问题描述

v2ray 服务重启失败

systemctl status v2ray.service 信息如下

[root@dns-chrony v2ray]# systemctl status v2ray.service
● v2ray.service - V2Ray Service
   Loaded: loaded (/etc/systemd/system/v2ray.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2024-07-02 22:16:21 CST; 41s ago
     Docs: https://www.v2fly.org/
  Process: 29990 ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json (code=exited, status=203/EXEC)
 Main PID: 29990 (code=exited, status=203/EXEC)

Jul 02 22:16:20 dns-chrony.example.com systemd[1]: v2ray.service: Main process exited, code=exited, status=203/EXEC
Jul 02 22:16:20 dns-chrony.example.com systemd[1]: v2ray.service: Failed with result 'exit-code'.
Jul 02 22:16:21 dns-chrony.example.com systemd[1]: v2ray.service: Service RestartSec=100ms expired, scheduling restart.
Jul 02 22:16:21 dns-chrony.example.com systemd[1]: v2ray.service: Scheduled restart job, restart counter is at 5.
Jul 02 22:16:21 dns-chrony.example.com systemd[1]: Stopped V2Ray Service.
Jul 02 22:16:21 dns-chrony.example.com systemd[1]: v2ray.service: Start request repeated too quickly.
Jul 02 22:16:21 dns-chrony.example.com systemd[1]: v2ray.service: Failed with result 'exit-code'.
Jul 02 22:16:21 dns-chrony.example.com systemd[1]: Failed to start V2Ray Service.

/var/log/message 日志如下

Jul  2 22:17:58 dns-chrony systemd[30050]: v2ray.service: Failed to execute command: Permission denied
Jul  2 22:17:58 dns-chrony systemd[30050]: v2ray.service: Failed at step EXEC spawning /usr/local/bin/v2ray: Permission denied
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Main process exited, code=exited, status=203/EXEC
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Failed with result 'exit-code'.
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Service RestartSec=100ms expired, scheduling restart.
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Scheduled restart job, restart counter is at 4.
Jul  2 22:17:58 dns-chrony systemd[1]: Stopped V2Ray Service.
Jul  2 22:17:58 dns-chrony systemd[1]: Started V2Ray Service.
Jul  2 22:17:58 dns-chrony systemd[30052]: v2ray.service: Failed to execute command: Permission denied
Jul  2 22:17:58 dns-chrony systemd[30052]: v2ray.service: Failed at step EXEC spawning /usr/local/bin/v2ray: Permission denied
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Main process exited, code=exited, status=203/EXEC
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Failed with result 'exit-code'.
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Service RestartSec=100ms expired, scheduling restart.
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Scheduled restart job, restart counter is at 5.
Jul  2 22:17:58 dns-chrony systemd[1]: Stopped V2Ray Service.
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Start request repeated too quickly.
Jul  2 22:17:58 dns-chrony systemd[1]: v2ray.service: Failed with result 'exit-code'.
Jul  2 22:17:58 dns-chrony systemd[1]: Failed to start V2Ray Service.

显示没有权限，然后我还忘记了 SELinux 的事情，一搜索看到别人发的才想起来这个，原因找到了，但是我并不想关闭 SELinux (虽然也不用 SELinux)，所以就查了一下怎么允许 SELinux 放行，方法见下文。

SELinux 允许 systemd 执行二进制文件

检查 SELinux 相关日志

[root@dns-chrony v2ray]# ausearch -m AVC -ts today | tail
----
time->Tue Jul  2 22:17:58 2024
type=PROCTITLE msg=audit(1719929878.143:1676): proctitle="(v2ray)"
type=SYSCALL msg=audit(1719929878.143:1676): arch=c000003e syscall=59 success=no exit=-13 a0=563b4bfccd50 a1=563b4be731b0 a2=563b4bece310 a3=0 items=0 ppid=1 pid=30050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(v2ray)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(1719929878.143:1676): avc:  denied  { execute } for  pid=30050 comm="(v2ray)" name="v2ray" dev="vda2" ino=33896345 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Tue Jul  2 22:17:58 2024
type=PROCTITLE msg=audit(1719929878.394:1681): proctitle="(v2ray)"
type=SYSCALL msg=audit(1719929878.394:1681): arch=c000003e syscall=59 success=no exit=-13 a0=563b4bfccd50 a1=563b4be731b0 a2=563b4bece310 a3=0 items=0 ppid=1 pid=30052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(v2ray)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(1719929878.394:1681): avc:  denied  { execute } for  pid=30052 comm="(v2ray)" name="v2ray" dev="vda2" ino=33896345 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0

可以看到有 v2ray 相关的日志，有 denied 字眼，表示被拒绝。

给 /usr/local/bin/v2ray 文件添加 SELinux 上下文，允许 systemd 可以执行它。

[root@dns-chrony log]# semanage fcontext -a -t bin_t /usr/local/bin/v2ray

[root@dns-chrony log]# restorecon -Rv /usr/local/bin/
Relabeled /usr/local/bin/v2ray from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:bin_t:s0

[root@dns-chrony v2ray]# systemctl restart v2ray.service

[root@dns-chrony v2ray]# systemctl status v2ray.service
● v2ray.service - V2Ray Service
   Loaded: loaded (/etc/systemd/system/v2ray.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2024-07-02 22:57:51 CST; 10min ago
     Docs: https://www.v2fly.org/
 Main PID: 31214 (v2ray)
    Tasks: 6 (limit: 11072)
   Memory: 53.1M
   CGroup: /system.slice/v2ray.service
           └─31214 /usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json

Jul 02 22:57:51 dns-chrony.example.com systemd[1]: v2ray.service: Succeeded.
Jul 02 22:57:51 dns-chrony.example.com systemd[1]: Stopped V2Ray Service.
Jul 02 22:57:51 dns-chrony.example.com systemd[1]: Started V2Ray Service.
Jul 02 22:57:51 dns-chrony.example.com v2ray[31214]: V2Ray 5.16.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.22.2 linux/amd64)
Jul 02 22:57:51 dns-chrony.example.com v2ray[31214]: A unified platform for anti-censorship.
Jul 02 22:57:52 dns-chrony.example.com v2ray[31214]: 2024/07/02 22:57:52 [Warning] V2Ray 5.16.1 started