Summary: SELinux is preventing /usr/sbin/httpd.worker from binding to port 9830. Detailed Description: [httpd.worker has a permissive type (httpd_t). This access was not denied.] SELinux has denied the httpd.worker from binding to a network port 9830 which does not have an SELinux type associated with it. If httpd.worker should be allowed to listen on 9830, use the semanage command to assign 9830 to a port type that httpd_t can bind to (ntop_port_t, http_cache_port_t, http_port_t). If httpd.worker is not supposed to bind to 9830, this could signal an intrusion attempt. Allowing Access: If you want to allow httpd.worker to bind to port 9830, you can execute # semanage port -a -t PORT_TYPE -p tcp 9830 where PORT_TYPE is one of the following: ntop_port_t, http_cache_port_t, http_port_t. If this system is running as an NIS Client, turning on the allow_ypbind boolean may fix the problem. setsebool -P allow_ypbind=1. Additional Information: Source Context unconfined_u:system_r:httpd_t:s0 Target Context system_u:object_r:port_t:s0 Target Objects None [ tcp_socket ] Source httpd.worker Source Path /usr/sbin/httpd.worker Port 9830 Host (removed) Source RPM Packages httpd-2.2.15-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-2.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name bind_ports Host Name (removed) Platform Linux (removed) 2.6.33.2-41.fc13.x86_64 #1 SMP Mon Apr 12 14:09:42 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Fri 23 Apr 2010 04:59:35 PM JST Last Seen Fri 23 Apr 2010 04:59:35 PM JST Local ID d53a93e3-b9ad-4b40-a9e7-aadfff4d8f8e Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1272009575.110:169): avc: denied { name_bind } for pid=13241 comm="httpd.worker" src=9830 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket node=(removed) type=SYSCALL msg=audit(1272009575.110:169): arch=c000003e syscall=49 success=yes exit=68719476864 a0=3 a1=7fe717e92a60 a2=10 a3=7fff7c4e5eb0 items=0 ppid=13233 pid=13241 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="httpd.worker" exe="/usr/sbin/httpd.worker" subj=unconfined_u:system_r:httpd_t:s0 key=(null) Hash String generated from bind_ports,httpd.worker,httpd_t,port_t,tcp_socket,name_bind audit2allow suggests: #============= httpd_t ============== #!!!! This avc can be allowed using the boolean 'allow_ypbind' allow httpd_t port_t:tcp_socket name_bind;
Why is apache trying to listen to port 9830? The troubleshoot message tells you what to do. For example: semanage port -a -t http_port_t -p tcp 9830