On 7/31/20 4:40 PM, Bee.Lists wrote:> However the service isn?t starting because the ownership of the parent
directory, pgbouncer:pgbouncer results in some permissions issues:
>
> 2020-07-31 04:58:34.089 EDT [3682] FATAL could not open pidfile
'/var/run/pgbouncer/pgbouncer.pid': Permission denied
I don't see a reason the DAC permissions would cause that.? Have you
checked /var/log/audit/audit.log for AVC denials during service startup?
> /var/run/ has special flushing behaviour which I want to retain
What does that mean?
> Changing ownership on this directory just results in an automatic ownership
set by the service, so that?s not an option.
Why would changing ownership help?? Are you running pgbouncer as a user
other than the owner of the run directory, "pgbouncer"?
If so, ownership and permission of the run directories are typically set
in a file in tmpfiles.d and managed by "systemd-tmpfiles".? In this
case, the /usr/lib/tmpfiles.d/pgbouncer.conf file.
> - Is there another location that can achieve this?
You might need SELinux labels, but you can put PID files where ever you
want them.? But my advice would be to keep them in /var/run (/run,
technically, the former is a symlink).