php-fpm error unable to bind listening socket for
博客专区 > china008 的博客 > 博客详情
php-fpm error unable to bind listening socket for
china008 发表于2年前
php-fpm error unable to bind listening socket for
  • 发表于 2年前
  • 阅读 68
  • 收藏 0
  • 点赞 0
  • 评论 0
摘要: php-fpm error unable to bind listening socket for address '127.0.0.1:9003': Permission denied (13)

0 down vote

SELinux can be configured to stop programs from opening ports, even ports above 1024. This can be a useful protection against malware.


If SELinux is enabled (which you can check by running getenforce - if the respons is Enforced, that means that SELinux is active), there are two ways of fixing the problem.


First, the easy way. This one is to simply disable SELinux. The downside is that your server is now far more vulnerable to compromise/hacking/attacks. If you do choose to make your server less secure, you can run the command setenforce 0. You will also need to change the configuration to stop it from being reactivated after restart; this is done by editing the file /etc/selinux/config and changing the line


SELINUX=enforcing

to


SELINUX=disabled

Second, the secure way . This is to change your selinux configuration to allow this port to be opened. Since SELinux is a very complicated thing - as it must be, to do what it does - it takes a bit of work. There is one shortcut, though, which is to let SELinux itself figure out what new permissions it needs to allow.


In order to do this, you start by setting SELinux to permissive instead of disabled. This means that SELinux won't be enforcing its rules, but it will log the information about everything that it would have stopped if it had been enforcing them. Once you've had your application running, you can pass the contents of the log to audit2allow which will help you create the rules you need:


grep php-fpm /var/log/audit/audit.log | audit2allow -m phpfpm > phpfpmlocal.tmp

You should look in the file phpfpmlocal.tmp to verify that the permissions look OK. Once you've done so, and made any edits that seem reasonable to you, re-run audit2allow again to build the module, and semodule to load it


grep php-fpm /var/log/audit/audit.log | audit2allow -M phpfpmlocal

semodule -i phpfmlocal.pp 

Once the new module is loaded, you can turn enforcement back on.


共有 人打赏支持
粉丝 6
博文 182
码字总数 30406
×
china008
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: