|
SELinux : Change Port Types
2016/04/03 |
|
SELinux labels Types to network Ports, so it's impossible to start a Service with a port which Type is not configured.
|
|
| [1] | Show Type list for network Ports like follows. |
|
[root@dlp ~]# semanage port -l SELinux Port Type Proto Port Number afs3_callback_port_t tcp 7001 afs3_callback_port_t udp 7001 afs_bos_port_t udp 7007 ..... ..... zookeeper_leader_port_t tcp 2888 zope_port_t tcp 8021 |
| [2] |
For example, Set 82 Port for httpd.
Default Port 80 for http, Port 443 for https is labeled with "http_port_t" like follows,
but 82 is not set, of course. So if you configured httpd.conf correctly with "listen 82", httpd will not start
becuase SELinux denies it. If you'd like to use 82, add it to "http_port_t".
|
|
# show current settings [root@dlp ~]# semanage port -l | grep -E -w "80|443" http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 # add 82 Port [root@dlp ~]# semanage port -a -t http_port_t -p tcp 82
semanage port -l | grep "^http_port_t"
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
# just added
# after changing httpd.conf correctly, restart httpd and verify running [root@dlp ~]# ss -napt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:* users:(("mysqld",pid=1081,fd=14))
LISTEN 0 50 *:139 *:* users:(("smbd",pid=867,fd=38))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=821,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1132,fd=13))
LISTEN 0 50 *:445 *:* users:(("smbd",pid=867,fd=37))
LISTEN 0 50 :::139 :::* users:(("smbd",pid=867,fd=36))
LISTEN 0 128 :::82 :::* users:(("httpd",pid=1356,fd=4),("httpd",p...
LISTEN 0 128 :::22 :::* users:(("sshd",pid=821,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=1132,fd=14))
LISTEN 0 50 :::445 :::* users:(("smbd",pid=867,fd=35))
# httpd is listening with 82
|