[Bug 1908065] [NEW] Invalid SYSLOG_PID for (systemd) journal messages

Launchpad Bug Tracker 1908065 at bugs.launchpad.net
Sat Jan 23 16:31:10 UTC 2021


You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):

[Impact]

 * On Ubuntu (Focal) 20.04, SSSD 2.2.3-3, logs in Journald have invalid
(non-numeric) SYSLOG_PID. Any tooling collecting SYSLOG_PID further, or
attempting to work with syslog directly, fail to parse the PID as
number.

 * Systemd does not validate, and simply expects SYSLOG_PID as numeric integers formatted as decimal strings:
   https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#SYSLOG_FACILITY=

[Test Case]

 * Deploy fresh 20.04 image, and update:
   apt update && apt dist-upgrade

 * apt -qqy install sssd

 * cat << EOF > /etc/sssd/sssd.conf
[sssd]
  config_file_version = 2
  domains = EXAMPLE.COM
  services =

[nss]

[pam]

[sudo]

[domain/EXAMPLE.COM]
  id_provider = files
  access_provider = permit
EOF

 * chmod 600 /etc/sssd/sssd.conf

 * systemctl restart sssd.service

 * journalctl -o verbose -u sssd-sudo.service | grep SYSLOG_PID=
   SYSLOG_PID=sudo

 * journalctl -u sssd.service # Produces malformed example lines:
   Dec 07 14:10:00 servername sssd[be[1234]: Starting up

 * grep sssd /var/log/syslog # Displays non-numeric PIDs:
   Dec  7 08:00:00 servername sssd[be[EXAMPLE.COM]]: Starting up
   Dec  7 08:00:00 servername sssd[nss]: Starting up
   Dec  7 08:00:00 servername sssd[sudo]: Starting up
   Dec  7 08:00:00 servername sssd[pam]: Starting up

[Where problems could occur]

 * Someone might depend on the malformed output already, and have
tooling in place to transform it manually.

[Other Info]

 * Is not reproducible on Ubuntu (Groovy) 20.10 containing SSSD 2.3.1-3.
Considering Debian testing is currently at SSSD 2.4.0-1, it does not
appear applicable to fix in upstream.

 * The package itself does not appear to provide any SYSLOG_PID. The
SYSLOG_IDENTIFIER appears to instead 'leak' over into PID, hinting at
trouble on systemd side. SSSD source at:
https://github.com/SSSD/sssd/blob/sssd-2_2_3/src/util/sss_log.c#L110

 * Applying a change to SYSLOG_IDENTIFIER (prefixing with "sssd[" and suffixing with "]") results in "SYSLOG_IDENTIFIER=sssd_be" being logged, and no SYSLOG_PID being reported.
   Cherry-picked upstream commit for testing: https://github.com/SSSD/sssd/commit/18233532b72e62452eac6886652fa633ba055d8c

** Affects: sssd (Ubuntu)
     Importance: Undecided
         Status: Triaged

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: Invalid


** Tags: patch
-- 
Invalid SYSLOG_PID for (systemd) journal messages
https://bugs.launchpad.net/bugs/1908065
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.



More information about the Ubuntu-sponsors mailing list