On Thu, Apr 25, 2019 at 9:51 AM Mike Gabriel <sunwea...@debian.org> wrote: > > Hi Sedat, > (Cc:-ing debian-lts mailing list) > > On Do 25 Apr 2019 09:07:40 CEST, Sedat Dilek wrote: > > > Hi, > > > > we have upgraded systemd on some of our Debian/jessie systems: > > (215-17+deb8u11 => 215-17+deb8u12) > > > > root# apt-get update && apt-get dist-upgrade -V && apt-get autoremove > > --purge > > ... > > The following packages will be upgraded: > > libsystemd0 (215-17+deb8u11 => 215-17+deb8u12) > > libudev1 (215-17+deb8u11 => 215-17+deb8u12) > > systemd (215-17+deb8u11 => 215-17+deb8u12) > > systemd-sysv (215-17+deb8u11 => 215-17+deb8u12) > > udev (215-17+deb8u11 => 215-17+deb8u12) > > 5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > > ... > > root@watt:~# reboot > > > > root@watt:~# journalctl -u postgresql@9.4-main.service > > > > The logs show that user postgres has no permission to write > > /var/run/postgresql (Sorry German) > > > > postgresql@9.4-main[509]: 2019-04-25 05:47:47 UTC FATAL: konnte > > Sperrdatei »/var/run/postgresql/.s.PGSQL.5432.lock« nicht erstellen: > > Keine Berechtigung > > > > which means "Could not write lock-file ... : no permission" > > > > Locally, this helped... > > > > > > root# chown postgres:root /var/run/postgresql/ > > root# systemctl restart postgresql@9.4-main.service > > > > ...but on the next reboot we have the same issue. > > > > Here the output of lsblk: > > > > root~# lsblk -f > > NAME FSTYPE LABEL UUID > > MOUNTPOINT > > fd0 > > sr0 > > vda > > ├─vda1 ext4 > > 75520488-1b4e-42f9-98da-4932a1610d3b /boot > > └─vda2 LVM2_member j4b51P-s5ww-LccR-o4BW-KEKX-g4og-qptI9E > > ├─vg_watt-root ext4 99a7d505-8319-40b8-8923-b423e253a1b7 / > > ├─vg_watt-var ext4 > > a2a15c5e-c5d8-4d90-987e-0d1b058b1cab /var > > ├─vg_watt-tmp ext4 > > 2d3335be-c3ef-45a6-bc48-830ac4ca6409 /tmp > > └─vg_watt-swap swap > > 215bf415-b483-4a0e-8703-95b93d2e3b8e [SWAP] > > > > I had a quick look into the diff: > > > > diff -uprN systemd-215.old/debian/changelog systemd-215/debian/changelog > > --- systemd-215.old/debian/changelog 2019-03-13 11:52:10.000000000 +0100 > > +++ systemd-215/debian/changelog 2019-04-23 10:55:22.000000000 +0200 > > @@ -1,3 +1,12 @@ > > +systemd (215-17+deb8u12) jessie-security; urgency=medium > > + > > + * Non-maintainer upload by the LTS team. > > + * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are > > + hardlinked, unless protected_hardlinks sysctl is on. > > + * CVE-2019-3842: pam-systemd: use secure_getenv() rather than getenv(). > > + > > + -- Mike Gabriel <sunwea...@debian.org> Tue, 23 Apr 2019 10:55:22 +0200 > > + > > systemd (215-17+deb8u11) jessie-security; urgency=high > > > > * Non-maintainer upload by the LTS team. > > > > And we have on our systems set: > > > > root@watt:~# sysctl -n fs.protected_hardlinks > > 1 > > > > Do you need further informations? > > > > Is this a known issue? > > If not, shall I open a bug-report? > > > > Parallelly, I have informed our PotsgreSQL team and will contact > > Christoph Berg here inhouse at credativ. > > > > Thanks. > > > > Regards, > > - Sedat - > > I will look into this around lunch time. Thanks for reporting this > issue so immediately. >
Cool. One minute before your reply I got a fortune cookie with the following text: "You will soon be receiving some good written news" Messages from fortune cookies never lie! Thanks Mike. - Sedat - > Mike > -- > > mike gabriel aka sunweaver (Debian Developer) > mobile: +49 (1520) 1976 148 > landline: +49 (4354) 8390 139 > > GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 > mail: sunwea...@debian.org, http://sunweavers.net >