systemd/jessie: Problems with postgresql-9.4 after upgrade (215-17+deb8u11 => 215-17+deb8u12)

Sedat Dilek sedat.dilek at gmail.com
Thu Apr 25 12:53:31 BST 2019 

On Thu, Apr 25, 2019 at 1:47 PM Mike Gabriel <sunweaver at debian.org> wrote:
>
> HI Sedat,
>
> On  Do 25 Apr 2019 09:07:40 CEST, Sedat Dilek wrote:
>
> > Hi,
> >
> > we have upgraded systemd on some of our Debian/jessie systems:
> > (215-17+deb8u11 => 215-17+deb8u12)
> >
> > root# apt-get update && apt-get dist-upgrade -V && apt-get autoremove --purge
> > ...
> > The following packages will be upgraded:
> >    libsystemd0 (215-17+deb8u11 => 215-17+deb8u12)
> >    libudev1 (215-17+deb8u11 => 215-17+deb8u12)
> >    systemd (215-17+deb8u11 => 215-17+deb8u12)
> >    systemd-sysv (215-17+deb8u11 => 215-17+deb8u12)
> >    udev (215-17+deb8u11 => 215-17+deb8u12)
> > 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> > ...
> > root at watt:~# reboot
> >
> > root at watt:~# journalctl -u postgresql at 9.4-main.service
> >
> > The logs show that user postgres has no permission to write
> > /var/run/postgresql (Sorry German)
> >
> > postgresql at 9.4-main[509]: 2019-04-25 05:47:47 UTC FATAL:  konnte
> > Sperrdatei »/var/run/postgresql/.s.PGSQL.5432.lock« nicht erstellen:
> > Keine Berechtigung
> >
> > which means "Could not write lock-file ... : no permission"
> >
> > Locally, this helped...
> >
> >
> > root# chown postgres:root /var/run/postgresql/
> > root# systemctl restart postgresql at 9.4-main.service
> >
> > ...but on the next reboot we have the same issue.
> >
> > Here the output of lsblk:
> >
> > root~# lsblk -f
> > NAME             FSTYPE      LABEL UUID
> >    MOUNTPOINT
> > fd0
> > sr0
> > vda
> > ├─vda1           ext4
> > 75520488-1b4e-42f9-98da-4932a1610d3b   /boot
> > └─vda2           LVM2_member       j4b51P-s5ww-LccR-o4BW-KEKX-g4og-qptI9E
> >   ├─vg_watt-root ext4              99a7d505-8319-40b8-8923-b423e253a1b7   /
> >   ├─vg_watt-var  ext4
> > a2a15c5e-c5d8-4d90-987e-0d1b058b1cab   /var
> >   ├─vg_watt-tmp  ext4
> > 2d3335be-c3ef-45a6-bc48-830ac4ca6409   /tmp
> >   └─vg_watt-swap swap
> > 215bf415-b483-4a0e-8703-95b93d2e3b8e   [SWAP]
> >
> > I had a quick look into the diff:
> >
> > diff -uprN systemd-215.old/debian/changelog systemd-215/debian/changelog
> > --- systemd-215.old/debian/changelog    2019-03-13 11:52:10.000000000 +0100
> > +++ systemd-215/debian/changelog        2019-04-23 10:55:22.000000000 +0200
> > @@ -1,3 +1,12 @@
> > +systemd (215-17+deb8u12) jessie-security; urgency=medium
> > +
> > +  * Non-maintainer upload by the LTS team.
> > +  * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are
> > +    hardlinked, unless protected_hardlinks sysctl is on.
> > +  * CVE-2019-3842: pam-systemd: use secure_getenv() rather than getenv().
> > +
> > + -- Mike Gabriel <sunweaver at debian.org>  Tue, 23 Apr 2019 10:55:22 +0200
> > +
> >  systemd (215-17+deb8u11) jessie-security; urgency=high
> >
> >    * Non-maintainer upload by the LTS team.
> >
> > And we have on our systems set:
> >
> > root at watt:~# sysctl -n fs.protected_hardlinks
> > 1
> >
> > Do you need further informations?
> >
> > Is this a known issue?
> > If not, shall I open a bug-report?
> >
> > Parallelly, I have informed our PotsgreSQL team and will contact
> > Christoph Berg here inhouse at credativ.
> >
> > Thanks.
> >
> > Regards,
> > - Sedat -
>
> The issue should have been fixed in +deb8u13 which I some minutes ago
> uploaded to jessie-security.
>
> Please test and report back if the observed issue is gone.
>

[ CC Florian (Bug#927953: systemd: user and group files ignored in
tmpfiles.d files) ]

Thanks Mike for all your efforts and the fast fix.

"13" is a good number for testing.

- Sedat -

P.S.: BTW, normally I check/browse patches on <sources.d.o.>
"offline", but there are no recent systemd/jessie packages.

More information about the Pkg-systemd-maintainers mailing list