Why custom services working fine on RHEL7 do not start anymore on RHEL8 - Red Hat Customer Portal

Issue

After creating the exact same custom service units on RHEL8 than on RHEL7, starting the service fails on RHEL8 whereas it works fine on RHEL7, usually systemd reports Permission denied or Main process exited, code=exited, status=203/EXEC in the service status

AVCs are seen in the audit log related to init_t and default_t, user_home_t, nfs_t or cifs_t, as shown in the examples below

type=AVC msg=... : avc:  denied  { execute } for  ... comm=XXX name=XXX ... scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

or

type=AVC msg=... : avc:  denied  { open } for  pid=1 comm=systemd path=/apps/my/non-standard/path ... scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=0

or

type=AVC msg=... : avc:  denied  { open } for  pid=1 comm=systemd path=/nfsmount/my/path ... scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:nfs_t:s0 tclass=file permissive=0

Environment

Red Hat Enterprise Linux 8 and later
- systemd
- selinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2025 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)