I'm trying to bind apache to ports other than 80 and 443
(because can't run namevirtualhost for ssl connections, so people that need ssl get their own port)
Good ol selinux is blocking it:
Feb 20 19:33:44 quickesthosting kernel: audit(1203557624.641:64): avc: denied { name_bind } for pid=17701 comm="httpd" src=10443 scontext=root:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=tcp_socket
Looked up how to fix it, found the command:
/usr/sbin/semanage port -a -t http_port_t -p tcp 10443
But the command doesn't exist, I looked for a package ( up2date --show-available > /root/available ) but ether it doesn't exist or named something obscure.
only selinux items not installed:
selinux-doc-1.14.1-1.noarch
selinux-policy-targeted-sources-1.17.30-2.149.noarch
PS. I don't run X GUI (going through some of the selinux commands require this) and I like the idea of leaving selinux enabled.
Full Version: selinux & port management
[root@basic ~]# rpm -qf /usr/sbin/semanage
policycoreutils-1.33.12-12.el5
[root@basic ~]#
policycoreutils-1.33.12-12.el5
[root@basic ~]#
QUOTE (jjhurani @ Feb 20 2008, 08:02 PM) 
[root@basic ~]# rpm -qf /usr/sbin/semanage
policycoreutils-1.33.12-12.el5
[root@basic ~]#
policycoreutils-1.33.12-12.el5
[root@basic ~]#
Thanks, guess my system is out of date, because my installed policycoreutils is missing that, and there isn't an update available in up2date.
[root@quickesthosting ~]# up2date --dry-run -i policycoreutils
Fetching Obsoletes list for channel: rhel-x86_64-es-4...
Fetching rpm headers...
########################################
Name Version Rel
----------------------------------------------------------
The following packages you requested are already updated:
policycoreutils
[root@quickesthosting ~]#
looks like I have policycoreutils-1.18.1-4.13.x86_64 installed.
I'm not sure what to do now, I don't think I'm up to the task of running "--upgrade-to-release=5". Have a feeling it would kill the box and end up having to pay theplanet to format and start over. Strange, wonder what people did in the old version of policycoreutils to add/change ports. Guess more digging is required.
QUOTE (vxspiritxv @ Feb 21 2008, 01:56 AM)
Thanks, guess my system is out of date, because my installed policycoreutils is missing that, and there isn't an update available in up2date.
[root@quickesthosting ~]# up2date --dry-run -i policycoreutils
Fetching Obsoletes list for channel: rhel-x86_64-es-4...
Fetching rpm headers...
########################################
Name Version Rel
----------------------------------------------------------
The following packages you requested are already updated:
policycoreutils
[root@quickesthosting ~]#
looks like I have policycoreutils-1.18.1-4.13.x86_64 installed.
I'm not sure what to do now, I don't think I'm up to the task of running "--upgrade-to-release=5". Have a feeling it would kill the box and end up having to pay theplanet to format and start over. Strange, wonder what people did in the old version of policycoreutils to add/change ports. Guess more digging is required.
[root@quickesthosting ~]# up2date --dry-run -i policycoreutils
Fetching Obsoletes list for channel: rhel-x86_64-es-4...
Fetching rpm headers...
########################################
Name Version Rel
----------------------------------------------------------
The following packages you requested are already updated:
policycoreutils
[root@quickesthosting ~]#
looks like I have policycoreutils-1.18.1-4.13.x86_64 installed.
I'm not sure what to do now, I don't think I'm up to the task of running "--upgrade-to-release=5". Have a feeling it would kill the box and end up having to pay theplanet to format and start over. Strange, wonder what people did in the old version of policycoreutils to add/change ports. Guess more digging is required.
Looks like your right. The semanage utility doesnt seem to be available for el4.
This page may at least help get you in the right direction http://tanso.net/selinux/
QUOTE (jjhurani @ Feb 21 2008, 11:33 PM)
Looks like your right. The semanage utility doesnt seem to be available for el4.
This page may at least help get you in the right direction http://tanso.net/selinux/
This page may at least help get you in the right direction http://tanso.net/selinux/
Thanks, that got me much further in understanding it...
up2date -i selinux-policy-targeted-sources
edit /etc/selinux/targeted/src/policy/net_contexts
added: portcon tcp 10443 system_u:object_r:http_port_t
ran make command.
I'm almost sure its the correct way to do it for this version, but still not working
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.