1 |
As usual, I've got what seems to be a really obscure problem, and I |
2 |
have not found any reference to it searching the interwebs. |
3 |
|
4 |
The suspect package is sys-auth/rtkit-0/13-r1 (which has nothing to do |
5 |
with chkrootkit) and I'm using app-admin/syslog-ng-3.26.1-r1. |
6 |
|
7 |
As a typical example from /var/log/messages (extract, and having |
8 |
reconfigured syslog-ng to us iso timestamps) |
9 |
|
10 |
2020-11-15T18:30:01-05:00 localhost CROND[7320]: (root) CMD |
11 |
(/usr/lib/sa/sa1 1 1) |
12 |
2020-11-15T23:34:10-05:00 localhost rtkit-daemon[6263]: Supervising 0 |
13 |
threads of 0 processes of 0 users. |
14 |
2020-11-15T23:36:38-05:00 localhost rtkit-daemon[6263]: Supervising 0 |
15 |
threads of 0 processes of 0 users. |
16 |
2020-11-15T18:40:01-05:00 localhost CROND[15943]: (root) CMD (test -x |
17 |
/usr/sbin/run-crons && /usr/sbin/run-crons) |
18 |
|
19 |
All rtkit messages to syslog seem to be in UTC, or at least five hours |
20 |
off from my local Americas/New York timezone. rtkit uses the syslog() |
21 |
call for all logging, and there is nothing in those calls that even |
22 |
mentions timezone. |
23 |
|
24 |
However, in digging further, I found two log entries from rtkit which |
25 |
do appear to be using local time. In looking at the rtkit source, |
26 |
those two use the LOG_INFO and LOG_NOTICE as their levels. All other |
27 |
logging in rtkit uses LOG_ERR, LOG_DEBUG, or LOG_WARNING, with one |
28 |
exception: I see one LOG_INFO message (repeated, scattered across the |
29 |
log) which does show the UTC time. |
30 |
|
31 |
So, does anyone have an idea what is going on? |
32 |
|
33 |
I have one theory so far, but I a bit stuck on how to test it. I'm not |
34 |
sure where in the boot process rtkit gets started, but I think it's |
35 |
automatically started when Dbus starts. As part of the daemon's |
36 |
startup routine, it drops some privileges. Is it possible that the |
37 |
applicable timezone gets changed when it drops privileges? As far as I |
38 |
can tell, the log messages with the correct time are all produced |
39 |
before it drops privs. Am I barking up the right tree, or am I barking |
40 |
mad? |
41 |
|
42 |
Thanks for any thoughts. |
43 |
|
44 |
Jack |