View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000212 | AlmaLinux-8 | systemd | public | 2022-04-10 09:13 | 2022-04-11 13:52 |
| Reporter | vk | Assigned To | |||
| Priority | low | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Summary | 0000212: systemd permission denied due to assigned context | ||||
| Description | Tried to create a service that executes a binary. The binary was downloaded to /tmp/mybinary/mybinary then moved to /usr/bin/mybinary and its permissions were changed to: -rwxr-xr-x. 1 mybinary_user mybinary_user 14049280 Apr 2 02:43 /usr/bin/mybinary The I created a unit file to execute the "mybinary" by User=mybinary_user Group=mybinary_user Systemctl was failing with permission denied journalctl snippet: systemd[1]: Starting MyBinary... systemd[1745]: mybinary.service: Failed to execute command: Permission denied systemd[1745]: mybinary.service: Failed at step EXEC spawning /usr/bin/mybinary.: Permission denied systemd[1]: mybinary.service: Control process exited, code=exited status=203 systemd[1]: mybinary.service: Failed with result 'exit-code'. systemd[1]: Failed to start MyBinary. But the mybinary_user and root were both able to run the binary. After a lot of digging around I found out that my issue was similar to this one bug: https://bugzilla.redhat.com/show_bug.cgi?id=1177202 I checked my binary had this context output # ls -Z /usr/bin/mybinary unconfined_u:object_r:user_tmp_t:s0 /usr/bin/mybinary so I "chcon" the type to from "user_tmp_t" to "bin_t" (same as most of the /usr/bin/* files) Systemd then was able to run the binary. I am new to linux so I am not sure if this is expected but I thought I should let you know. | ||||
| Tags | No tags attached. | ||||
| abrt_hash | |||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-04-10 09:13 | vk | New Issue |
