0

I am trying to run a Golang server binary as a service with Systemd on Centos 8, but I get an error.

This is my script /etc/systemd/system/myserverapp.service

[Unit]
Description=MyServerApp

[Service]
Type=simple
ExecStart=/var/mybin/myserverapp

[Install]
WantedBy=multi-user.target

This is what I type:

sudo systemctl enable myserverapp
sudo systemctl start myserverapp

but it doesn't start, and if I type:

sudo systemctl status myserverapp

this is what I get:

● myserverapp.service - MyServerApp
   Loaded: loaded (/etc/systemd/system/myserverapp.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2020-04-20 19:36:36 UTC; 2s ago
  Process: 11228 ExecStart=/var/mybin/myserverapp (code=exited, status=203/EXEC)
 Main PID: 11228 (code=exited, status=203/EXEC)

Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Main process exited, code=exited, status=203/EXEC
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Failed with result 'exit-code'.
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Service RestartSec=100ms expired, scheduling restart.
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Scheduled restart job, restart counter is at 5.
Apr 20 19:36:36 myserver systemd[1]: Stopped MyServerApp.
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Start request repeated too quickly.
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Failed with result 'exit-code'.
Apr 20 19:36:36 myserver systemd[1]: Failed to start MyServerApp.

notice that if I run: sudo /var/mybin/myserverapp from the shell, the server binary runs correctly

Daniele B
  • 367
  • 1
  • 4
  • 14

1 Answers1

4

I found the problem!

It was due to the SELinux policy, which was denying Systemd to run my server app as a service, as it was in a non-standard bin directory /var/mybin/.

you can verify the SELinux denied executions by running the command:

sudo ausearch -m avc -ts today

There are 2 possible solutions:

1) move the binary to a standard bin directory like /usr/local/bin

2) add a bin_t SELinux rule to the /var/mybin/myserverapp file, so that Systemd can run it as a service.

To apply solution 2), you just need to run the command:

sudo semanage fcontext -a -t bin_t /var/mybin/myserverapp

if you want to list all current SELinux rules, just type:

sudo semanage fcontext -l

in case semanage is not installed on your system, you can simply install it with this command:

sudo dnf install policycoreutils-python-utils
Daniele B
  • 367
  • 1
  • 4
  • 14