Upgrade fails due to custom SELinux policies
Trying to upgrade ESET Server Security for Linux (ESSL) on a supported OS utilizing custom SELinux policies fails with a similar error message as below:
Error: selinux policy eset_efs is used by another policy, try to remove it with "semodule -r eset_efs". Package won't be upgraded. |
At this point:
•ESSL version 8.1.685.0 (or lower) has been removed
•ESSL version 8.1.813 is preserved but stopped. To upgrade ESSL, continue with the steps below; otherwise, start the efs.service service.
If you try to use the suggested command semodule -r eset_efs to remove the eset_efs policy, it fails with a similar error message as below:
libsemanage.semanage_direct_remove_key: Removing last eset_efs module (no other eset_efs module exists at another priority). Failed to resolve typeattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/my-gdb/cil:2 semodule: Failed! |
In our example, the custom policy my-gdb must be removed first. Execute the command below in a Terminal window as a privileged user:
semodule -r my-gdb |
The output will be:
libsemanage.semanage_direct_remove_key: Removing last my-gdb module (no other my-gdb module exists at another priority). |
Remove the eset_efs policy by executing the command below in a Terminal window as a privileged user:
semodule -r eset_efs |
and run the ESSL installer again to complete the upgrade.
|
eset_efs policy is not removed after uninstalling ESSL After uninstalling ESSL in the environment mentioned above, eset_efs policy is not removed. Remove it manually as instructed above. |
