CompTIA Linux+ XK0-006 (V8) Practice Question

By default, SELinux permits httpd to bind only to ports labeled with the type http_port_t (ports such as 80, 443, 8008, 8443, and a few others). Binding to an unlisted port causes the kernel to deny the operation, generating the "permission denied: make_sock" error and preventing Apache from starting.

The semanage port -a -t http_port_t -p tcp 8080 command permanently adds TCP port 8080 to the list associated with the http_port_t type, so SELinux will allow httpd to bind to it in enforcing mode. No service restart of SELinux is required-after adding the rule, starting or reloading the httpd service succeeds.

The other options do not address the cause of the denial:

• firewall-cmd --permanent --add-service=http only opens the firewall and has no effect on SELinux port labeling.
• setsebool -P httpd_can_network_connect 1 controls outbound network connections from httpd, not the ability to listen on a TCP port.
• restorecon -R -v /var/www/html resets file contexts on the document root, which does not influence port binding.

Therefore, the semanage port command is the required solution.