Bug#1128585: socklog-run: under systemd, listen to journald proxy instead of /dev/log

Sat, 21 Feb 2026 08:01:17 -0800 

Package: socklog-run
Version: 2.1.0+repack-6
Severity: normal
Tags: patch

Dear Maintainer,

When run under systemd and runit-run, the socklog-unix service listens
to /dev/log, which means that syslog traffic is stolen from journald and
any logs made to journald directly (possibly quite important to see if
they have been registered directly by systemd) do not appear in socklog
logs.

This can be fixed quite easily by listening to journald's syslog proxy
socket when it is running. See patch below for a tested solution.

To test:

  # printf "MESSAGE=hello123\n" | logger --journald

On sucessful test:

  # tail /var/log/runit/socklog/user/current              
  2026-02-21_15:38:12.61211 user.info: Feb 21 15:38:12 logger[7649]: hello123

Thanks!

-- System Information:
Debian Release: 13.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.57+deb13-cloud-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages socklog-run depends on:
ii  runit                       2.2.0-3
ii  runit-helper                2.16.4
ii  socklog                     2.1.0+repack-6
ii  systemd [systemd-sysusers]  257.9-1~deb13u1

Versions of packages socklog-run recommends:
ii  bsd-mailx [mailx]  8.1.2-0.20220412cvs-1.1
ii  ipsvd              1.0.0-12

socklog-run suggests no packages.


diff --git a/debian/service/socklog-unix/run b/debian/service/socklog-unix/run
index d98e29d..b3e8a66 100755
--- a/debian/service/socklog-unix/run
+++ b/debian/service/socklog-unix/run
@@ -1,3 +1,8 @@
 #!/bin/sh
 exec 2>&1
-exec chpst -U _socklog-unix socklog unix /dev/log
+
+if [ "$(readlink /dev/log)" = "/run/systemd/journal/dev-log" ]; then
+  socket=/run/systemd/journal/syslog
+fi
+
+exec chpst -U _socklog-unix socklog unix "${socket:-/dev/log}"

#!/bin/sh
exec 2>&1

if [ "$(readlink /dev/log)" = "/run/systemd/journal/dev-log" ]; then
  socket=/run/systemd/journal/syslog
fi

exec chpst -U _socklog-unix socklog unix "${socket:-/dev/log}"

Attachment: signature.asc
Description: PGP signature

Reply via email to