18

I have been trying to add an exception to SELinux for apache on port 5000.So I used the command:

 # semanage port -a -t http_port_t -p tcp 5000

But returns the error,

ValueError: Port tcp/5000 already defined

I tried to check if this is so with the command:

semanage port -l |grep 5000

which gave the output,

http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

As you can see, 5000 is not on the list.

Is there anything obvious I am missing? Thank you in advance for your effort

So I found that another service had a defined status for TCP port 5000.

But by replacing the -a option with -m for modify, added tcp port 5000 to http_port_t

2 Answers2

37

So I found that another service had a defined status for TCP port 5000.

But by replacing the -a option with -m for modify, added tcp port 5000 to http_port_t

So the command that worked was:

# semanage port -m -t http_port_t -p tcp 5000
11

On the systems I have to hand (C6, C7 and F24), tcp port 5000 has an SELinux context of commplex_port_t. This will be why, when you try to add it you get the error message

/usr/sbin/semanage: Port tcp/5000 already defined

To change the context of tcp port 5000 from commplex_port_t to http_port_t you will need to use the -m | --modify switch

-m, --modify     Modify a OBJECT record NAME

so

semanage port -m -t http_port_t -p tcp 5000

should do what you want

semanage port -l | grep 5000
http_port_t                tcp      5000, 80, 81, 443, 488, 8008, 8009, 8443, 9000
user9517
  • 114,104
  • 20
  • 206
  • 289