|
Hi,
I have some doubt about the bold code below, at audit-2.5/src/auditd-config.c
static int log_file_parser(struct nv_pair *nv, int line,
struct daemon_conf *config)
{
char *dir = NULL, *tdir;
DIR *d;
int fd, mode;
struct stat buf;
audit_msg(LOG_DEBUG, "log_file_parser called with: %s", nv->value);
/* get dir from name. */
tdir = strdup(nv->value);
if (tdir)
dir = dirname(tdir);
if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname
audit_msg(LOG_ERR,
"The directory name: %s is too short - line %d",
dir, line);
free((void *)tdir);
return 1;
}
/* verify the directory path exists */
d = opendir(dir);
if (d == NULL) {
audit_msg(LOG_ERR, "Could not open dir %s (%s)", dir,
strerror(errno));
free((void *)tdir);
return 1;
}
when parsing the field "log_file", If the dir is examined nonexistent, why
don't create it ?
what are the reasons for the design?
Thanks.
--
frank
|--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
