Just a quick reminder how to run a Spring Boot JAR (or any other self JAR executable) with SELinux enabled:
chcon --type=java_exec_t /opt/myapp/spring-boot-app.jar
To make this persistent you have to use the bin_exec_t type as java_exec_t is just an alias:
# apply the bin_exec_t semanage fcontext -a -t bin_exec_t /opt/myapp/spring-boot-app.jar # restore SELinux contexts restorecon -R /opt/myapp ll -Z /opt/myapp # should look like # -rwxr-xr-x. 1 myapp myapp unconfined_u:object_r:bin_t:s0 26500195 Aug 28 08:34 myapp.jar
To let systemd start this service, you have to create a systemd unit file at /etc/systemd/system/myapp.service:
[Unit] Description=My Spring Boot application After=syslog.target network.target [Service] ExecStart=/opt/myapp/spring-boot-app.jar EnvironmentFile=-/etc/sysconfig/myapp SuccessExitStatus=143 User=pwss [Install] WantedBy=multi-user.target
And don’t forget to add the service user, reload the systemd services and enable the myapp.service.