Failed at step EXEC spawning... Permission denied
SELinux prevents you from running a system service where the binary is in a user's home directory, or in your case, the root user's home directory.
To fix the problem, copy the binary to a proper directory such as /usr/local/bin
and call it from there.
Related videos on Youtube
Stone Monarch
Updated on September 18, 2022Comments
-
Stone Monarch over 1 year
I have read alot about this but still not sure why this is not working. as far as I know all dirs have the right permission and even with everything being 777 I still get permission denied when trying to run this program as a service. the program I am trying to run as a servoce is called xTeVe. I have tried runing it under all differient dirs, users, and nothing seems to work.
Heres the Unit file:
[Unit] Description=XTeVe For Plex After=network.target network-online.target [Service] ExecStart=/root/IPTV/xteve user=root Restart=on-failure RestartSec=5 StartLimitInterval=60s StartLimitBurst=3 [Install] WantedBy=multi-user.target
I do know that this shouldnt be run as root but that was just the last user I tried
And when i try to start the service i get this:
14:20 xteve.service: Failed with result 'exit-code'. 14:02 xteve.service: Main process exited, code=exited, status=203/EXEC 14:02 xteve.service: Failed at step EXEC spawning /root/IPTV/xteve: Permission denied 14:02 xteve.service: Failed to execute command: Permission denied 14:02 Started XTeVe For Plex.
And this is the file permissions:
[root@skynet IPTV]# ls -la total 12084 drwxr-xr-x. 2 root root 19 Mar 6 13:58 . dr-xr-x---. 5 root root 175 Mar 6 13:58 .. -rwxr-xr-x. 1 root root 12370316 Mar 6 13:58 xteve
Result of
file
:[root@skynet IPTV]# file xteve xteve: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=lt4S9w02Ylf_MXsFeRkj/jdmwTx5YSsQSDaa6tfuz/vCzfZlCyl5qUEBD7IuD0/AEI-OmWm1iNuziWA7R0P, with debug_info, not stripped
Output of
cat audit.log | grep xteve
:type=AVC msg=audit(1551898814.098:1342): avc: denied { execute } for pid=11002 comm="(xteve)" name="xteve" dev="dm-0" ino=30958 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0 type=SERVICE_STOP msg=audit(1551898814.100:1343): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xteve comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'UID="root" AUID="unset" type=SERVICE_START msg=audit(1551898814.420:1344): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xteve comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_STOP msg=audit(1551898814.420:1345): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xteve comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" type=SERVICE_START msg=audit(1551898966.689:1385): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=xteve comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?res=success'UID="root" AUID="unset"
Things I have tried but didnt work:
systemd Failed at step EXEC spawning script: Permission denied
systemd custom service: Failed at step EXEC spawning … Permission denied
“Failed at step EXEC spawning” even with proper group permissions
-
Michael Hampton about 5 yearsCheck the audit log.
-
Dom about 5 yearsCould you add the result of "file xteve" ?
-
Stone Monarch about 5 years@Dom when you mean resualt of file xteve, you mean if i run it manually with the command line?
-
Stone Monarch about 5 years@MichaelHampton Where would i find that?
-
Dom about 5 years@Stone Monarch : Yes, open a terminal, and run "file xteve". Type enter. The result must be copy/paste here
-
Stone Monarch about 5 years@Dom Added it to the original question too [root@skynet IPTV]# file xteve xteve: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=lt4S9w02Ylf_MXsFeRkj/jdmwTx5YSsQSDaa6tfuz/vCzfZlCyl5qUEBD7IuD0/AEI-OmWm1iNuziWA7R0P, with debug_info, not stripped
-
Michael Hampton about 5 yearsIt's in
/var/log/audit/audit.log
. You will get new entries each time you try to start the service. Please try to start the service again and then copy and paste the newly added entries. -
Dom about 5 yearsAnd your Linux is a 64 bits or a 32 bits ? execute "uname -m"
-
Stone Monarch about 5 years@MichaelHampton audit log now in question
-
Stone Monarch about 5 years@Dom 64bit
x86_64
-
Stone Monarch about 5 years@Dom Thank you very much for your help Michael Hampton has resolved the issue. But much appreciated for your efforts
-
-
Stone Monarch about 5 yearsThank you very much, this worked. My friend and I have been loosing our minds for a week over this
-
skierpage almost 5 yearsNote if you move service files from a home directory to a "proper directory", their SELinux context remains "home". You can reset this by running
sudo restorecon -rv /path/to/moved/directory