SELinux : Change Port Types |
SELinux labels Types to network Ports, so it's impossible to start a Service with a port that Type is not configured. | |
| [1] | Show Type list for network Ports like follows. |
| [root@dlp ~]# semanage port -l SELinux Port Type Proto Port Number afs3_callback_port_t tcp 7001 afs3_callback_port_t udp 7001 afs_bos_port_t udp 7007 afs_fs_port_t tcp 2040 afs_fs_port_t udp 7000, 7005 ..... ..... zented_port_t udp 1229 zookeeper_client_port_t tcp 2181 zookeeper_election_port_t tcp 3888 zookeeper_leader_port_t tcp 2888 zope_port_t tcp 8021 |
| [2] | For example, Set 82 Port for httpd. Default Port 80 for http and Port 443 for https are labeled with [http_port_t] like follows, but 82 is not set. So if you configured httpd.conf correctly with [listen 82], httpd will not start becuase SELinux denies it. If you'd like to use 82, add it to [http_port_t]. |
# show current settings [root@dlp ~]# semanage port -l | grep -E -w "80|443" http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 # add 82 Port [root@dlp ~]# semanage port -a -t http_port_t -p tcp 82 semanage port -l | grep "^http_port_t" http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
# just added
# after changing httpd.conf correctly, restart httpd and verify running [root@dlp ~]# ss -napt | grep httpd LISTEN 0 511 *:82 *:* users:(("httpd",pid=2491,fd=4),("httpd",pid=2490,fd=4),("httpd",pid=2489,fd=4),("httpd",pid=2485,fd=4))
# httpd is listening on 82 |
No comments:
Post a Comment