I was playing with BPF tools today and ran the command
sudo opensnoop-bpfcc -x -U and noticed many traces like this:
0 403 systemd-journal -1 2 /run/log/journal/5c01742aed6d4d58bed5f1671e612657/system.journal
… and then I ran:
$ ls -al /run/log/journal/ total 0 drwxr-sr-x+ 2 root systemd-journal 40 Jun 28 15:06 . drwxr-xr-x 3 root root 60 Jun 28 15:06 ..
… and then:
$ cat /proc/mounts | grep run tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=6554292k,mode=755 0 0
Why would journald try to access a file in a location that just doesn’t exist, on a temp filesystem mount? Is something configured wrong? This also happens to a second machine running the same OS listed below. The correct location is
/var/log/journal/ where the path exists.
My system specs:
$ sudo lsb_release -a Distributor ID: Ubuntu Description: Ubuntu 20.04 LTS Release: 20.04 Codename: focal $ uname -a Linux 5.4.0-39-generic #43-Ubuntu SMP Fri Jun 19 10:28:31 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux