unconfined_u:unconfined_r:unconfined_t:s0 cannot execute scripts under /usr/lib/systemd/system-shutdown/

Having systemd service like this
```
[Service]
Type=oneshot
ExecStart=/usr/lib/systemd/system-shutdown/hdd-dock-poweroff.sh start
SELinuxContext=unconfined_u:unconfined_r:unconfined_t:s0
PrivateDevices=no
ProtectSystem=no
CapabilityBoundingSet=~
SystemCallFilter=

[Install]
WantedBy=default.target
```

Results in
```
/usr/lib/systemd/system-shutdown/hdd-dock-poweroff.sh: Permission denied
```

Funnily if I change it to `ExecStart=/bin/bash /usr/lib/systemd/system-shutdown/hdd-dock-poweroff.sh start`, then it works as expected. I don't understand why this should fail to execute within the unconfined context.

```
$ ls -Z /etc/systemd/system/hdd-dock-power.service
unconfined_u:object_r:systemd_unit_file_t:s0 /etc/systemd/system/hdd-dock-power.service

$ ls -l /etc/systemd/system/hdd-dock-power.service
-rw-r--r--. 1 root root 484 Sep  8 00:25 /etc/systemd/system/hdd-dock-power.service
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

unconfined_u:unconfined_r:unconfined_t:s0 cannot execute scripts under /usr/lib/systemd/system-shutdown/ #492

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

unconfined_u:unconfined_r:unconfined_t:s0 cannot execute scripts under /usr/lib/systemd/system-shutdown/ #492

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions