HiŁ¬
I have some doubt about the bold code belowŁ¬ at audit-2.5/src/auditd-config.c

static int log_file_parser(struct nv_pair *nv, int line,
    struct daemon_conf *config)
{
    char *dir = NULL, *tdir;
    DIR *d;
    int fd, mode;
    struct stat buf;

    audit_msg(LOG_DEBUG, "log_file_parser called with: %s", nv->value);

    /* get dir from name. */
    tdir = strdup(nv->value);
    if (tdir)
        dir = dirname(tdir);
    if (dir == NULL || strlen(dir) < 4) { //  '/var' is shortest dirname
        audit_msg(LOG_ERR,
            "The directory name: %s is too short - line %d",
            dir, line);
        free((void *)tdir);
        return 1;
    }

    /* verify the directory path exists */
    d = opendir(dir);
    if (d == NULL) {
        audit_msg(LOG_ERR, "Could not open dir %s (%s)", dir,
            strerror(errno));
        free((void *)tdir);
        return 1;
    }


when parsing the field "log_file", If the dir is examined nonexistent, why don't create it ?  
what are the reasons  for the design?

 

Thanks.

--
frank