[DerJudge]

Hi everyone,

I'm running ArchLinux on armv7h hardware and have installed postgresql-9.5.1-2 .

Following Installing_PostgreSQL, I setup my DB like this:

$this->bbcode_second_pass_code('', '[root@0b42682d575648488048566616516654 ~]# su - postgres
[postgres@0b42682d575648488048566616516654 ~]$ initdb --locale de_DE.UTF-8 -E UTF8 -D '/var/lib/postgres/data'
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "de_DE.UTF-8".
The default text search configuration will be set to "german".

Data page checksums are disabled.

creating directory /var/lib/postgres/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
creating template1 database in /var/lib/postgres/data/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating collations ... ok
creating conversions ... ok
creating dictionaries ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
loading PL/pgSQL server-side language ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
copying template1 to postgres ... ok
syncing data to disk ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

pg_ctl -D /var/lib/postgres/data -l logfile start

[postgres@0b42682d575648488048566616516654 ~]$')

When I try to start Postgres using "systemctl start postgresql" as root afterwards, this is what happens:

$this->bbcode_second_pass_code('', '[root@0b42682d575648488048566616516654 postfix]# systemctl start postgresql
Job for postgresql.service failed because the control process exited with error code. See "systemctl status postgresql.service" and "journalctl -xe" for details.
[root@0b42682d575648488048566616516654 postfix]# systemctl status postgresql.service
* postgresql.service - PostgreSQL database server
Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2016-03-08 11:40:01 UTC; 55s ago
Process: 517 ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data (code=exited, status=227/NO_NEW_PRIVILEGES)

Mar 08 11:40:01 0b42682d575648488048566616516654 systemd[1]: Starting PostgreSQL database server...
Mar 08 11:40:01 0b42682d575648488048566616516654 systemd[517]: postgresql.service: Failed at step NO_NEW_PRIVILEGES spawning /usr/bin/postgresql-check-db-dir: Invalid argument
Mar 08 11:40:01 0b42682d575648488048566616516654 systemd[1]: postgresql.service: Control process exited, code=exited status=227
Mar 08 11:40:01 0b42682d575648488048566616516654 systemd[1]: Failed to start PostgreSQL database server.
Mar 08 11:40:01 0b42682d575648488048566616516654 systemd[1]: postgresql.service: Unit entered failed state.
Mar 08 11:40:01 0b42682d575648488048566616516654 systemd[1]: postgresql.service: Failed with result 'exit-code'.
[root@0b42682d575648488048566616516654 postfix]#')

This is my service file (unchanged):

$this->bbcode_second_pass_code('', '[Unit]
Description=PostgreSQL database server
After=network.target

[Service]
Type=forking
TimeoutSec=120
User=postgres
Group=postgres

Environment=PGROOT=/var/lib/postgres

SyslogIdentifier=postgres
PIDFile=/var/lib/postgres/data/postmaster.pid
RuntimeDirectory=postgresql
RuntimeDirectoryMode=755

ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data
ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120
ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT}/data reload
ExecStop= /usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast

# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
# killing Postgres, so adjust it downward
OOMScoreAdjust=-200

# Additional security-related features
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target')

When I try to start Postgresql as User postgres manually using pg_ctl, it first complains about it cannot create its lockfile at "/run/postgresql/...."; but after creating "/run/postgresql" and giving postgresql proper permissions, it works well:

$this->bbcode_second_pass_code('', '[postgres@0b42682d575648488048566616516654 ~]$ /usr/bin/pg_ctl -s -D /var/lib/postgres/data start -w -t 120
LOG: konnte IPv6-Socket nicht erstellen: Die Adressfamilie wird von der Protokollfamilie nicht unterst?tzt
FATAL: konnte Sperrdatei ,,/run/postgresql/.s.PGSQL.5432.lock" nicht erstellen: Datei oder Verzeichnis nicht gefunden
pg_ctl: could not start server
Examine the log output.
...
[root@0b42682d575648488048566616516654 postfix]# mkdir /run/postgresql ; chown postgres:postgres /run/postgresql
...
[postgres@0b42682d575648488048566616516654 ~]$ /usr/bin/pg_ctl -s -D /var/lib/postgres/data start -w -t 120
LOG: konnte IPv6-Socket nicht erstellen: Die Adressfamilie wird von der Protokollfamilie nicht unterst?tzt
LOG: Datenbanksystem wurde am 2016-03-08 11:39:28 UTC heruntergefahren
FATAL: das Datenbanksystem startet
LOG: MultiXact-Member-Wraparound-Schutz ist jetzt aktiviert
LOG: Datenbanksystem ist bereit, um Verbindungen anzunehmen
LOG: Autovacuum-Launcher startet
[postgres@0b42682d575648488048566616516654 ~]$ ps wwaux | grep postgres
root 468 0.0 0.1 5184 1320 pts/2 S 11:38 0:00 su - postgres
postgres 469 0.0 0.2 3956 2252 pts/2 S 11:38 0:00 -bash
postgres 569 1.3 1.3 159444 12508 pts/2 S 11:46 0:00 /usr/bin/postgres -D /var/lib/postgres/data
postgres 578 0.0 0.1 159444 1384 ? Ss 11:46 0:00 postgres: checkpointer process
postgres 579 0.0 0.1 159444 1460 ? Ss 11:46 0:00 postgres: writer process
postgres 580 0.0 0.1 159444 1396 ? Ss 11:46 0:00 postgres: wal writer process
postgres 581 0.0 0.2 159716 2200 ? Ss 11:46 0:00 postgres: autovacuum launcher process
postgres 582 0.0 0.1 16760 1400 ? Ss 11:46 0:00 postgres: stats collector process
postgres 584 0.0 0.1 5544 1264 pts/2 R+ 11:47 0:00 ps wwaux
postgres 585 0.0 0.0 2632 744 pts/2 S+ 11:47 0:00 grep postgres
[postgres@0b42682d575648488048566616516654 ~]$
')

(Re-)starting it using systemd's unit after the rundir was created still leads to the same error.
Can somebody help me understand what's wrong with the unit file / my setup? I'd like to make use of the package maintainer's defaults instead of scripting something on my own.

If I comment out "NoNewPrivileges=true" from the unit file, it works. But this seems to be in there of a good reason ... so am I doing something wrong here?