Regarding log_file_parser

Saturday, 27 February 2016

|
Hi，
I have some doubt about the bold code below， at audit-2.5/src/auditd-config.c

static int log_file_parser(struct nv_pair *nv, int line,
    struct daemon_conf *config)
{
    char *dir = NULL, *tdir;
    DIR *d;
    int fd, mode;
    struct stat buf;

    audit_msg(LOG_DEBUG, "log_file_parser called with: %s", nv->value);

    /* get dir from name. */
    tdir = strdup(nv->value);
    if (tdir)
        dir = dirname(tdir);
    if (dir == NULL || strlen(dir) < 4) { //  '/var' is shortest dirname
        audit_msg(LOG_ERR,
            "The directory name: %s is too short - line %d",
            dir, line);
        free((void *)tdir);
        return 1;
    }

    /* verify the directory path exists */
    d = opendir(dir);
    if (d == NULL) {
        audit_msg(LOG_ERR, "Could not open dir %s (%s)", dir,
            strerror(errno));
        free((void *)tdir);
        return 1;
    }

when parsing the field "log_file", If the dir is examined nonexistent, why
don't create it ?  
what are the reasons  for the design?

Thanks.

--
frank

|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004