Summary: SELinux is preventing /usr/sbin/lighttpd from binding to port 9091. Detailed Description: SELinux has denied the lighttpd from binding to a network port 9091 which does not have an SELinux type associated with it. If lighttpd should be allowed to listen on 9091, use the semanage command to assign 9091 to a port type that httpd_t can bind to (ntop_port_t, http_cache_port_t, http_port_t). If lighttpd is not supposed to bind to 9091, this could signal an intrusion attempt. Allowing Access: If you want to allow lighttpd to bind to port 9091, you can execute # semanage port -a -t PORT_TYPE -p tcp 9091 where PORT_TYPE is one of the following: ntop_port_t, http_cache_port_t, http_port_t. If this system is running as an NIS Client, turning on the allow_ypbind boolean may fix the problem. setsebool -P allow_ypbind=1. Additional Information: Source Context unconfined_u:system_r:httpd_t:s0 Target Context system_u:object_r:port_t:s0 Target Objects None [ tcp_socket ] Source lighttpd Source Path /usr/sbin/lighttpd Port 9091 Host (removed) Source RPM Packages lighttpd-1.4.26-2.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.7-7.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name bind_ports Host Name (removed) Platform Linux (removed) 2.6.35.6-48.fc14.i686 #1 SMP Fri Oct 22 15:34:36 UTC 2010 i686 i686 Alert Count 1 First Seen Sun 07 Nov 2010 11:27:53 PM EST Last Seen Sun 07 Nov 2010 11:27:53 PM EST Local ID 96c71c45-6656-45f6-9769-d07a112920d8 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1289190473.404:20326): avc: denied { name_bind } for pid=2577 comm="lighttpd" src=9091 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket node=(removed) type=SYSCALL msg=audit(1289190473.404:20326): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfa444c0 a2=92b18f0 a3=0 items=0 ppid=2576 pid=2577 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) Hash String generated from bind_ports,lighttpd,httpd_t,port_t,tcp_socket,name_bind audit2allow suggests: #============= httpd_t ============== #!!!! This avc can be allowed using the boolean 'allow_ypbind' allow httpd_t port_t:tcp_socket name_bind;
Why is lighttpd trying to listen to port 9091? The troubleshoot message tells you what to do. For example: semanage port -a -t http_port_t -p tcp 9091