Custom systemd service ExecStart fails with AVC denials
Issue
- When a systemd unit file attempts to run
ExecStart
for an executable in a user's home directory it fails with an AVC denial similar to the following:
type=AVC msg=audit(07/24/2020 10:40:46.402:762) : avc: denied { execute } for pid=5221 comm=(test.sh) name=test.sh dev="dm-0" ino=8424005 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:home_bin_t:s0 tclass=file permissive=0
Environment
- Red Hat Enterprise 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.