systemd/jessie: Problems with postgresql-9.4 after upgrade (215-17+deb8u11 => 215-17+deb8u12)

Mike Gabriel sunweaver at debian.org
Thu Apr 25 10:46:29 BST 2019 

Hi Sedat,

On  Do 25 Apr 2019 09:55:43 CEST, Sedat Dilek wrote:

> On Thu, Apr 25, 2019 at 9:51 AM Mike Gabriel <sunweaver at debian.org> wrote:
>>
>> Hi Sedat,
>> (Cc:-ing debian-lts mailing list)
>>
>> On  Do 25 Apr 2019 09:07:40 CEST, Sedat Dilek wrote:
>>
>> > Hi,
>> >
>> > we have upgraded systemd on some of our Debian/jessie systems:
>> > (215-17+deb8u11 => 215-17+deb8u12)
>> >
>> > root# apt-get update && apt-get dist-upgrade -V && apt-get  
>> autoremove --purge
>> > ...
>> > The following packages will be upgraded:
>> >    libsystemd0 (215-17+deb8u11 => 215-17+deb8u12)
>> >    libudev1 (215-17+deb8u11 => 215-17+deb8u12)
>> >    systemd (215-17+deb8u11 => 215-17+deb8u12)
>> >    systemd-sysv (215-17+deb8u11 => 215-17+deb8u12)
>> >    udev (215-17+deb8u11 => 215-17+deb8u12)
>> > 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
>> > ...
>> > root at watt:~# reboot
>> >
>> > root at watt:~# journalctl -u postgresql at 9.4-main.service
>> >
>> > The logs show that user postgres has no permission to write
>> > /var/run/postgresql (Sorry German)
>> >
>> > postgresql at 9.4-main[509]: 2019-04-25 05:47:47 UTC FATAL:  konnte
>> > Sperrdatei »/var/run/postgresql/.s.PGSQL.5432.lock« nicht erstellen:
>> > Keine Berechtigung
>> >
>> > which means "Could not write lock-file ... : no permission"
>> >
>> > Locally, this helped...
>> >
>> >
>> > root# chown postgres:root /var/run/postgresql/
>> > root# systemctl restart postgresql at 9.4-main.service
>> >
>> > ...but on the next reboot we have the same issue.
>> >
>> > Here the output of lsblk:
>> >
>> > root~# lsblk -f
>> > NAME             FSTYPE      LABEL UUID
>> >    MOUNTPOINT
>> > fd0
>> > sr0
>> > vda
>> > ├─vda1           ext4
>> > 75520488-1b4e-42f9-98da-4932a1610d3b   /boot
>> > └─vda2           LVM2_member       j4b51P-s5ww-LccR-o4BW-KEKX-g4og-qptI9E
>> >   ├─vg_watt-root ext4               
>> 99a7d505-8319-40b8-8923-b423e253a1b7   /
>> >   ├─vg_watt-var  ext4
>> > a2a15c5e-c5d8-4d90-987e-0d1b058b1cab   /var
>> >   ├─vg_watt-tmp  ext4
>> > 2d3335be-c3ef-45a6-bc48-830ac4ca6409   /tmp
>> >   └─vg_watt-swap swap
>> > 215bf415-b483-4a0e-8703-95b93d2e3b8e   [SWAP]
>> >
>> > I had a quick look into the diff:
>> >
>> > diff -uprN systemd-215.old/debian/changelog systemd-215/debian/changelog
>> > --- systemd-215.old/debian/changelog    2019-03-13  
>> 11:52:10.000000000 +0100
>> > +++ systemd-215/debian/changelog        2019-04-23  
>> 10:55:22.000000000 +0200
>> > @@ -1,3 +1,12 @@
>> > +systemd (215-17+deb8u12) jessie-security; urgency=medium
>> > +
>> > +  * Non-maintainer upload by the LTS team.
>> > +  * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are
>> > +    hardlinked, unless protected_hardlinks sysctl is on.
>> > +  * CVE-2019-3842: pam-systemd: use secure_getenv() rather than getenv().
>> > +
>> > + -- Mike Gabriel <sunweaver at debian.org>  Tue, 23 Apr 2019 10:55:22 +0200
>> > +
>> >  systemd (215-17+deb8u11) jessie-security; urgency=high
>> >
>> >    * Non-maintainer upload by the LTS team.
>> >
>> > And we have on our systems set:
>> >
>> > root at watt:~# sysctl -n fs.protected_hardlinks
>> > 1
>> >
>> > Do you need further informations?
>> >
>> > Is this a known issue?
>> > If not, shall I open a bug-report?
>> >
>> > Parallelly, I have informed our PotsgreSQL team and will contact
>> > Christoph Berg here inhouse at credativ.
>> >
>> > Thanks.
>> >
>> > Regards,
>> > - Sedat -
>>
>> I will look into this around lunch time. Thanks for reporting this
>> issue so immediately.

First good news: I can reproduce your issue. ... Investigating things  
more closely now.

Mike
-- 

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver at debian.org, http://sunweavers.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190425/205c9367/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list