[Bug 1908065] Re: Invalid SYSLOG_PID for (systemd) journal messages

Launchpad Bug Tracker 1908065 at bugs.launchpad.net
Tue Feb 23 20:06:43 UTC 2021 

This bug was fixed in the package sssd - 2.3.1-3ubuntu4

---------------
sssd (2.3.1-3ubuntu4) groovy; urgency=medium

  * Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065):
    - d/p/lp-1908065-01-syslog_identifier-format.patch:
      Upstream patch to include "sssd[]" identifier in program names.
    - d/p/lp-1908065-02-remove-syslog_identifier.patch:
      Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.

 -- Valters Jansons <valter.jansons at gmail.com>  Fri, 05 Feb 2021
16:07:05 +0000

** Changed in: sssd (Ubuntu Groovy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1908065

Title:
  Invalid SYSLOG_PID for (systemd) journal messages

Status in sssd package in Ubuntu:
  Fix Released
Status in sssd source package in Bionic:
  Won't Fix
Status in sssd source package in Focal:
  Fix Committed
Status in sssd source package in Groovy:
  Fix Released
Status in sssd source package in Hirsute:
  Fix Released

Bug description:
  [Impact]

   * On Ubuntu (Focal) 20.04, SSSD 2.2.3-3, logs in journald have invalid
     (non-numeric) SYSLOG_PID. Any tooling collecting SYSLOG_PID further, or
     attempting to work with syslog directly, fail to parse the PID as number.

   * systemd does not validate, and simply expects SYSLOG_PID as numeric
     integers formatted as decimal strings:
     https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#SYSLOG_FACILITY=

   * Fixed upstream by https://github.com/SSSD/sssd/commit/00e7b1ada3d1c1071eac79b65c17cd2701c2ae6a
     and https://github.com/SSSD/sssd/commit/18233532b72e62452eac6886652fa633ba055d8c
     and https://github.com/SSSD/sssd/commit/01cc2674959ec249702465621f57259fc779650b

  [Test Case]

   * Deploy fresh 20.04 image, and update:
     apt update && apt dist-upgrade

   * apt -qqy install sssd

   * cat << EOF > /etc/sssd/sssd.conf
  [sssd]
    config_file_version = 2
    domains = EXAMPLE.COM
    services =

  [nss]

  [pam]

  [sudo]

  [domain/EXAMPLE.COM]
    id_provider = files
    access_provider = permit
  EOF

   * chmod 600 /etc/sssd/sssd.conf

   * systemctl restart sssd.service

   * journalctl -o verbose -u sssd.service 'MESSAGE=Starting up' |
  grep SYSLOG_IDENTIFIER=
      SYSLOG_IDENTIFIER=sssd
      SYSLOG_IDENTIFIER=sssd[be

   * journalctl -u sssd.service 'MESSAGE=Starting up'
  Dec 07 14:10:00 servername sssd[1234]: Starting up
  Dec 07 14:10:00 servername sssd[be[1235]: Starting up

   * grep -E '(sssd|be)[\[\:]' /var/log/syslog
  Dec 07 14:10:00 servername sssd: Starting up
  Dec 07 14:10:00 servername sssd[be[EXAMPLE.COM]]: Starting up

  [Where problems could occur]

   * Someone might depend on the malformed output already, and have tooling in
     place to transform it manually.

   * Changes to log messages can cause lines to get picked up by things like
     logwatch that weren't before.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1908065/+subscriptions

More information about the Ubuntu-sponsors mailing list