[CWS] switch to a "write to tmp then rename" mode for local storage (#…

…29259)
DataDog · Sep 12, 2024 · 9faa31b · 9faa31b
1 parent f2035d2
commit 9faa31b
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/pkg/security/security_profile/dump/local_storage.go b/pkg/security/security_profile/dump/local_storage.go
@@ -193,26 +193,32 @@ func (storage *ActivityDumpLocalStorage) Persist(request config.StorageRequest,
 
 	// create output file
 	_ = os.MkdirAll(request.OutputDirectory, 0400)
-	file, err := os.Create(outputPath)
+	tmpOutputPath := outputPath + ".tmp"
+
+	file, err := os.Create(tmpOutputPath)
 	if err != nil {
-		return fmt.Errorf("couldn't persist to file [%s]: %w", outputPath, err)
+		return fmt.Errorf("couldn't persist to file [%s]: %w", tmpOutputPath, err)
 	}
 	defer file.Close()
 
 	// set output file access mode
-	if err = os.Chmod(outputPath, 0400); err != nil {
-		return fmt.Errorf("couldn't set mod for file [%s]: %w", outputPath, err)
+	if err := os.Chmod(tmpOutputPath, 0400); err != nil {
+		return fmt.Errorf("couldn't set mod for file [%s]: %w", tmpOutputPath, err)
 	}
 
 	// persist data to disk
-	if _, err = file.Write(raw.Bytes()); err != nil {
-		return fmt.Errorf("couldn't write to file [%s]: %w", outputPath, err)
+	if _, err := file.Write(raw.Bytes()); err != nil {
+		return fmt.Errorf("couldn't write to file [%s]: %w", tmpOutputPath, err)
 	}
 
-	if err = file.Close(); err != nil {
+	if err := file.Close(); err != nil {
 		return fmt.Errorf("could not close file [%s]: %w", file.Name(), err)
 	}
 
+	if err := os.Rename(tmpOutputPath, outputPath); err != nil {
+		return fmt.Errorf("could not rename file from [%s] to [%s]: %w", tmpOutputPath, outputPath, err)
+	}
+
 	seclog.Infof("[%s] file for [%s] written at: [%s]", request.Format, ad.GetSelectorStr(), outputPath)
 	return nil
 }