;
+static unsigned	ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+	while (ntempfiles--)
+		unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+	char	*dirname, *filename;
+	int	fd;
+
+	if (!(dirname = getenv("TMPDIR")))
+		dirname = "/tmp";
+
+	tempfiles = (char **) realloc(tempfiles,
+			(ntempfiles+1) * sizeof(char *));
+	if (tempfiles == NULL)
+		return NULL;
+
+	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+	if (!filename)
+		return NULL;
+
+	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+	if ((fd = mkstemp(filename)) < 0) {
+		free(filename);
+		return NULL;
+	}
+	close(fd);
+
+	if (ntempfiles == 0)
+		atexit(cleanup_tempfiles);
+	tempfiles[ntempfiles++] = filename;
+
+	return filename;
+}
Index: b/lib/routines.h
===================================================================
--- a/lib/routines.h
+++ b/lib/routines.h
@@ -255,7 +255,8 @@
 /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
 #define tempname_ensure(Str)				\
 do {							\
-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
+  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
 } while (0)
+char * safe_tempnam(const char *);
 
 #endif
2896a1a380e'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/containers.scm'>
<input type='hidden' name='id' value='0e3897187c6e3fc821b59153b6b632896a1a380e'/><input type='hidden' name='showmsg' value='1'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=0e3897187c6e3fc821b59153b6b632896a1a380e&amp;showmsg=1'>root</a>/<a href='/guix/log/tests?id=0e3897187c6e3fc821b59153b6b632896a1a380e&amp;showmsg=1'>tests</a>/<a href='/guix/log/tests/containers.scm?id=0e3897187c6e3fc821b59153b6b632896a1a380e&amp;showmsg=1'>containers.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/containers.scm?id=0e3897187c6e3fc821b59153b6b632896a1a380e'>Collapse</a>)</th><th class='left'>Author</th></tr>
<tr class='logheader'><td><span title='2019-10-15 10:21:41 +0200'>2019-10-15</span></td><td class='logsubject'><a href='/guix/commit/tests/containers.scm?id=e464ac667297d2acf57e52438a39cadc87b95da2'>tests: Skip container test when lacking kernel support.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
This is a followup to 96b35998e610c7fc37bf87bf9e07e63d3bebd0a3.

* tests/containers.scm ("eval/container, non-empty load path"): Add
missing 'skip-if-unsupported' call.


</td></tr>
<tr class='logheader'><td><span title='2019-09-18 23:08:28 +0200'>2019-09-18</span></td><td class='logsubject'><a href='/guix/commit/tests/containers.scm?id=96b35998e610c7fc37bf87bf9e07e63d3bebd0a3'>linux-container: 'eval/container' correctly passes -L and -C flags.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
This fixes a type error.

* gnu/system/linux-container.scm (eval/container): Use 'append-map', not
'map'.
* tests/containers.scm ("eval/container, non-empty load path"): New test.


</td></tr>
<tr class='logheader'><td><span title='2019-07-19 11:53:47 +0200'>2019-07-19</span></td><td class='logsubject'><a href='/guix/commit/tests/containers.scm?id=bacfec8611530dc3e849fb804b51f50b299796f0'>linux-container: Add 'eval/container'.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/system/linux-container.scm (eval/container): New procedure.
* tests/containers.scm ("eval/container, exit status")
("eval/container, writable user mapping"): New tests.


</td></tr>
<tr class='logheader'><td><span title='2019-04-02 18:15:37 +0200'>2019-04-02</span></td><td class='logsubject'><a href='/guix/commit/tests/containers.scm?id=af76c020bf19de5fe2e92f31d8b85cbd55c481de'>linux-container: Make the guest UID and GID a parameter.</a></td><td>Ludovic Courtès</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/build/linux-container.scm (initialize-user-namespace): Add
 #:guest-uid and #:guest-gid parameters and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* tests/containers.scm ("call-with-container, user namespace, guest UID/GID"):
New test.


</td></tr>

Age	Commit message (Collapse)	Author
2019-10-15	tests: Skip container test when lacking kernel support.	Ludovic Courtès
	This is a followup to 96b35998e610c7fc37bf87bf9e07e63d3bebd0a3. * tests/containers.scm ("eval/container, non-empty load path"): Add missing 'skip-if-unsupported' call.
2019-09-18	linux-container: 'eval/container' correctly passes -L and -C flags.	Ludovic Courtès
	This fixes a type error. * gnu/system/linux-container.scm (eval/container): Use 'append-map', not 'map'. * tests/containers.scm ("eval/container, non-empty load path"): New test.
2019-07-19	linux-container: Add 'eval/container'.	Ludovic Courtès
	* gnu/system/linux-container.scm (eval/container): New procedure. * tests/containers.scm ("eval/container, exit status") ("eval/container, writable user mapping"): New tests.
2019-04-02	linux-container: Make the guest UID and GID a parameter.	Ludovic Courtès
	* gnu/build/linux-container.scm (initialize-user-namespace): Add #:guest-uid and #:guest-gid parameters and honor them. (run-container): Likewise. (call-with-container): Likewise. * tests/containers.scm ("call-with-container, user namespace, guest UID/GID"): New test.