SElinux error :ValueError: Port tcp/5000 already defined

Question

I have been trying to add an exception to SELinux for apache on port 5000.So I used the command:

 # semanage port -a -t http_port_t -p tcp 5000

But returns the error,

ValueError: Port tcp/5000 already defined

I tried to check if this is so with the command:

semanage port -l |grep 5000

which gave the output,

http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

As you can see, 5000 is not on the list.

Is there anything obvious I am missing? Thank you in advance for your effort

So I found that another service had a defined status for TCP port 5000.

But by replacing the -a option with -m for modify, added tcp port 5000 to http_port_t

score 37 · Accepted Answer · answered Jul 18 '16 at 10:16

37

So I found that another service had a defined status for TCP port 5000.

But by replacing the -a option with -m for modify, added tcp port 5000 to http_port_t

So the command that worked was:

# semanage port -m -t http_port_t -p tcp 5000

answered Jul 18 '16 at 10:16

panickedprocrastinator

661
1
5
8

score 11 · Answer 2 · answered Jul 18 '16 at 10:16

On the systems I have to hand (C6, C7 and F24), tcp port 5000 has an SELinux context of commplex_port_t. This will be why, when you try to add it you get the error message

/usr/sbin/semanage: Port tcp/5000 already defined

To change the context of tcp port 5000 from commplex_port_t to http_port_t you will need to use the -m | --modify switch

-m, --modify     Modify a OBJECT record NAME

so

semanage port -m -t http_port_t -p tcp 5000

should do what you want

semanage port -l | grep 5000
http_port_t                tcp      5000, 80, 81, 443, 488, 8008, 8009, 8443, 9000

Yes, thank you, it did what i needed. I stumbled on the answer on the comment section of a blog with the help of my colleague as well :) — panickedprocrastinator, Jul 18 '16 at 10:32

SElinux error :ValueError: Port tcp/5000 already defined

2 Answers2