CentOS 7
Ads

SELinux : Change Port Types
2016/04/03
 
SELinux labels Types to network Ports, so it's impossible to start a Service with a port which Type is not configured.
[1] Show Type list for network Ports like follows.
[root@dlp ~]#
semanage port -l

SELinux Port Type              Proto    Port Number

afs3_callback_port_t           tcp      7001
afs3_callback_port_t           udp      7001
afs_bos_port_t                 udp      7007
.....
.....
zookeeper_leader_port_t        tcp      2888
zope_port_t                    tcp      8021
[2]
For example, Set 82 Port for httpd.
Default Port 80 for http, Port 443 for https is labeled with "http_port_t" like follows, but 82 is not set, of course. So if you configured httpd.conf correctly with "listen 82", httpd will not start becuase SELinux denies it. If you'd like to use 82, add it to "http_port_t".
# show current settings

[root@dlp ~]#
semanage port -l | grep -E -w "80|443"

http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

# add 82 Port

[root@dlp ~]#
semanage port -a -t http_port_t -p tcp 82
[root@dlp ~]#
semanage port -l | grep "^http_port_t"

http_port_t                    tcp      82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
# just added

# after changing httpd.conf correctly, restart httpd and verify running

[root@dlp ~]#
ss -napt

State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      50           *:3306                     *:*                   users:(("mysqld",pid=1081,fd=14))
LISTEN     0      50           *:139                      *:*                   users:(("smbd",pid=867,fd=38))
LISTEN     0      128          *:22                       *:*                   users:(("sshd",pid=821,fd=3))
LISTEN     0      100    127.0.0.1:25                       *:*                   users:(("master",pid=1132,fd=13))
LISTEN     0      50           *:445                      *:*                   users:(("smbd",pid=867,fd=37))
LISTEN     0      50          :::139                     :::*                   users:(("smbd",pid=867,fd=36))
LISTEN     0      128         :::82                      :::*                   users:(("httpd",pid=1356,fd=4),("httpd",p...
LISTEN     0      128         :::22                      :::*                   users:(("sshd",pid=821,fd=4))
LISTEN     0      100        ::1:25                      :::*                   users:(("master",pid=1132,fd=14))
LISTEN     0      50          :::445                     :::*                   users:(("smbd",pid=867,fd=35))
# httpd is listening with 82
 
Tweet