У меня есть следующий служебный файл.
[Unit]
Description=xxx_sidekiq
After=syslog.target network.target
[Service]
Type=notify
WatchdogSec=10
WorkingDirectory=/home/xxx/project/matchspace/appointment-ms
ExecStart=/home/xxx/.rvm/wrappers/ruby-2.6.4/bundle exec sidekiq -e production
User=developer
Group=developer
UMask=0002
Environment=MALLOC_ARENA_MAX=2
RestartSec=1
Restart=on-failure
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=xxx_sidekiq
[Install]
WantedBy=multi-user.target
Когда я запускаю службу как sudo systemctl start xxx_sidekiq.service
Я получаю следующую ошибку
Jun 4 05:55:23 cnctest systemd[23391]: xxx_sidekiq.service: Failed to execute command: Permission denied
Jun 4 05:55:23 cnctest systemd[23391]: xxx_sidekiq.service: Failed at step EXEC spawning /home/xxx/.rvm/wrappers/ruby-2.6.4/bundle: Permission denied
Причина отказа в разрешении указана как
Jun 4 05:55:23 cnctest platform-python[23362]: SELinux is preventing /usr/lib/systemd/systemd from read access on the lnk_file ruby-2.6.4.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that systemd should be allowed read access on the ruby-2.6.4 lnk_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c '(bundle)' --raw | audit2allow -M my-bundle#012# semodule -X 300 -i my-bundle.pp#012
Как я могу решить эту проблему.