gem-ruby-libvirt-0.8.3-alt1.x86_64 unsafe-tmp-usage-in-scripts fail The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/tests/test_storage.rb: $ grep /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/tests/test_storage.rb test.img 0 1 /tmp/rb-libvirt-test/test.img EOF new_storage_vol_xml_2 = < test2.img 0 5 /tmp/rb-libvirt-test/test2.img EOF # TESTGROUP: vol.pool expect_invalid_arg_type(newpool, "delete", 'foo') expect_success(newpool, "no args", "delete") if !test_default_uri? `mkdir -p /tmp/rb-libvirt-test` end newpool.undefine if !test_default_uri? Found error in /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/examples/storage.rb: $ grep -A5 -B5 /tmp/ /usr/lib/ruby/gemie/gems/ruby-libvirt-0.8.3/examples/storage.rb # etc. See https://libvirt.org/formatstorage.html for more details require 'libvirt' # a directory storage pool. This will be a pool with the name # 'ruby-libvirt-tester' with the pool itself in /tmp/ruby-libvirt-tester storage_pool_xml = < ruby-libvirt-tester 33a5c045-645a-2c00-e56b-927cdf34e17a /tmp/ruby-libvirt-tester EOF # a storage volume. This will have name test.img, with capacity of 1GB -- test.img 0 1 /tmp/ruby-libvirt-tester/test.img EOF # open up the connection to libvirt;