CentOS 6
Sponsored Link

SELinux : Change Port Types
2016/07/26
 
SELinux labels Types to network Ports, so it's impossible to start a Service with a port which Type is not configured.
[1] Show Type list for network Ports like follows.
[root@dlp ~]#
semanage port -l

SELinux Port Type              Proto    Port Number

afs_bos_port_t                 udp      7007
afs_client_port_t              udp      7001
afs_fs_port_t                  tcp      2040
.....
.....
zented_port_t                  udp      1229
zope_port_t                    tcp      8021
[2]
For example, Set 82 Port for httpd.
Default Port 80 for http, Port 443 for https is labeled with "http_port_t" like follows, but 82 is not set, of course. So if you configured httpd.conf correctly with "listen 82", httpd will not start becuase SELinux denies it. If you'd like to use 82, add it to "http_port_t".
# show current settings

[root@dlp ~]#
semanage port -l | grep -E -w "80|443"

http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

# add 82 Port

[root@dlp ~]#
semanage port -a -t http_port_t -p tcp 82
[root@dlp ~]#
semanage port -l | grep "^http_port_t"

http_port_t                    tcp      82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
# just added

# after changing httpd.conf correctly, restart httpd and verify running

[root@dlp ~]#
netstat -lnp | grep httpd

tcp        0      0 :::82                       :::*                        LISTEN      1352/httpd
# httpd is listening with 82
 
Tweet