selinux http_port_t vs http_cache_port_t

Question

I need Wildfly listens to another port.

I know I need to change selinux in order to allow it.

Nevertheless, I've found exists two possible rules to change: http_port_t, and http_cache_port_t.

Questions:

What do I need to modify?
What does each one stand for?

Update your question with the output of `semanage port -l | grep http`. And also the output of `/var/log/messages` after changing WildFly. Be sure to have `setroubleshoot-server` packages installed. — , Mar 02 '17 at 11:25

score 2 · Answer 1 · edited May 23 '17 at 12:41

2

Based on https://stackoverflow.com/questions/27435655/nginx-proxy-pass-not-working-in-selinux (and https://wiki.gentoo.org/wiki/SELinux/Labels#Managing_TCP_and_UDP_port_labels), I think you need to modify http_port_t.

http_port_t describes the ports associated with webservers, where I believe http_cache_port_t describes the ports associated with proxies (Squid, for example).

edited May 23 '17 at 12:41

Community

1

answered Mar 02 '17 at 10:50

iwaseatenbyagrue

3,688
15
24

score 0 · Answer 2 · answered Mar 02 '17 at 10:49

You can find the changes you need to do by running sealert. sealert is a parth of setroubleshoot-server - install it with yum install setroubleshoot-server.

When you have it on your server, do sealert -a /var/log/audit/audit.log > log.txt and when you view the results in log.txt you will see what was blocked by selinux, why it was blocked and what do you need to do to fix it.

selinux http_port_t vs http_cache_port_t

2 Answers2