setroubleshootd and SELinux is not considered compatible with cPanel

The “setroubleshootd” process is included as part of SELinux. SELinux is not considered compatible with cPanel, and we recommend disabling it per our installation documentation:

Disable SELinux security features

For a fully successful installation you should disable SELinux. When installing a Red Hat or CentOS distribution, you will be able to use the graphical interface to disable SELinux when configuring the operating system.

This can also be accomplished by editing /etc/selinux/config from the command line, and setting the SELINUX parameter to disabled with a text editor such as nano or vi. The file should resemble the following text:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted

Once you save the changes to the file above you will need to reboot the server for the changes to take effect.

PICK Important: SELinux must remain disabled in order for WHM and cPanel to run on your web server. Ensure that the pound sign (#) does not precede SELINUX=disabled. If # precedes this configuration option, the line will be ignored.

ALERT! Warning: Do not transfer the SELinux configuration file between computers as it may destroy the file’s integrity.

ALERT! You will need to reboot the server for the changes to take effect.

 For a quick fix that is not permanent:

There is a bug with the new option in Centos 5 called setroubleshoot.

The bug spins the program over and over causing high memory and sometimes CPU use. Unfortunately there is no permanent fix yet, but if you see something like this high in your daily process log:

/usr/bin/python -E /usr/sbin/setroubleshootd

To fix for now you simply have to restart the process:

/etc/init.d/setroubleshoot restart

One thought on “setroubleshootd and SELinux is not considered compatible with cPanel”

  1. Pingback: setroubleshoot bug

Comments are closed.