journalctl --user returns no log entries for IDM users in my IDM realm for fresh installs of Fedora 39 or Fedora systems upgraded to Fedora 39. As of October 14, 2023, journalctl --user returns the user logs for IDM users on Fedora 38 and earlier systems. Having no user-accessible log entries for IDM users breaks programs for IDM users that depend on user logs for information (e.g., distrobox) and makes debugging programs harder as the IDM user has no access to any crash information. For example, distrobox stalls on initial container initialization and destruction of container with an exported app because it depends on users logs for progress through those tasks. Reproducible: Always Steps to Reproduce: 1.Install Fedora 39 or upgrade system to Fedora 39; 2.Join system to IDM (freeipa or Red Hat Identity Management); 3.Sign in as a IDM user; 4.Open a terminal;and 5.Type "journalctl --user" Actual Results: On a newly installed system: ---Begin Output--- rmorris@regina:/var/home/rmorris$ id uid=1518400001(rmorris) gid=1518400001(rmorris) groups=1518400001(rmorris),1518400006(media),1518400007(sysadmins),1518500500(virtaccess) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 rmorris@regina:/var/home/rmorris$ journalctl --user Hint: You are currently not seeing messages from the system. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. Pass -q to turn off this notice. No journal files were opened due to insufficient permissions. ---End Output--- On a system upgraded to Fedora 39, the log entries for the IDM user before the system upgrade are displayed. No subsequent user log entries are shown. Expected Results: In both cases (new install or system upgrade), the IDM user logs should have been displayed. Realm IDM range: 1518400000 - 1518599999 Realm IDM range randomly selected on IDM (here, freeipa) install in 2016. IDM users not being able to access logs likely stems from the following commit that tosses IDM user log entries into the system log because of overlap in IDM uids with those of systemd-nspawn: https://github.com/systemd/systemd/commit/115d5145a257c1a27330acf9f063b5f4d910ca4d (h/t: Chris Williams on the Fedora Discussion Forum for finding the commit.)
I created a patch to revert the part of the change: https://github.com/systemd/systemd/pull/30846. The solution is not great, but it should restore behaviour for users.
FEDORA-2024-d59a82cc50 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-d59a82cc50
FEDORA-2024-d59a82cc50 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.
Reopening for F39.
This message is a reminder that Fedora Linux 39 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 39 on 2024-11-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '39'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 39 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.