Comment 2 for bug 1377338

Upon further investigation, python3-apparmor-click and python3-apparmor-easyprof both use shutil.move() to put a temp file into place. shutil.move() will use os.rename() if the files reside on the same file, but will use shutil.copy2() followed by an unlink otherwise. Since the tempfile.mkstemp() in both cases does not specify to use a different temp directory (ie, dir=None), these files will be created in /tmp, which is a tmpfs on devices (verified on mako), therefore the shutil.move() is not atomic. This confirms that utilizing a blocking lock file will prevent at least some forms of races and corruption. We could adjust the mkstemp() call to use the same filesystem, however, that would result in unexpected behavior when two aa-clickhooks are run at the same time (ie, both would think they did everything correctly but each could have missed something).