script creates misconfiguration of [email protected] rockylinux 9.3 minimal // SOLVED

[k0nki]

hi community
I tried this script to install wireguard under rockylinux 9.3 minimal (VM Proxmox 7.).
installation succeeded but with an error:
Job for [email protected] failed because the control process exited with error code.
See "systemctl status [email protected]" and "journalctl -xeu [email protected]" for details.

`# systemctl status wg-quick@wg0
× [email protected] - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; preset: disabled)
Active: failed (Result: exit-code) since Sat 2024-03-09 18:28:46 CET; 16h ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Main PID: 781 (code=exited, status=1/FAILURE)
CPU: 6ms

Mar 09 18:28:46 wireguard systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Mar 09 18:28:46 wireguard wg-quick[781]: wg-quick: /etc/wireguard/wg0.conf' does not exist Mar 09 18:28:46 wireguard systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE Mar 09 18:28:46 wireguard systemd[1]: [email protected]: Failed with result 'exit-code'. Mar 09 18:28:46 wireguard systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.

# journalctl -xeu [email protected] Mar 10 12:12:56 wireguard wg-quick[5305]: wg-quick: /etc/wireguard/wg0.conf' does not exist
Mar 10 12:12:56 wireguard systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://wiki.rockylinux.org/rocky/support
░░
░░ An ExecStart= process belonging to unit [email protected] has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Mar 10 12:12:56 wireguard systemd[1]: [email protected]: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://wiki.rockylinux.org/rocky/support
░░
░░ The unit [email protected] has entered the 'failed' state with result 'exit-code'.
Mar 10 12:12:56 wireguard systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
░░ Subject: A start job for unit [email protected] has failed
░░ Defined-By: systemd
░░ Support: https://wiki.rockylinux.org/rocky/support
░░
░░ A start job for unit [email protected] has finished with a failure.
░░
░░ The job identifier is 2830 and the job result is failed.`

the service doesn't start automatically but works perfectly after manual loading of the wg0 configuration.
cd /etc/wireguard wg-quick up wg0

SOLVED;

Edit 1/ Fix permission for the folder /etc/wireguard

`# ls -la /etc/ | grep wire
drw-------. 2 root root 36 Mar 10 20:00 wireguard

'# chmod 700 /etc/wireguard
'# ls -la /etc/ | grep wire
drwx------. 2 root root 36 Mar 10 20:00 wireguard`

the configuration is now available but the service does not start

wireguard wg-quick[1430]: ERROR:dbus.proxies:Introspect error on :1.3:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message wireguard wg-quick[1430]: Error: Sender is not authorized to send message wireguard wg-quick[1382]: [#] ip link delete dev wg0 wireguard systemd[1]: [email protected]: Main process exited, code=exited, status=254/n/a wireguard systemd[1]: [email protected]: Failed with result 'exit-code'. wireguard systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.

Could this be a SELinux ( wireguard_t) related issue?

Edit 2/ sure it is:

Install policycoreutils-python-utils rpm package:
'# dnf install policycoreutils-python-utils'

place wireguard_t into permissive mode:
'# semanage permissive -a wireguard_t'

reboot, wireguard now starts without error as a systemd service

konki

[moalhaddar]

Thank you! For me it turned out the SELinux issue :)