journalctl --user returns no log entries for IDM users in my IDM realm for fresh installs of Fedora 39 or Fedora systems upgraded to Fedora 39. As of October 14, 2023, journalctl --user returns the user logs for IDM users on Fedora 38 and earlier systems. Having no user-accessible log entries for IDM users breaks programs for IDM users that depend on user logs for information (e.g., distrobox) and makes debugging programs harder as the IDM user has no access to any crash information. For example, distrobox stalls on initial container initialization and destruction of container with an exported app because it depends on users logs for progress through those tasks. Reproducible: Always Steps to Reproduce: 1.Install Fedora 39 or upgrade system to Fedora 39; 2.Join system to IDM (freeipa or Red Hat Identity Management); 3.Sign in as a IDM user; 4.Open a terminal;and 5.Type "journalctl --user" Actual Results: On a newly installed system: ---Begin Output--- rmorris@regina:/var/home/rmorris$ id uid=1518400001(rmorris) gid=1518400001(rmorris) groups=1518400001(rmorris),1518400006(media),1518400007(sysadmins),1518500500(virtaccess) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 rmorris@regina:/var/home/rmorris$ journalctl --user Hint: You are currently not seeing messages from the system. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. Pass -q to turn off this notice. No journal files were opened due to insufficient permissions. ---End Output--- On a system upgraded to Fedora 39, the log entries for the IDM user before the system upgrade are displayed. No subsequent user log entries are shown. Expected Results: In both cases (new install or system upgrade), the IDM user logs should have been displayed. Realm IDM range: 1518400000 - 1518599999 Realm IDM range randomly selected on IDM (here, freeipa) install in 2016. IDM users not being able to access logs likely stems from the following commit that tosses IDM user log entries into the system log because of overlap in IDM uids with those of systemd-nspawn: https://github.com/systemd/systemd/commit/115d5145a257c1a27330acf9f063b5f4d910ca4d (h/t: Chris Williams on the Fedora Discussion Forum for finding the commit.)
I created a patch to revert the part of the change: https://github.com/systemd/systemd/pull/30846. The solution is not great, but it should restore behaviour for users.
FEDORA-2024-d59a82cc50 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-d59a82cc50
FEDORA-2024-d59a82cc50 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
Reopening for F39.