I am trying to restart wireguard service from php script, like this:
<?php
exec("sudo systemctl restart wg-quick@wg0", $output, $retval);
?>
Exec doesn´t work. $output is empty, $retval is 4. I switched domain httpd_t to permissive mode with command command semanage permissive -a httpd_t , then exec works, service wireguard is succesfully restarted, $retval is 0. Here is part from audit.log when httpd_t is permissive (I greped only line with ‘denied’):
type=USER_AVC msg=audit(1729701110.392:226691): pid=1246 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.271885 spid=1258 tpid=115666 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=dbus permissive=0 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus"
I had mode ‘denied’ problems, but I solved them with commands
setsebool -P httpd_mod_auth_pam 1
setsebool -P httpd_setrlimit 1
but I am unable to correct the last error above..
I am using AlmaLinux 8.1
Thank you for help.
You need to sign in to view this answers
Leave feedback about this