search for: http_port_t

On Wed, April 1, 2015 16:09, Andrew Holway wrote: > I used the command: semanage port -m -t http_port_t -p tcp 8000 > to relabel a port. perhaps you could try: > "semanage port -m -t unconfined_t -p tcp 8000" > Failing that; would it work to run your application in the httpd_t > domain? > I ended up having to create a custom policy to allow the other application to have acce...

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for

I wish to reuse ports 80 and 443 for a different service. When I try to assign the port context for that service I get this: /usr/sbin/semanage: Port tcp/80 already defined When I try to delete the assigned context then I get this: semanage port -d -t http_port_t -p tcp 80 /usr/sbin/semanage: Port tcp/80 is defined in policy, cannot be deleted httpd is not installed on this host. But looking at the port context assignments I see this nonetheless: semanage port -l | grep ^http_port_t http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 How d...

On Tue, 2019-02-19 at 14:17 +0000, Laack, Andrea P wrote: > Selinux will not allow connections on other than default http ports. > > semanage port -m -t http_port_t -p tcp 9200 It's not a web server port - elasticsearch is a database. P.

File a bug!!! On 2 April 2015 at 16:20, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > On Wed, April 1, 2015 16:09, Andrew Holway wrote: > > I used the command: semanage port -m -t http_port_t -p tcp 8000 > > to relabel a port. perhaps you could try: > > "semanage port -m -t unconfined_t -p tcp 8000" > > Failing that; would it work to run your application in the httpd_t > > domain? > > > > I ended up having to create a custom policy to allow...

Am 19.02.2019 um 13:55 schrieb Ionut Hoza: > Hi Ralf, > > You should check you firewall configuration ... most probably you need to > allow port 9200. > Also check if elasticsearch service is listening on all interfaces or just > localhost (127.0.0.1). Hallo, the firewall is disabled. I tried several variations in the config-file. 0.0.0.0 192.168.242.4 Only 127.0.0.1 is

...o_sid: could not convert unconfined_u:object_r:httpd_openshift_script_exec_t:s0 to sid invalid context unconfined_u:object_r:httpd_openshift_script_exec_t:s0 libsemanage.semanage_install_active: setfiles returned error code 1. semodule: Failed! semodule -R [root at xnet241 ~]# semanage port -d -t http_port_t -p tcp 80 /usr/sbin/semanage: Port tcp/80 is defined in policy, cannot be deleted -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox...

...allow httpd_t domain connecting to all ports from SELinux POV. Right now, we ship selinux-policy with httpd_graceful_shutdown turned on and httpd_can_network_connect turned off. But it's confusing for users because they have httpd_can_connect turned off but httpd_t domain can still connect co http_port_t ports becuase of httpd_gracefull_shudown. I hope it's more clear now. > Do I need to do anything in FreeIPA setup? > No if httpd_can_network_connect is enabled during FreeIPA setup, you don't need to change anything. Lukas. -- Lukas Vrabec Software Engineer, Security Technolog...

Selinux will not allow connections on other than default http ports. semanage port -m -t http_port_t -p tcp 9200 Andrea -----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Ralf Prengel Sent: Tuesday, February 19, 2019 8:09 AM To: centos at centos.org Subject: {EXTERNAL} Re: [CentOS] elasticsearch connection refused Am 19.02.2019 um 13:55 schrieb Ionut Ho...

On Tue, 2019-02-19 at 14:26 +0000, Pete Biggs wrote: > On Tue, 2019-02-19 at 14:17 +0000, Laack, Andrea P wrote: > > Selinux will not allow connections on other than default http ports. > > > > semanage port -m -t http_port_t -p tcp 9200 > > It's not a web server port - elasticsearch is a database. > Sorry, that was a bit abrupt - yes, it sort of looks like a web server. Does selinux interpret it as such? P.