Description of problem: Messages that should have SYSLOG_FACILITY 10 (authpriv) are logged by journald as if they have have SYSLOG_FACILITY 11 (ftp). This results in those message not appearing in /var/log/secure but in /var/log/messages. Version-Release number of selected component (if applicable): systemd-205-1.fc20.x86_64 How reproducible: 100% Steps to Reproduce: $ journalctl -o verbose -f $ tail -f /var/log/{messages,secure} $ logger -p authpriv.notice authpriv-msg Inspect the outputs of the commands above. Actual results: Wrong facility is assigned to authpriv messages, i.e. SYSLOG_FACILITY=11 in journalctl's output. Expected results: SYSLOG_FACILITY=10 Additional info: If normal users are allowed access to logs with the 'ftp' facility, they can unintentionally get access to sshd logs.
void server_process_syslog_message( ... int priority = LOG_USER | LOG_INFO; ... syslog_parse_priority((char**) &buf, &priority); ... Then: void syslog_parse_priority(char **p, int *priority) { ... *priority = (*priority & LOG_FACMASK) | (a*100 + b*10 + c); ... LOG_USER is (1<<3), in binary 1000. authpriv.notice is <87>, in binary 1010111. Thus in the end, in binary: *priority = 1000 | 1010111 = 1011111, that is facility 11, level debug. The priority calculation line was changed by: http://cgit.freedesktop.org/systemd/systemd/commit/?id=49998b3 Zbigniew, would you recheck this?
(In reply to Michal Schmidt from comment #1) > authpriv.notice is <87>, in binary 1010111. Sorry, this should say "authpriv.debug", which is what I actually used in my test.
*** Bug 988163 has been marked as a duplicate of this bug. ***
Yeah, looks like I messed up. Does the following patch (and the analysis in the commit message) make sense to you?
Created attachment 778846 [details] should fix the problem
Committed upstream in http://cgit.freedesktop.org/systemd/systemd/commit/?id=ac50788b0.
It seems to be already fixed in systemd-206-11.fc21.x86_64
systemd-207
systemd-204-13.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/systemd-204-13.fc19
systemd-204-14.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/systemd-204-14.fc19