| From: | Don Seiler <don(at)seiler(dot)us> |
|---|---|
| To: | pgsql-pkg-debian(at)postgresql(dot)org |
| Subject: | Errors installing/updating postgresql when /tmp has noexec |
| Date: | 2025-04-08 17:21:05 |
| Message-ID: | CAHJZqBAf3us8t3AwbjqfXvCYz-BZztYy0CLR5-00sfPD904z5A@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
After some recent system hardening, I'm now getting these errors when
running apt to update our PGDG postgresql packages. In this case we are
running postgresql-15 on Ubuntu 22.04 LTS.
Preconfiguring packages ...
Can't exec "/tmp/postgresql-15.config.rOsJHJ": Permission denied at
/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178. open2: exec of
/tmp/postgresql-15.config.rOsJHJ configure 15.8-1.pgdg22.04+1 failed:
Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.
This doesn't cause the install the fail though, and postgresql gets updated
to 15.12 and starts up just fine. It's not clear to me if there is now some
danger/flaw in my installation or if this is something that can be ignored.
It doesn't appear that I can just set an environment variable like TMP,
TEMP, TEMPDIR etc to change this. I see that it can be changed via an apt
config change[1].
However, I'm wondering if this is something that's better changed in the
packaging. Setting noexec on /tmp (and /var) is a standard CIS/DISA
security requirement now.
1.
https://askubuntu.com/questions/1452390/install-packages-on-systems-with-secured-tmp-and-var-noexec
--
Don Seiler
www.seiler.us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Don Seiler | 2025-04-08 17:39:42 | Re: Errors installing/updating postgresql when /tmp has noexec |
| Previous Message | apt.postgresql.org Repository Update | 2025-04-07 13:24:27 | pglast updated to version 7.7-1.pgdg+1 |