systemd/jessie: Problems with postgresql-9.4 after upgrade (215-17+deb8u11 => 215-17+deb8u12)

Sedat Dilek sedat.dilek at gmail.com
Thu Apr 25 08:07:40 BST 2019 

Hi,

we have upgraded systemd on some of our Debian/jessie systems:
(215-17+deb8u11 => 215-17+deb8u12)

root# apt-get update && apt-get dist-upgrade -V && apt-get autoremove --purge
...
The following packages will be upgraded:
   libsystemd0 (215-17+deb8u11 => 215-17+deb8u12)
   libudev1 (215-17+deb8u11 => 215-17+deb8u12)
   systemd (215-17+deb8u11 => 215-17+deb8u12)
   systemd-sysv (215-17+deb8u11 => 215-17+deb8u12)
   udev (215-17+deb8u11 => 215-17+deb8u12)
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
...
root at watt:~# reboot

root at watt:~# journalctl -u postgresql at 9.4-main.service

The logs show that user postgres has no permission to write
/var/run/postgresql (Sorry German)

postgresql at 9.4-main[509]: 2019-04-25 05:47:47 UTC FATAL:  konnte
Sperrdatei »/var/run/postgresql/.s.PGSQL.5432.lock« nicht erstellen:
Keine Berechtigung

which means "Could not write lock-file ... : no permission"

Locally, this helped...


root# chown postgres:root /var/run/postgresql/
root# systemctl restart postgresql at 9.4-main.service

...but on the next reboot we have the same issue.

Here the output of lsblk:

root~# lsblk -f
NAME             FSTYPE      LABEL UUID
   MOUNTPOINT
fd0
sr0
vda
├─vda1           ext4              75520488-1b4e-42f9-98da-4932a1610d3b   /boot
└─vda2           LVM2_member       j4b51P-s5ww-LccR-o4BW-KEKX-g4og-qptI9E
  ├─vg_watt-root ext4              99a7d505-8319-40b8-8923-b423e253a1b7   /
  ├─vg_watt-var  ext4              a2a15c5e-c5d8-4d90-987e-0d1b058b1cab   /var
  ├─vg_watt-tmp  ext4              2d3335be-c3ef-45a6-bc48-830ac4ca6409   /tmp
  └─vg_watt-swap swap              215bf415-b483-4a0e-8703-95b93d2e3b8e   [SWAP]

I had a quick look into the diff:

diff -uprN systemd-215.old/debian/changelog systemd-215/debian/changelog
--- systemd-215.old/debian/changelog    2019-03-13 11:52:10.000000000 +0100
+++ systemd-215/debian/changelog        2019-04-23 10:55:22.000000000 +0200
@@ -1,3 +1,12 @@
+systemd (215-17+deb8u12) jessie-security; urgency=medium
+
+  * Non-maintainer upload by the LTS team.
+  * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are
+    hardlinked, unless protected_hardlinks sysctl is on.
+  * CVE-2019-3842: pam-systemd: use secure_getenv() rather than getenv().
+
+ -- Mike Gabriel <sunweaver at debian.org>  Tue, 23 Apr 2019 10:55:22 +0200
+
 systemd (215-17+deb8u11) jessie-security; urgency=high

   * Non-maintainer upload by the LTS team.

And we have on our systems set:

root at watt:~# sysctl -n fs.protected_hardlinks
1

Do you need further informations?

Is this a known issue?
If not, shall I open a bug-report?

Parallelly, I have informed our PotsgreSQL team and will contact
Christoph Berg here inhouse at credativ.

Thanks.

Regards,
- Sedat -

More information about the Pkg-systemd-maintainers mailing list