Insert excerpt
Why do startup scripts need access to GuardPoints?
When Linux starts a service, Linux also runs a startup script. The startup script runs when the machine powers on or when a service manually starts. The startup script typically runs tasks that relate to the starting, stopping, and restarting of a service.
For database services, the startup script typically runs tasks that occur in folders that hold database files. With encrypted database files, you must allow the startup script to access the database folders. If not, the database will not start properly, and in some cases, interfere with the power on process for the machine.
Common GuardPoints
The system needs to access the commonly guarded (encrypted) folders inside of /var/lib/pgsql.
Access to GuardPoints
The resource is relative to the GuardPoint. In other words, if the GuardPoint is /var/lib/pgsql, and you want to allow access to a particular file in that directory, you would only need to specify that specific file in your resource parameter.
...
The resources that the pgsql startup script will need access are:
/pg_log
/PG_VERSION
/base
/postmaster.pid
The following image shows the files that should be included in the Resource Set, specifically for Postgres:
...