Support,
I think you need to edit your update script to make sure setenforce 0 is executed, the update(s) applied and then setenforce 1 again.
I got an email that an autoupdate was automatically applied (this is how plesk defaults on centos to automatically apply updates). Upon logging in and checking there was still a depending update. I applied the update and got the failed message about some package during the update execution failed and to contact support.
I checked my audit.log and it was full of autoupdate script AVC errors just recently triggered.
I then setenforce 0, reapplied the update, was 100% successful, then setenforce 1 again.
Surely the developers need to fix this. What is the point of autoupdate if it fails? How hard is it to detect if selinux is enabled on the system in a script and setenforce 0 for the duration of the updates and then restore it?
Can this be pushed to the developers as it's an easy remedy to apply and fix issues. Even the basic plesk installer in the first place should do this, instead of in the notes telling you to disable it during installation.
Either this or update the psa-selinux to ensure the applied patches and script(s) do not create audits and selinux denied.
Also the MU7 updater must be broken as the email automatically sent told me the panel was successfully updated, where clearly it was not.
Also can the updater emails please put in the MU number? It's annoying to see it's just updated to 10.2 so many times. The links in the CP when you log in should kick you to the running list so you can see the MU that was applied, rather than the plain 10.2 every single time.
Thanks!
I think you need to edit your update script to make sure setenforce 0 is executed, the update(s) applied and then setenforce 1 again.
I got an email that an autoupdate was automatically applied (this is how plesk defaults on centos to automatically apply updates). Upon logging in and checking there was still a depending update. I applied the update and got the failed message about some package during the update execution failed and to contact support.
I checked my audit.log and it was full of autoupdate script AVC errors just recently triggered.
I then setenforce 0, reapplied the update, was 100% successful, then setenforce 1 again.
Surely the developers need to fix this. What is the point of autoupdate if it fails? How hard is it to detect if selinux is enabled on the system in a script and setenforce 0 for the duration of the updates and then restore it?
Can this be pushed to the developers as it's an easy remedy to apply and fix issues. Even the basic plesk installer in the first place should do this, instead of in the notes telling you to disable it during installation.
Either this or update the psa-selinux to ensure the applied patches and script(s) do not create audits and selinux denied.
Also the MU7 updater must be broken as the email automatically sent told me the panel was successfully updated, where clearly it was not.
Also can the updater emails please put in the MU number? It's annoying to see it's just updated to 10.2 so many times. The links in the CP when you log in should kick you to the running list so you can see the MU that was applied, rather than the plain 10.2 every single time.
Thanks!