Symptoms
-
Plesk selinux module was not upgraded to the actual version:
# semodule -l | grep plesk
plesk 11.5.30 -
CentOS 6 is running on the server and selinux is enabled:
# sestatus
SELinux status: enabled -
Manual installation of Plesk selinux module results in error:
# semodule -v -i /usr/local/psa/etc/plesk.pp
Attempting to install module ‘/usr/local/psa/etc/plesk.pp’:
Ok: return value of 0.
Committing changes:
libsepol.permission_copy_callback: Module plesk depends on permission audit_access in class dir, not satisfied (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed! - Upgrade of Plesk selinux module results in error:
# /usr/local/psa/etc/selinux_policy_upgrade_trigger
libsepol.scope_copy_callback: milter: Duplicate declaration in module: type/attribute milter_port_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!
-
As the result, in
enforcing
mode,permission denied
errors may occur in/var/log/audit/audit.log
like this one: Mail test PHP script issue
Cause
Product issue:
-
#PPPM-4255 “Support issue #PPPM-4255”
Fixed in:- Plesk Onyx 17.8 17 April 2018
Resolution
Workaround
If update is not possible for some reason you may try the following
temporary solution
Upgrade Plesk to the latest available version. If the upgrade is not possible, use the following resolution:
For affected server:
-
Connect to the server via SSH.
-
Remove plesk.pp module:
# semodule -r plesk
-
Reapply selinux policies:
# cd /usr/share/selinux/targeted
# ls *.pp.bz2 | grep -Ev “base.pp|enableaudit.pp|qmail|courier” | xargs /usr/sbin/semodule -b base.pp.bz2 -i -
Run policy upgrade utility:
# /usr/local/psa/etc/selinux_policy_upgrade_trigger
-
Apply policies for the Apache service:
# setsebool -P httpd_can_bind_all_ports 1
-
Reboot the server.
For Plesk 11.5 before upgrade: