Regarding log_file_parser
张晨峰
zhchf2010 at 126.com
Fri Feb 26 16:22:05 UTC 2016
|
Hi,
I have some doubt about the bold code below, at audit-2.5/src/auditd-config.c
static int log_file_parser(struct nv_pair *nv, int line,
struct daemon_conf *config)
{
char *dir = NULL, *tdir;
DIR *d;
int fd, mode;
struct stat buf;
audit_msg(LOG_DEBUG, "log_file_parser called with: %s", nv->value);
/* get dir from name. */
tdir = strdup(nv->value);
if (tdir)
dir = dirname(tdir);
if (dir == NULL || strlen(dir) < 4) { // '/var' is shortest dirname
audit_msg(LOG_ERR,
"The directory name: %s is too short - line %d",
dir, line);
free((void *)tdir);
return 1;
}
/* verify the directory path exists */
d = opendir(dir);
if (d == NULL) {
audit_msg(LOG_ERR, "Could not open dir %s (%s)", dir,
strerror(errno));
free((void *)tdir);
return 1;
}
when parsing the field "log_file", If the dir is examined nonexistent, why don't create it ?
what are the reasons for the design?
Thanks.
--
frank
|
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160227/0cd18e72/attachment.htm>
More information about the Linux-audit
mailing list