filecopy: really do not use O_TMPFILE when use_tmpfile==0

When file opened with O_TMPFILE but use_tmpfile==0, the file will not be
linked to the directory (the code at the end of process_one_file_reg).
Additionally it is waste of time trying using O_TMPFILE when it's
already known it shouldn't be.
Also use_tmpfile==0 can mean we don't have access to /proc
(set_procfs_fd wasn't called), so even if linking the file to its
directory would be attempted, it would fail. This is the case for
dom0-updates copy.

qrexec-lib/unpack.c

@@ -104,15 +104,19 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
 			  const char *untrusted_name)
 {
 	int ret;
-	int fdout;
+	int fdout = -1;
 
 	/* make the file inaccessible until fully written */
-	fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
+	if (use_tmpfile) {
-	if (fdout < 0 && errno==ENOENT) {
+		fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
-		/* if it fails, do not attempt further use - most likely kernel too old */
+		if (fdout < 0 && errno==ENOENT) {
-		use_tmpfile = 0;
+			/* if it fails, do not attempt further use - most likely kernel too old */
-		fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000);	/* safe because of chroot */
+			use_tmpfile = 0;
+		} else
+			do_exit(errno, untrusted_name);
 	}
+	if (fdout < 0)
+		fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000);	/* safe because of chroot */
 	if (fdout < 0)
 		do_exit(errno, untrusted_name);
 	/* sizes are signed elsewhere */