From: Jack <ostroffjh@users.sourceforge.net>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] odd issue with RTKIT syslog-ng
Date: Sun, 15 Nov 2020 19:02:53 -0500 [thread overview]
Message-ID: <MVZVS5UE.XLQ65IUD.C6MWTOSP@GYLO7EO7.DM7BCBQ2.2DRD6OGB> (raw)
As usual, I've got what seems to be a really obscure problem, and I
have not found any reference to it searching the interwebs.
The suspect package is sys-auth/rtkit-0/13-r1 (which has nothing to do
with chkrootkit) and I'm using app-admin/syslog-ng-3.26.1-r1.
As a typical example from /var/log/messages (extract, and having
reconfigured syslog-ng to us iso timestamps)
2020-11-15T18:30:01-05:00 localhost CROND[7320]: (root) CMD
(/usr/lib/sa/sa1 1 1)
2020-11-15T23:34:10-05:00 localhost rtkit-daemon[6263]: Supervising 0
threads of 0 processes of 0 users.
2020-11-15T23:36:38-05:00 localhost rtkit-daemon[6263]: Supervising 0
threads of 0 processes of 0 users.
2020-11-15T18:40:01-05:00 localhost CROND[15943]: (root) CMD (test -x
/usr/sbin/run-crons && /usr/sbin/run-crons)
All rtkit messages to syslog seem to be in UTC, or at least five hours
off from my local Americas/New York timezone. rtkit uses the syslog()
call for all logging, and there is nothing in those calls that even
mentions timezone.
However, in digging further, I found two log entries from rtkit which
do appear to be using local time. In looking at the rtkit source,
those two use the LOG_INFO and LOG_NOTICE as their levels. All other
logging in rtkit uses LOG_ERR, LOG_DEBUG, or LOG_WARNING, with one
exception: I see one LOG_INFO message (repeated, scattered across the
log) which does show the UTC time.
So, does anyone have an idea what is going on?
I have one theory so far, but I a bit stuck on how to test it. I'm not
sure where in the boot process rtkit gets started, but I think it's
automatically started when Dbus starts. As part of the daemon's
startup routine, it drops some privileges. Is it possible that the
applicable timezone gets changed when it drops privileges? As far as I
can tell, the log messages with the correct time are all produced
before it drops privs. Am I barking up the right tree, or am I barking
mad?
Thanks for any thoughts.
Jack
next reply other threads:[~2020-11-16 0:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 0:02 Jack [this message]
2020-11-17 0:22 ` [gentoo-user] odd issue with RTKIT syslog-ng Jack
2020-11-17 2:00 ` cal
2020-11-17 15:33 ` Jack
2020-11-18 2:36 ` cal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MVZVS5UE.XLQ65IUD.C6MWTOSP@GYLO7EO7.DM7BCBQ2.2DRD6OGB \
--to=ostroffjh@users.sourceforge.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox