Unable to upgrade Plesk selinux module: Module plesk depends on permission audit_access in class dir, not satisfied (No such file or directory).

Created:

2016-11-16 13:23:16 UTC

Modified:

2017-08-16 16:19:50 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Unable to upgrade Plesk selinux module: Module plesk depends on permission audit_access in class dir, not satisfied (No such file or directory).

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 11.x for Linux

Symptoms

Plesk selinux module was no upgraded to 12.5.30 version:

 # semodule -l | grep plesk
plesk 11.5.30

CentOS 6 is installed and selinux is enabled.

Manual installation of Plesk selinux module results in error:

 # semodule -v -i /usr/local/psa/etc/plesk.pp
Attempting to install module '/usr/local/psa/etc/plesk.pp':
Ok: return value of 0.
Committing changes:
libsepol.permission_copy_callback: Module plesk depends on permission audit_access in class dir, not satisfied (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!

As the result, in enforcing mode, 'permission denied' errors may occur in /var/log/audit/audit.log like this one [KB128440]Mail test PHP script issue

Cause

This is a software issue with internal ID #PPPM-4255 . It will be fixed in further Plesk updates. Plesk selinux module conflicts with the latest selinux targeted policy.

Resolution

For Plesk 11.5 before upgrade:

  1. Remove plesk.pp module:

      # semodule -r plesk
  2. Reapply selinux policies:

      # cd /usr/share/selinux/targeted
    # ls *.pp.bz2 | grep -Ev "base.pp|enableaudit.pp|qmail" | xargs /usr/sbin/semodule -b base.pp.bz2 -i
  3. Start upgrade.

For affected server:

  1. Remove plesk.pp module:

      # semodule -r plesk
  2. Reapply selinux policies:

      # cd /usr/share/selinux/targeted
    # ls *.pp.bz2 | grep -Ev "base.pp|enableaudit.pp|qmail" | xargs /usr/sbin/semodule -b base.pp.bz2 -i
  3. Execute /usr/local/psa/etc/selinux_policy_upgrade_trigger

  4. Execute:

      # setsebool -P httpd_can_bind_all_ports 1
  5. Reboot the server.

Have more questions? Submit a request
Please sign in to leave a comment.