Failed at step EXEC spawning... Permission denied

linux permissions fedora systemd exec

66,975

SELinux prevents you from running a system service where the binary is in a user's home directory, or in your case, the root user's home directory.

To fix the problem, copy the binary to a proper directory such as /usr/local/bin and call it from there.

66,975

Stone Monarch

Updated on September 18, 2022

Comments

Stone Monarch over 1 year
I have read alot about this but still not sure why this is not working. as far as I know all dirs have the right permission and even with everything being 777 I still get permission denied when trying to run this program as a service. the program I am trying to run as a servoce is called xTeVe. I have tried runing it under all differient dirs, users, and nothing seems to work.

Heres the Unit file:
```
[Unit]
Description=XTeVe For Plex
After=network.target network-online.target

[Service]
ExecStart=/root/IPTV/xteve
user=root
Restart=on-failure
RestartSec=5
StartLimitInterval=60s
StartLimitBurst=3

[Install]
WantedBy=multi-user.target
```
I do know that this shouldnt be run as root but that was just the last user I tried

And when i try to start the service i get this:
```
14:20 xteve.service: Failed with result 'exit-code'.
14:02 xteve.service: Main process exited, code=exited, status=203/EXEC
14:02 xteve.service: Failed at step EXEC spawning /root/IPTV/xteve: Permission denied
14:02 xteve.service: Failed to execute command: Permission denied
14:02 Started XTeVe For Plex.
```
And this is the file permissions:
```
[root@skynet IPTV]# ls -la
total 12084
drwxr-xr-x. 2 root root       19 Mar  6 13:58 .
dr-xr-x---. 5 root root      175 Mar  6 13:58 ..
-rwxr-xr-x. 1 root root 12370316 Mar  6 13:58 xteve
```
Result of file:
```
[root@skynet IPTV]# file xteve
xteve: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=lt4S9w02Ylf_MXsFeRkj/jdmwTx5YSsQSDaa6tfuz/vCzfZlCyl5qUEBD7IuD0/AEI-OmWm1iNuziWA7R0P, with debug_info, not stripped
```
Output of cat audit.log | grep xteve:
```
type=AVC msg=audit(1551898814.098:1342): avc:  denied  { execute } for pid=11002 comm="(xteve)" name="xteve" dev="dm-0" ino=30958 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0
type=SERVICE_STOP msg=audit(1551898814.100:1343): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xteve comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1551898814.420:1344): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xteve comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1551898814.420:1345): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xteve comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_START msg=audit(1551898966.689:1385): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xteve comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?res=success'UID="root" AUID="unset"    
```
Things I have tried but didnt work:

systemd Failed at step EXEC spawning script: Permission denied

systemd custom service: Failed at step EXEC spawning … Permission denied

“Failed at step EXEC spawning” even with proper group permissions
- Michael Hampton about 5 years
  
  Check the audit log.
- Dom about 5 years
  
  Could you add the result of "file xteve" ?
- Stone Monarch about 5 years
  
  @Dom when you mean resualt of file xteve, you mean if i run it manually with the command line?
- Stone Monarch about 5 years
  
  @MichaelHampton Where would i find that?
- Dom about 5 years
  
  @Stone Monarch : Yes, open a terminal, and run "file xteve". Type enter. The result must be copy/paste here
- Stone Monarch about 5 years
  
  @Dom Added it to the original question too [root@skynet IPTV]# file xteve xteve: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=lt4S9w02Ylf_MXsFeRkj/jdmwTx5YSsQSDaa6tfuz/vCzfZlCyl5‌qUEBD7IuD0/AEI-OmWm1‌iNuziWA7R0P, with debug_info, not stripped
- Michael Hampton about 5 years
  
  It's in /var/log/audit/audit.log. You will get new entries each time you try to start the service. Please try to start the service again and then copy and paste the newly added entries.
- Dom about 5 years
  
  And your Linux is a 64 bits or a 32 bits ? execute "uname -m"
- Stone Monarch about 5 years
  
  @MichaelHampton audit log now in question
- Stone Monarch about 5 years
  
  @Dom 64bit x86_64
- Stone Monarch about 5 years
  
  @Dom Thank you very much for your help Michael Hampton has resolved the issue. But much appreciated for your efforts
Stone Monarch about 5 years

Thank you very much, this worked. My friend and I have been loosing our minds for a week over this
skierpage almost 5 years

Note if you move service files from a home directory to a "proper directory", their SELinux context remains "home". You can reset this by running sudo restorecon -rv /path/to/moved/directory