<div dir="ltr"><p class=""><span lang="EN-US">Hi all:</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">I found a bug the process auvrt generate a coredump when there is no file named audit.log, In the case the /var/log/audit/audit.log removed by someone.</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">I make a patch to solve this problem.</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">Index: auparse/auparse.c</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">===================================================================</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">--- auparse/auparse.c (</span><span style="font-family:宋体">版本</span><span lang="EN-US"> 814)</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">+++ auparse/auparse.c (</span><span style="font-family:宋体">工作副本</span><span lang="EN-US">)</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">@@ -806,7 +806,7 @@</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> case AUSOURCE_FILE:</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> case AUSOURCE_FILE_ARRAY:</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> // if the first time through, open file</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">- if (au->list_idx == 0 && au->in == NULL) {</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">+ if (au->list_idx == 0 && au->in == NULL && au->source_list != NULL) {</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> if (au->source_list[au->list_idx] == NULL) {</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> errno = 0;</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> return -2;</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">[clq@localhost trunk]# auvirt</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">Unable to open /var/log/audit/audit.log (No such file or directory)</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">No log file</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">Segmentation fault (core dumped)</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">The backtrace is as follows:</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">Loaded symbols for /lib64/ld-linux-x86-64.so.2</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">Core was generated by `./tools/auvirt/.libs/lt-auvirt'.</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">Program terminated with signal 11, Segmentation fault.</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">810 if (au->source_list[au->list_idx] == NULL) {</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6.x86_64</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">(gdb) bt</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">#1 auparse_next_event (au=0x682830) at auparse.c:958</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">#2 0x00007fb2cc547c52 in auparse_first_record (au=<value optimized out>) at auparse.c:1131</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">#3 0x00007fb2cc547d77 in ausearch_next_event (au=0x682830) at auparse.c:923</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">#4 0x00000000004043b8 in main (argc=<value optimized out>, argv=<value optimized out>) at auvirt.c:1542</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">(gdb) f 0</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">#0 0x00007fb2cc547b24 in retrieve_next_line (au=0x682830) at auparse.c:810</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">810 if (au->source_list[au->list_idx] == NULL) {</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">(gdb) p *au</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">$1 = {source = AUSOURCE_LOGS, source_list = 0x0, list_idx = 0, in = 0x0, line_number = 0, next_buf = 0x0, off = 0, cur_buf = 0x0, </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> line_pushed = 0, le = {head = 0x0, cur = 0x0, cnt = 0, e = {sec = 0, milli = 0, serial = 0, host = 0x0}}, expr = 0x680c90, </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> find_field = 0x0, search_where = AUSEARCH_STOP_EVENT, parse_state = EVENT_EMPTY, databuf = {flags = 0, alloc_size = 0, </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> alloc_ptr = 0x0, offset = 0, len = 0, max_len = 0}, callback = 0, callback_user_data = 0x0, callback_user_data_destroy = 0}</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">(gdb) p au->source_list</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">$2 = (char **) 0x0</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">(gdb)</span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US"> </span></p> <p class="" style="text-indent:21pt"><span lang="EN-US">Best Regards!</span></p></div>