Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Apache 2.0 Running a site on another port with a second ipaddress

On 4/20/07, Stephen B Goldman <sgoldman at> wrote:
> Hello Tom,
>    This is a second address on the machine -
> The first in  which listens on 80
> The second Virtual Host is  which should listen on 1185-
> I tested on 80 and it worked-
> the goal is it to have listen on 1185
> and this is where the problem is.

As Tom pointed out earlier,

    kernel: audit(1177078045.770:10): avc:  denied  { name_bind }
    for  pid=6497 comm="httpd" src=1185 scontext=root:system_r:httpd_t
    tcontext=system_u:object_r:port_t tclass=tcp_socket

shows that SELinux is blocking apache from using any port except 80
(and perhaps 443 for SSL).

Running audit2allow against that line shows the selinux rule

    allow httpd_t port_t:tcp_socket name_bind;

would allow apache to bind to any port. That may be more open than
you want to make it, though.

I haven't messed around with selinux much, I've basically just read
the O'Reilly book on SELinux. I believe you need to install the
selinjux-sources package in order to customize the rules. There's
probably a decent FAQ or HOWTO document out there, though.

John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj at
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /