systemd/jessie: Problems with postgresql-9.4 after upgrade (215-17+deb8u11 => 215-17+deb8u12)
Mike Gabriel
sunweaver at debian.org
Thu Apr 25 12:47:18 BST 2019
HI Sedat,
On Do 25 Apr 2019 09:07:40 CEST, Sedat Dilek wrote:
> Hi,
>
> we have upgraded systemd on some of our Debian/jessie systems:
> (215-17+deb8u11 => 215-17+deb8u12)
>
> root# apt-get update && apt-get dist-upgrade -V && apt-get autoremove --purge
> ...
> The following packages will be upgraded:
> libsystemd0 (215-17+deb8u11 => 215-17+deb8u12)
> libudev1 (215-17+deb8u11 => 215-17+deb8u12)
> systemd (215-17+deb8u11 => 215-17+deb8u12)
> systemd-sysv (215-17+deb8u11 => 215-17+deb8u12)
> udev (215-17+deb8u11 => 215-17+deb8u12)
> 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> ...
> root at watt:~# reboot
>
> root at watt:~# journalctl -u postgresql at 9.4-main.service
>
> The logs show that user postgres has no permission to write
> /var/run/postgresql (Sorry German)
>
> postgresql at 9.4-main[509]: 2019-04-25 05:47:47 UTC FATAL: konnte
> Sperrdatei »/var/run/postgresql/.s.PGSQL.5432.lock« nicht erstellen:
> Keine Berechtigung
>
> which means "Could not write lock-file ... : no permission"
>
> Locally, this helped...
>
>
> root# chown postgres:root /var/run/postgresql/
> root# systemctl restart postgresql at 9.4-main.service
>
> ...but on the next reboot we have the same issue.
>
> Here the output of lsblk:
>
> root~# lsblk -f
> NAME FSTYPE LABEL UUID
> MOUNTPOINT
> fd0
> sr0
> vda
> ├─vda1 ext4
> 75520488-1b4e-42f9-98da-4932a1610d3b /boot
> └─vda2 LVM2_member j4b51P-s5ww-LccR-o4BW-KEKX-g4og-qptI9E
> ├─vg_watt-root ext4 99a7d505-8319-40b8-8923-b423e253a1b7 /
> ├─vg_watt-var ext4
> a2a15c5e-c5d8-4d90-987e-0d1b058b1cab /var
> ├─vg_watt-tmp ext4
> 2d3335be-c3ef-45a6-bc48-830ac4ca6409 /tmp
> └─vg_watt-swap swap
> 215bf415-b483-4a0e-8703-95b93d2e3b8e [SWAP]
>
> I had a quick look into the diff:
>
> diff -uprN systemd-215.old/debian/changelog systemd-215/debian/changelog
> --- systemd-215.old/debian/changelog 2019-03-13 11:52:10.000000000 +0100
> +++ systemd-215/debian/changelog 2019-04-23 10:55:22.000000000 +0200
> @@ -1,3 +1,12 @@
> +systemd (215-17+deb8u12) jessie-security; urgency=medium
> +
> + * Non-maintainer upload by the LTS team.
> + * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are
> + hardlinked, unless protected_hardlinks sysctl is on.
> + * CVE-2019-3842: pam-systemd: use secure_getenv() rather than getenv().
> +
> + -- Mike Gabriel <sunweaver at debian.org> Tue, 23 Apr 2019 10:55:22 +0200
> +
> systemd (215-17+deb8u11) jessie-security; urgency=high
>
> * Non-maintainer upload by the LTS team.
>
> And we have on our systems set:
>
> root at watt:~# sysctl -n fs.protected_hardlinks
> 1
>
> Do you need further informations?
>
> Is this a known issue?
> If not, shall I open a bug-report?
>
> Parallelly, I have informed our PotsgreSQL team and will contact
> Christoph Berg here inhouse at credativ.
>
> Thanks.
>
> Regards,
> - Sedat -
The issue should have been fixed in +deb8u13 which I some minutes ago
uploaded to jessie-security.
Please test and report back if the observed issue is gone.
Mike
--
mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: sunweaver at debian.org, http://sunweavers.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190425/c3de477b/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list