From 6410f384afd59c410b2c83c526c88858c3cc183e Mon Sep 17 00:00:00 2001
From: Benjamin Sherman <benjamin@holyarmy.org>
Date: Fri, 10 Mar 2023 14:16:08 -0600
Subject: [PATCH] fix: auditd failed to start

---
 Containerfile                                       |  1 +
 etc/systemd/system/ensure-var-log-audit-dir.service | 10 ++++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 etc/systemd/system/ensure-var-log-audit-dir.service

diff --git a/Containerfile b/Containerfile
index b7b3992..00c5b80 100644
--- a/Containerfile
+++ b/Containerfile
@@ -38,6 +38,7 @@ RUN sed -i 's/#AutomaticUpdatePolicy.*/AutomaticUpdatePolicy=stage/' /etc/rpm-os
     sed -i 's/#DefaultTimeoutStopSec.*/DefaultTimeoutStopSec=60s/' /etc/systemd/user.conf && \
     sed -i 's/#DefaultTimeoutStopSec.*/DefaultTimeoutStopSec=60s/' /etc/systemd/system.conf && \
     systemctl enable cockpit.service && \
+    systemctl enable ensure-var-log-audit-dir.service && \
     systemctl enable rpm-ostreed-automatic.timer && \
     rm /etc/ssh/sshd_config.d/40-disable-passwords.conf && \
     cp -a /etc/firewalld/firewalld-server.conf /etc/firewalld/firewalld.conf && \
diff --git a/etc/systemd/system/ensure-var-log-audit-dir.service b/etc/systemd/system/ensure-var-log-audit-dir.service
new file mode 100644
index 0000000..beb80b2
--- /dev/null
+++ b/etc/systemd/system/ensure-var-log-audit-dir.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Ensure /var/log/audit is present
+Before=auditd.service
+
+[Service]
+Type=oneshot
+ExecStart=mkdir -p -m 0700 /var/log/audit
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file