I'm having a problem and I don't understand the reason and i disbale selinux
(FATAL): Unable to create /etc/selinux/config
Last edited by a moderator:
I'm having a problem and I don't understand the reason and i disbale selinux
(FATAL): Unable to create /etc/selinux/config
maybe this: (FATAL): Unable to create /etc/selinux/config
or this
The following command:
will tell you which package does the file belong to and whether the package has been installed.
or this
The following command:
Code:
yum provides /etc/selinux/config
$lsattr /etc/selinux/config
----i--------e-- /etc/selinux/config
$su
$chattr -i /etc/selinux/config
$lsattr /etc/selinux/config
-------------e-- /etc/selinux/config
Try reinstall it again and will be continue.
----i--------e-- /etc/selinux/config
$su
$chattr -i /etc/selinux/config
$lsattr /etc/selinux/config
-------------e-- /etc/selinux/config
Try reinstall it again and will be continue.
I got this error installing DNSOnly. This (below) solved it for me. But what's the problem/is there a bug fix in for this?
-------------------------------------------------------------------------------------------------------
If this result:
$lsattr /etc/selinux/config
----i--------e-- /etc/selinux/config
Then use:
$chattr -i /etc/selinux/config
Check:
$lsattr /etc/selinux/config
-------------e-- /etc/selinux/config
If result is last line above, retry install.
this is OS specific not cPanel bugfix and OS has Selinux enabled.
System Requirements | cPanel & WHM Documentation
This document describes the system requirements for your cPanel & WHM installation.
docs.cpanel.net
in order to install cPanel
Disable SELinux
You must disable SELinux to make your system compatible with cPanel & WHM.
To disable SELinux security features, use one of the following methods:
- Use the graphical interface to disable SELinux while you configure your operating system, and then reboot the server.
- Edit the /etc/selinux/config file to set the SELINUX parameter to disabled, and then reboot the server. The contents of the /etc/selinux/config file should resemble the following example:
Important:1
2
3
4
5
6
7
8
9
10
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
Make certain that the number sign (#) does not precede SELINUX=disabled. If a # precedes this configuration option, the system ignores the option.
- To run cPanel & WHM on your server, SELinux must remain disabled.
- SELinux in enforcing mode does not allow cPanel & WHM to function properly. For more information about SELinux modes, read the SELinux Mode documentation.
- While cPanel & WHM can function with SELinux in permissive mode, we recommend that you do not use it. Permissive mode generates a large number of log entries.
- To check the status of SELinux on your server, run the sestatus command.
- Do not transfer the SELinux configuration file between computers. It may destroy the file’s integrity.
I checked first and selinuz WAS disabled already. The problem is the immutable attribute on the file. This would stop any cPanel install, not just DNSOnly, correct?
$ sestatus
SELinux status: disabled
$ cat /etc/selinux/config
SELINUX=disabled
$ lsattr /etc/selinux/config
----i--------e-- /etc/selinux/config
$chattr -i /etc/selinux/config
$lsattr /etc/selinux/config
-------------e-- /etc/selinux/config
Then the install goes fine. I should have no concerns, correct?
Is this check a recent addition? I ask because the provider also has an option to deploy with cPanel (Standard) installed, and selinux is disabled but the immutable attribute is set on the config file. So it appears to have not been an issue when they created their image (it's not 102 so I know it's an image, not an latest install).
The config file may still be present even if the tool itself is disabled.
I'm not aware of any adjustments to the installer, although we did have another user report this recently: SOLVED - Cpanel install error can not create /etc/selinux/config
I'm not aware of any adjustments to the installer, although we did have another user report this recently: SOLVED - Cpanel install error can not create /etc/selinux/config
It is definitely present since that's how it is disabled, AFAIK.
Yes, it does, and I'm wondering if that's what changed (or else the default attrib for the file?). Seems like a better solution would be to check wither the disable line is in the file, and if so, move on.
I've created case CPANEL-40381 with our team so they can look into this. You can follow along with updates on that here: https://support.cpanel.net/hc/en-us/articles/5230204719255
My provider, Vultr, says that if they don't set the file immutable it ends up getting "changed later." Not sure how many providers are configuring this way, but there seems to be a reason. They also hadn't seen the cPanel install issue until now.
Vultr:
"This change was made a while back. This shouldn't and hasn't affected the installation of cpanel so far, so I think they made a change. We are going to recommend to people who need to install cpanel themselves to untag the attribute, install and retag."
Vultr:
"This change was made a while back. This shouldn't and hasn't affected the installation of cpanel so far, so I think they made a change. We are going to recommend to people who need to install cpanel themselves to untag the attribute, install and retag."
After speaking with the installation team, I can confirm we haven't tweaked things on our end. This call will tweak things though in the future to avoid this issue completely.
this is very common issue mostly in vultr servers. actually it permission issue that can be simply fixed using this command chattr -i /etc/selinux/config
or follow the article (FATAL): Unable to create /etc/selinux/config
or follow the article (FATAL): Unable to create /etc/selinux/config
Just to add on...
At least for Vultr, it's recommenred by them to re-add that attribute after the install. It should not be an issue and might be preventing some other problem, per Vultr's tech recommendation. FYI: I've been running a server for years that has the attribute set with no issues.
At least for Vultr, it's recommenred by them to re-add that attribute after the install. It should not be an issue and might be preventing some other problem, per Vultr's tech recommendation. FYI: I've been running a server for years that has the attribute set with no issues.
Update - our team is releasing the installer with this fix now, and you'll see it in the changelogs at Installer Change Log | cPanel & WHM Documentation under version 00125.