The security team has set SELinux to Enforcing on a production web server. You are deploying a custom HTTPS service that runs in the httpd_t domain and must listen on TCP port 8443, which is not currently included in the list for the http_port_t type. When you start the service, systemd logs an AVC denial for the 'bind' operation. You need to make a persistent policy change that allows the service to bind to this port without rebuilding the policy or disabling SELinux. Which single command should you run?
semanage port -a -t http_port_t -p tcp 8443
semanage fcontext -a -t httpd_sys_content_t "/srv/app(/.*)?"
The semanage utility modifies pieces of SELinux policy without requiring a full policy rebuild. Its port sub-command manages the mapping between port numbers and SELinux port types. Adding a port to the http_port_t type tells SELinux that services running in domains allowed to bind to http_port_t (such as httpd_t) may use that port. The correct syntax is:
semanage port -a -t http_port_t -p tcp 8443
This change is stored in the SELinux policy store and persists across reboots.
The fcontext sub-command is used to label file and directory paths, such as setting content in /srv/app to the httpd_sys_content_t type so the web server can read it; it does not affect port binding denials. The boolean sub-command toggles run-time booleans, and while httpd_can_network_connect is a valid boolean, it controls outbound connections rather than listening ports. The interface sub-command labels network interfaces themselves, not port numbers. Therefore, only the port sub-command with the -a (add) option correctly solves the problem.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SELinux, and why is it important?
Open an interactive chat with Bash
What is the purpose of the `semanage port` command?
Open an interactive chat with Bash
What is an SELinux context, and how does it affect file access?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access