http://www.kinggoo.com/archives/starting-httpd-13permission-denied-make_sock-could-not-bind-to-address-%e8%a7%a3%e5%86%b3%e5%8a%9e%e6%b3%95.html
如果修改过端口或添加过端口监听,重新Apache的时候可能会出现如下错误:
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:9000
 


故事发生理由:
我在设置9000端口为testlink服务端口后重新apache时出错:

[root@LC-VM12 testlink]# service httpd  restart             
Stopping httpd:                                            [  OK  ]
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:9000
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:9000
no listening sockets available, shutting down
Unable to open logs
                                                           [FAILED]


解决办法:
semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 81

过程:

[root@LC-VM12 testlink]# semanage port -l|grep http
http_cache_port_t tcp 3128, 8080, 8118, 11211, 10001-10010
http_cache_port_t udp 3130, 11211
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@LC-VM12 testlink]# service iptables status
Firewall is stopped.
[root@LC-VM12 testlink]# semanage port -a -t http_port_t -p tcp 9000
[root@LC-VM12 testlink]# service iptables status
Firewall is stopped.
[root@LC-VM12 testlink]# semanage port -l|grep http
http_cache_port_t tcp 3128, 8080, 8118, 11211, 10001-10010
http_cache_port_t udp 3130, 11211
http_port_t tcp 9000, 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@LC-VM12 testlink]# semanage


参考信息:

semanage使用详解
NAME
semanage - SELinux Policy Management tool
SYNOPSIS
Output local customizations:导出selinux当前策略
semanage [ -S store ] -o [ output_file | - ]
Input local customizations:导入selinux策略
semanage [ -S store ] -i [ input_file | - ]
Manage booleans. Booleans allow the administrator to modify the confinement of processes based on his configuration.:管理一些进程、服务的开关、配置等等,全是开关两个状态
semanage boolean [-S store] -{d|m|l|n|D} -[-on|-off|1|0] -F boolean | boolean_file
Manage SELinux confined users (Roles and levels for an SELinux user)
semanage user [-S store] -{a|d|m|l|n|D} [-LrRP] selinux_name
Manage login mappings between linux users and SELinux confined users:将linux已存在的用户user映射到登陆保护
semanage login [-S store] -{a|d|m|l|n|D} [-sr] login_name | %groupname
-a:添加
-d:删除
-m:修改
-l:列举
-n:不打印说明头
-D:全部删除
例子:semanage login -a -s unconfined_u leowang
Manage network port type definitions:管理网络端口
semanage port [-S store] -{a|d|m|l|n|D} [-tr] [-p proto] port | port_range
-t:类型
-r:角色
例子:semanage port -a -t http_port_t -p tcp 81
Manage network interface type definitions
semanage interface [-S store] -{a|d|m|l|n|D} [-tr] interface_spec
Manage network node type definitions
semanage node [-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address
Manage file context mapping definitions:管理文件安全上下文的映射
-f:文件
-s:用户
-t:类型
-r:角色
semanage fcontext [-S store] -{a|d|m|l|n|D} [-frst] file_spec
semanage fcontext [-S store] -{a|d|m|l|n|D} -e replacement target
例子:semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"    //新建一条规则,指定/web目录及其下的所有文件的扩展属性为httpd_sys_content_t
Manage processes type enforcement mode
semanage permissive [-S store] -{a|d|l|n|D} type
Disable/Enable dontaudit rules in policy
semanage dontaudit [-S store] [ on | off ]
Execute multiple commands within a single transaction.
semanage [-S store] -i command-file