SELinux : Change Port Types2021/03/02 |
SELinux labels Types to network Ports, so it's impossible to start a Service with a port that Type is not configured.
|
|
[1] | Show Type list for network Ports like follows. |
[root@dlp ~]# semanage port -l SELinux Port Type Proto Port Number afs3_callback_port_t tcp 7001 afs3_callback_port_t udp 7001 afs_bos_port_t udp 7007 afs_fs_port_t tcp 2040 afs_fs_port_t udp 7000, 7005 afs_ka_port_t udp 7004 ..... ..... zented_port_t udp 1229 zookeeper_client_port_t tcp 2181 zookeeper_election_port_t tcp 3888 zookeeper_leader_port_t tcp 2888 zope_port_t tcp 8021 |
[2] |
For example, Set 82 Port for httpd.
Default Port 80 for http and Port 443 for https are labeled with [http_port_t] like follows, but 82 is not set.
So if you configured httpd.conf correctly with [listen 82], httpd will not start becuase SELinux denies it.
If you'd like to use 82, add it to [http_port_t].
|
# show current settings [root@dlp ~]# semanage port -l | grep -E -w "80|443" http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 # add 82 Port [root@dlp ~]# semanage port -a -t http_port_t -p tcp 82
semanage port -l | grep "^http_port_t"
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
# just added
# after changing httpd.conf correctly, restart httpd and verify running [root@dlp ~]# ss -napt | grep httpd
LISTEN 0 128 *:82 *:* users:(("httpd",pid=3918,fd=4),("httpd",pid=3917,fd=4),("httpd",pid=3916,fd=4),("httpd",pid=3914,fd=4))
# httpd is listening on 82
|
Sponsored Link |