|
SELinux : Change Port Types
2016/07/26 |
|
SELinux labels Types to network Ports, so it's impossible to start a Service with a port which Type is not configured.
|
|
| [1] | Show Type list for network Ports like follows. |
|
[root@dlp ~]# semanage port -l SELinux Port Type Proto Port Number afs_bos_port_t udp 7007 afs_client_port_t udp 7001 afs_fs_port_t tcp 2040 ..... ..... zented_port_t udp 1229 zope_port_t tcp 8021 |
| [2] |
For example, Set 82 Port for httpd.
Default Port 80 for http, Port 443 for https is labeled with "http_port_t" like follows, but 82 is not set, of course.
So if you configured httpd.conf correctly with "listen 82", httpd will not start becuase SELinux denies it.
If you'd like to use 82, add it to "http_port_t".
|
|
# show current settings [root@dlp ~]# semanage port -l | grep -E -w "80|443" http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 # add 82 Port [root@dlp ~]# semanage port -a -t http_port_t -p tcp 82
semanage port -l | grep "^http_port_t"
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
# just added
# after changing httpd.conf correctly, restart httpd and verify running [root@dlp ~]# netstat -lnp | grep httpd
tcp 0 0 :::82 :::* LISTEN 1352/httpd
# httpd is listening with 82
|