文档章节

Permission denied: make_sock: could not bind to...

鱼北子
 鱼北子
发布于 2012/08/27 16:03
字数 600
阅读 231
收藏 0
想建立一个测试用的虚拟主机,遇到了这个问题:
[root@localhost html]# service httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.termwikidev for ServerName
(13)Permission denied: make_sock: could not bind to address [::]:81
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81
no listening sockets available, shutting down
Unable to open logs

解决办法:

semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 81

这个两个命令一是查看,一个是添加,添加完再查看一遍,如果有81,则成功。另可能要以root用户运行。

此外,如果要外网访问,还要打开linux的防火墙:

[root@localhost html]# vim /etc/sysconfig/iptables
[root@localhost html]# service iptables restart

重启apache.

相关资料:

starting httpd 13 permission denied make_sock could not bind to address2010年01月19日 星期二 11:33In Fedora Core 5/6 and RHEL 5. We have made it easier to customize certain common parts of SELinux. In previous releases of SELinux if you wanted to change simple things like which port a daemon could listen to, you would need to write policy. Now we have the semanage utility. 

SELinux assigns types to all network ports on a system. By default all ports are less then 1024 are labeled reserved_port_t and all ports > 1024 are labeled port_t. If a port is assigned to a particular type 
say the http port 80, it has an assigned type of http_port_t. If you want to look at all the assigned ports in SELinux, you can use the semanage tool, semanage port -l. 

So if you executed 

semanage port -l | grep http
http_cache_port_t tcp 3128, 8080, 8118
http_cache_port_t udp 3130
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989

Here we see http_port_t is assigned to ports 80, 443, 488, 8008, 8009, 8443

The policy is written to allow httpd_t http_port_t:tcp_socket name_bind;

This means the apache command can "bind" to an port that is labeled http_port_t.

So lets say you want to run httpd on port 81.

So you edit /etc/httpd/http.conf

and change this line 
Listen 80
to 
Listen 81


Now restart the daemon.
service httpd restart
Stopping httpd: [ OK ]
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:81
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81
no listening sockets available, shutting down
Unable to open logs
[FAILED]

Now the daemon fails to start because it can not bind to port 81.

This generates an AVC that looks like

----
time->Tue Dec 12 17:37:49 2006
type=SYSCALL msg=audit(1165963069.248:852): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 a3=9e58b68 items=0 ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 comm="httpd" exe="/usr/sbin/httpd" subj=user_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1165963069.248:852): avc: denied { name_bind } for pid=21134 comm="httpd" src=81 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket

To fix this you can use semanage to add the port

semanage port -a -t http_port_t -p tcp 81

service httpd start
Starting httpd: [ OK ]

本文转载自:http://hi.baidu.com/2012klong/item/1e2ab0213ed299cba5275a33

鱼北子

鱼北子

粉丝 23
博文 39
码字总数 7139
作品 0
昌平
技术主管
私信 提问
关于apache2在linux启动命令的疑问

coat@Blue :~$ apache2ctl restart /usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted) httpd not running, trying to start (13)Permission denied: make_s......

coat
2013/12/08
1K
8
linux sudo su 的问题

现有普通用户covapp. 使用这个用户启动apache,启动不了,加个sudo就可以执行,请问为什么?我的意思是,sudo究竟干了什么让我尅顺利执行?我man的结果是:sudo, sudoedit - execute a comm...

5毛
2013/03/19
449
3
http启动时提示如下错误Permission denied

apache配置了多端口,启动时提示如下错误,原因是selinux开启导致 [root@zabbix-server-155 conf]# /etc/init.d/httpd start Starting httpd: [Tue Dec 20 11:34:44 2016] [warn] NameVirtu......

全村人希望
2018/06/26
0
0
selinux未禁用导致httpd无法使用非80等默认端口

现象 修改httpd端口为9080,并启动提示如下: [root@haifeng ~]# service httpd start Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:9080 (13)Permis......

hua_zi
2013/08/19
741
0
Install Apache in Linux

Simple Note: step1: install APR http://apr.apache.org/download.cgi step2: install APR-Util http://apr.apache.org/download.cgi step3: install pcre http://jaist.dl.sourceforge.net......

ganludong
2013/12/27
0
0

没有更多内容

加载失败,请刷新页面

加载更多

电子字典C语言链表版

#define _CRT_SECURE_NO_WARNINGS#include <stdio.h>#include <stdlib.h>#include <string.h>#include <time.h>struct dict{ char *key; char *content; struct dict *ne......

holdbody
26分钟前
4
0
windows 查看 端口使用情况

资料 https://jingyan.baidu.com/article/3c48dd34491d47e10be358b8.html 统计端口连接数 netstat -an|find "8080" /c...

zaolonglei
26分钟前
3
0
OSG 屏幕空间环境光遮蔽(SSAO)讲义3 算法的核心

先介绍SSAO 接着介绍SSAO的核心算法 延迟着色法的采样 颜色采样 把像机的几个参数传入Shader SSAO渲染 建立SSAO摄像机 SSAO摄像机显示漫反射采样 先用上下像素点的方案, 再次讲原理. 换用RGB...

洛克人杰洛
46分钟前
2
0
聊聊rocketmq的AccessChannel

序 本文主要研究一下rocketmq的AccessChannel AccessChannel rocketmq-client-4.5.2-sources.jar!/org/apache/rocketmq/client/AccessChannel.java public enum AccessChannel { /** ......

go4it
昨天
9
0
自己实现 aop 和 spring aop

上文 说到,我们可以在 BeanPostProcessor 中对 bean 的初始化前化做手脚,当时也说了,我完全可以生成一个代理类丢回去。 代理类肯定要为用户做一些事情,不可能像学设计模式的时候创建个代...

sanri1993
昨天
5
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部