per-process transient /tmp mount
One of the things I recently came across is the Linux kernel's unique ability to have a process-specific file system mount table. In Unix that I know of, a file system mount table is global to the entire system, but apparently, starting Linux 2.6.16, you can have multiple mount tables in the system. In a way, this is a kind of a virtualization technology, because two processes in the same system can see entirely different file system (but then, this has already been true, with things like chroot.)
You can create a new mount table in multiple ways, but one way to do that is to use unshare(2), which clones the current mount table for the calling process. Once you do that, all the successive mount/unmount calls will only affect this table and won't affect the original mount table, and any new process created by this process will see the new mount table.
So I used this system call to write a small tool called "transienttmp". This tool unshares the mount table, mount a new tmpfs to /tmp, then exec into the commands specified in the argument. The net result is that it creates an empty, transient /tmp file system, which will be discarded as soon as the exec-ed process exits.
The following example runs a big test (that clutters /tmp) with the transient /tmp. Whatever temporary files that this ant process creates are totally invisible from the rest of the world, and when ant exits, its local /tmp will be gone forever.
$ transienttmp ant build some-big-test
I plan to use this to improve isolation of bad-behaving tests on my Hudson cluster — it's more productive to do this than chasing down every use of File.createTempFile and add try/finally delete code. The source code of this tool is available on GitHub. Run sudo make install to install the binary. Debian packages are also available for those who are using Debian/Ubuntu.
P.S. I would have loved to write this tool in Java, but unfortunately a setuid program is only thing you can never write in an interpreted language...