journald: when journald namespace instances log, they can do so safely to the main journald instance

Fixes: #18951

src/journal/journald.c

@@ -26,16 +26,23 @@ int main(int argc, char *argv[]) {
 
         namespace = argc > 1 ? empty_to_null(argv[1]) : NULL;
 
-        /* So here's the deal: journald can't be considered as regular daemon when it comes to
-         * logging hence LOG_TARGET_AUTO won't do the right thing for it. Hence explicitly log to
-         * the console if we're started from a console or to kmsg otherwise. */
-        log_target = isatty(STDERR_FILENO) > 0 ? LOG_TARGET_CONSOLE : LOG_TARGET_KMSG;
-
-        log_set_prohibit_ipc(true); /* better safe than sorry */
-        log_set_target(log_target);
         log_set_facility(LOG_SYSLOG);
-        log_parse_environment();
-        log_open();
+
+        if (namespace)
+                /* If we run for a log namespace, then we ourselves can log to the main journald. */
+                log_setup();
+        else {
+                /* So here's the deal if we run as the main journald: we can't be considered as regular
+                 * daemon when it comes to logging hence LOG_TARGET_AUTO won't do the right thing for
+                 * us. Hence explicitly log to the console if we're started from a console or to kmsg
+                 * otherwise. */
+                log_target = isatty(STDERR_FILENO) > 0 ? LOG_TARGET_CONSOLE : LOG_TARGET_KMSG;
+
+                log_set_prohibit_ipc(true); /* better safe than sorry */
+                log_set_target(log_target);
+                log_parse_environment();
+                log_open();
+        }
 
         umask(0022);
 

units/systemd-journald@.service.in

@@ -32,7 +32,6 @@ RestrictSUIDSGID=yes
 RuntimeDirectory=systemd/journal.%i
 RuntimeDirectoryPreserve=yes
 Sockets=systemd-journald@%i.socket
-StandardOutput=null
 SystemCallArchitectures=native
 SystemCallErrorNumber=EPERM
 SystemCallFilter=@system-service