View Issue Details

IDProjectCategoryView StatusLast Update
0000212AlmaLinux-8systemdpublic2022-04-11 13:52
Reportervk Assigned To 
PrioritylowSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0000212: systemd permission denied due to assigned context
DescriptionTried to create a service that executes a binary. The binary was downloaded to /tmp/mybinary/mybinary then moved to /usr/bin/mybinary and its permissions were changed to:

-rwxr-xr-x. 1 mybinary_user mybinary_user 14049280 Apr 2 02:43 /usr/bin/mybinary

The I created a unit file to execute the "mybinary" by User=mybinary_user Group=mybinary_user

Systemctl was failing with permission denied

journalctl snippet:

systemd[1]: Starting MyBinary...
systemd[1745]: mybinary.service: Failed to execute command: Permission denied
systemd[1745]: mybinary.service: Failed at step EXEC spawning /usr/bin/mybinary.: Permission denied
systemd[1]: mybinary.service: Control process exited, code=exited status=203
systemd[1]: mybinary.service: Failed with result 'exit-code'.
systemd[1]: Failed to start MyBinary.

But the mybinary_user and root were both able to run the binary.

After a lot of digging around I found out that my issue was similar to this one bug:

I checked my binary had this context output
# ls -Z /usr/bin/mybinary
unconfined_u:object_r:user_tmp_t:s0 /usr/bin/mybinary

so I "chcon" the type to from "user_tmp_t" to "bin_t" (same as most of the /usr/bin/* files)

Systemd then was able to run the binary.

I am new to linux so I am not sure if this is expected but I thought I should let you know.
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2022-04-10 09:13 vk New Issue