SElinux error :ValueError: Port tcp/5000 already defined
I have been trying to add an exception to SELinux for apache on port 5000.So I used the command:
# semanage port -a -t http_port_t -p tcp 5000
But returns the error,
ValueError: Port tcp/5000 already defined
I tried to check if this is so with the command:
semanage port -l |grep 5000
which gave the output,
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
As you can see, 5000 is not on the list.
Is there anything obvious I am missing? Thank you in advance for your effort
So I found that another service had a defined status for TCP port 5000.
But by replacing the -a
option with -m
for modify, added tcp port 5000 to http_port_t
Solution 1:
So I found that another service had a defined status for TCP port 5000.
But by replacing the -a
option with -m
for modify, added tcp port 5000
to http_port_t
So the command that worked was:
# semanage port -m -t http_port_t -p tcp 5000
Solution 2:
On the systems I have to hand (C6, C7 and F24), tcp port 5000 has an SELinux context of commplex_port_t
. This will be why, when you try to add it you get the error message
/usr/sbin/semanage: Port tcp/5000 already defined
To change the context of tcp port 5000 from commplex_port_t
to http_port_t
you will need to use the -m | --modify switch
-m, --modify Modify a OBJECT record NAME
so
semanage port -m -t http_port_t -p tcp 5000
should do what you want
semanage port -l | grep 5000
http_port_t tcp 5000, 80, 81, 443, 488, 8008, 8009, 8443, 9000