From 0a5a513f35e6b7d5f5795bb083c992f8cd3a308d Mon Sep 17 00:00:00 2001
From: Lenny Consuegra <lenny.consuegra@camptocamp.com>
Date: Wed, 29 May 2024 08:29:37 +0200
Subject: [PATCH] chore: create a temporary workdir for process files

That way we are in line with the new kernel (>4.19 permissions management
Cf https://docs.kernel.org/admin-guide/sysctl/fs.html#protected-regular
---
 ipahealthcheck_exporter.go | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/ipahealthcheck_exporter.go b/ipahealthcheck_exporter.go
index b77c1fc..b2e5eec 100644
--- a/ipahealthcheck_exporter.go
+++ b/ipahealthcheck_exporter.go
@@ -89,6 +89,7 @@ type scrapedCheck struct {
 }
 
 type ipahealthcheckCollector struct {
+	exporterWorkdir       string
 	ipahealthcheckPath    string
 	ipahealthcheckLogPath string
 }
@@ -115,10 +116,12 @@ func (ic ipahealthcheckCollector) Collect(ch chan<- prometheus.Metric) {
 	log.Infof("Scraping metrics from %v", ic.ipahealthcheckPath)
 
 	var checks []ipaCheck
-	tmpFile, err := os.CreateTemp("/dev/shm", "ipa-healthcheck.out")
+
+	tmpFile, err := os.CreateTemp(ic.exporterWorkdir, "ipa-healthcheck.out")
 	if err != nil {
 		log.Fatal("Cannot create tempfile: ", err)
 	}
+	defer os.Remove(tmpFile.Name())
 
 	healthCheckCmd := []string{ic.ipahealthcheckPath, "--source", "ipahealthcheck.meta.services", "--output-file", tmpFile.Name()}
 	if sudo {
@@ -227,14 +230,20 @@ func (ic ipahealthcheckCollector) Collect(ch chan<- prometheus.Metric) {
 			}
 		}
 	}
-
-	defer os.Remove(tmpFile.Name())
 }
 
 func main() {
 
 	flag.Parse()
 
+	workDir, err := os.MkdirTemp("/dev/shm", "ipa-healthcheck")
+	if err != nil {
+		log.Fatal("Cannot create: ", err)
+	}
+	if verbose {
+		log.Infof("Created temporary working directory: %v", workDir)
+	}
+
 	go func() {
 		intChan := make(chan os.Signal, 1)
 		termChan := make(chan os.Signal, 1)
@@ -245,14 +254,17 @@ func main() {
 		select {
 		case <-intChan:
 			log.Infof("Received SIGINT, exiting")
+			os.RemoveAll(workDir)
 			os.Exit(0)
 		case <-termChan:
 			log.Infof("Received SIGTERM, exiting")
+			os.RemoveAll(workDir)
 			os.Exit(0)
 		}
 	}()
 
 	collector := ipahealthcheckCollector{
+		exporterWorkdir:       workDir,
 		ipahealthcheckPath:    ipahealthcheckPath,
 		ipahealthcheckLogPath: ipahealthcheckLogPath,
 	}