This looks good to me. As you mentioned, there is the outstanding issue of /tmp/snap.* directories being left behind. This could result in a denial of service if mkdtemp() can no longer create a unique directory but I'm not too worried about that in terms of security. It is more of a usability issue, IMO. This gets my ack.
This looks good to me. As you mentioned, there is the outstanding issue of /tmp/snap.* directories being left behind. This could result in a denial of service if mkdtemp() can no longer create a unique directory but I'm not too worried about that in terms of security. It is more of a usability issue, IMO. This gets my ack.