From: Jack <ostroffjh@users.sourceforge.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] odd issue with RTKIT syslog-ng
Date: Mon, 16 Nov 2020 19:22:48 -0500 [thread overview]
Message-ID: <4JZI3GTM.5DK32STY.2GJR5DT7@4CJOC7Q6.CDYBV4NG.QGHV3UOT> (raw)
In-Reply-To: <MVZVS5UE.XLQ65IUD.C6MWTOSP@GYLO7EO7.DM7BCBQ2.2DRD6OGB>
On 2020.11.15 19:02, Jack wrote:
> As usual, I've got what seems to be a really obscure problem, and I
> have not found any reference to it searching the interwebs.
>
> The suspect package is sys-auth/rtkit-0/13-r1 (which has nothing to
> do with chkrootkit) and I'm using app-admin/syslog-ng-3.26.1-r1.
>
> As a typical example from /var/log/messages (extract, and having
> reconfigured syslog-ng to us iso timestamps)
>
> 2020-11-15T18:30:01-05:00 localhost CROND[7320]: (root) CMD
> (/usr/lib/sa/sa1 1 1)
> 2020-11-15T23:34:10-05:00 localhost rtkit-daemon[6263]: Supervising 0
> threads of 0 processes of 0 users.
> 2020-11-15T23:36:38-05:00 localhost rtkit-daemon[6263]: Supervising 0
> threads of 0 processes of 0 users.
> 2020-11-15T18:40:01-05:00 localhost CROND[15943]: (root) CMD (test -x
> /usr/sbin/run-crons && /usr/sbin/run-crons)
>
> All rtkit messages to syslog seem to be in UTC, or at least five
> hours off from my local Americas/New York timezone. rtkit uses the
> syslog() call for all logging, and there is nothing in those calls
> that even mentions timezone.
>
> However, in digging further, I found two log entries from rtkit which
> do appear to be using local time. In looking at the rtkit source,
> those two use the LOG_INFO and LOG_NOTICE as their levels. All other
> logging in rtkit uses LOG_ERR, LOG_DEBUG, or LOG_WARNING, with one
> exception: I see one LOG_INFO message (repeated, scattered across
> the log) which does show the UTC time.
>
> So, does anyone have an idea what is going on?
>
> I have one theory so far, but I a bit stuck on how to test it. I'm
> not sure where in the boot process rtkit gets started, but I think
> it's automatically started when Dbus starts. As part of the daemon's
> startup routine, it drops some privileges. Is it possible that the
> applicable timezone gets changed when it drops privileges? As far as
> I can tell, the log messages with the correct time are all produced
> before it drops privs. Am I barking up the right tree, or am I
> barking mad?
I've done some more digging, with lots of debugging output. Up to a
point, the process acknowledges the local timezone. However, after
doing a 'chroot "/proc"' and then 'chdir "/"' it thinks it's UTC.
Still doesn't make any sense to me, though.
next prev parent reply other threads:[~2020-11-17 0:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 0:02 [gentoo-user] odd issue with RTKIT syslog-ng Jack
2020-11-17 0:22 ` Jack [this message]
2020-11-17 2:00 ` cal
2020-11-17 15:33 ` Jack
2020-11-18 2:36 ` cal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4JZI3GTM.5DK32STY.2GJR5DT7@4CJOC7Q6.CDYBV4NG.QGHV3UOT \
--to=ostroffjh@users.sourceforge.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox