Cannot create Unix sockets: Permission Denied on Proxmox 9/Debian 13 Trixie

[galenguyer]

Running with --security-opt apparmor=unconfined or disabling apparmor in GRUB mitigates the issue.

Setting unix_socket_directories to /tmp did not help. The same issue is observed with the 16-alpine and 18-trixie images.

Command Line output

root@butler:~# docker run --rm -it -e POSTGRES_PASSWORD=[REDACTED] postgres:16-trixie
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    pg_ctl -D /var/lib/postgresql/data -l logfile start

waiting for server to start....2025-10-17 17:14:35.791 UTC [48] LOG:  starting PostgreSQL 16.10 (Debian 16.10-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
2025-10-17 17:14:35.791 UTC [48] LOG:  could not create Unix socket for address "/var/run/postgresql/.s.PGSQL.5432": Permission denied
2025-10-17 17:14:35.791 UTC [48] WARNING:  could not create Unix-domain socket in directory "/var/run/postgresql"
2025-10-17 17:14:35.792 UTC [48] FATAL:  could not create any Unix-domain sockets
2025-10-17 17:14:35.793 UTC [48] LOG:  database system is shut down
 stopped waiting
pg_ctl: could not start server
Examine the log output.

[tianon]

Unfortunately, this is definitely something environmental -- I'm not able to reproduce:

$ docker run --rm -it -e POSTGRES_PASSWORD='[REDACTED]' --pull=always --name postgres postgres:16-trixie
16-trixie: Pulling from library/postgres
Digest: sha256:fb9aa6d07b0fe53e94e8470977f316d1cdb39b8cdb33c45279ff0bbe32067c25
Status: Image is up to date for postgres:16-trixie
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    pg_ctl -D /var/lib/postgresql/data -l logfile start

waiting for server to start....2025-10-17 21:26:05.703 UTC [48] LOG:  starting PostgreSQL 16.10 (Debian 16.10-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
2025-10-17 21:26:05.705 UTC [48] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2025-10-17 21:26:05.712 UTC [51] LOG:  database system was shut down at 2025-10-17 21:26:05 UTC
2025-10-17 21:26:05.716 UTC [48] LOG:  database system is ready to accept connections
 done
server started

/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*

waiting for server to shut down....2025-10-17 21:26:05.854 UTC [48] LOG:  received fast shutdown request
2025-10-17 21:26:05.860 UTC [48] LOG:  aborting any active transactions
2025-10-17 21:26:05.862 UTC [48] LOG:  background worker "logical replication launcher" (PID 54) exited with exit code 1
2025-10-17 21:26:05.862 UTC [49] LOG:  shutting down
2025-10-17 21:26:05.863 UTC [49] LOG:  checkpoint starting: shutdown immediate
2025-10-17 21:26:05.874 UTC [49] LOG:  checkpoint complete: wrote 3 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.004 s, sync=0.002 s, total=0.013 s; sync files=2, longest=0.001 s, average=0.001 s; distance=0 kB, estimate=0 kB; lsn=0/14F2AD8, redo lsn=0/14F2AD8
2025-10-17 21:26:05.877 UTC [48] LOG:  database system is shut down
 done
server stopped

PostgreSQL init process complete; ready for start up.

2025-10-17 21:26:05.976 UTC [1] LOG:  starting PostgreSQL 16.10 (Debian 16.10-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
2025-10-17 21:26:05.976 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2025-10-17 21:26:05.976 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2025-10-17 21:26:05.980 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2025-10-17 21:26:05.984 UTC [62] LOG:  database system was shut down at 2025-10-17 21:26:05 UTC
2025-10-17 21:26:05.988 UTC [1] LOG:  database system is ready to accept connections

(I'm on a Debian Trixie amd64 system, fwiw)