我正在尝试使用以下服务运行 Golang 服务器二进制文件系统化在Centos 8,但出现错误。
这是我的脚本/etc/systemd/system/myserverapp.service
[Unit]
Description=MyServerApp
[Service]
Type=simple
ExecStart=/var/mybin/myserverapp
[Install]
WantedBy=multi-user.target
这是我输入的内容:
sudo systemctl enable myserverapp
sudo systemctl start myserverapp
但它没有启动,如果我输入:
sudo systemctl status myserverapp
这是我得到的:
● myserverapp.service - MyServerApp
Loaded: loaded (/etc/systemd/system/myserverapp.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2020-04-20 19:36:36 UTC; 2s ago
Process: 11228 ExecStart=/var/mybin/myserverapp (code=exited, status=203/EXEC)
Main PID: 11228 (code=exited, status=203/EXEC)
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Main process exited, code=exited, status=203/EXEC
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Failed with result 'exit-code'.
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Service RestartSec=100ms expired, scheduling restart.
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Scheduled restart job, restart counter is at 5.
Apr 20 19:36:36 myserver systemd[1]: Stopped MyServerApp.
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Start request repeated too quickly.
Apr 20 19:36:36 myserver systemd[1]: myserverapp.service: Failed with result 'exit-code'.
Apr 20 19:36:36 myserver systemd[1]: Failed to start MyServerApp.
请注意,如果我
sudo /var/mybin/myserverapp从 shell 运行:服务器二进制文件将正确运行
答案1
我发现问题了!
这是由于SELinux 政策,这否认了系统化将我的服务器应用程序作为服务运行,因为它位于非标准的 bin 目录中/var/mybin/。
你可以通过运行以下命令来验证 SELinux 是否拒绝执行:
sudo ausearch -m avc -ts today
有两种可能的解决方案:
1)将二进制文件移动到标准 bin 目录,例如/usr/local/bin
2)在文件bin_t中添加SELinux规则/var/mybin/myserverapp,以便Systemd可以将其作为服务运行。
要应用解决方案 2),您只需运行以下命令:
sudo semanage fcontext -a -t bin_t /var/mybin/myserverapp
如果你想列出所有当前的 SELinux 规则,只需输入:
sudo semanage fcontext -l
如果semanage您的系统上没有安装,您可以使用以下命令轻松安装:
sudo dnf install policycoreutils-python-utils