linux 下apche沒法監聽端口解決辦法(Permission denied: make_sock: could not bind to address)

想創建一個測試用的虛擬主機，遇到了這個問題：[root@localhost html]# service httpd startStarting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.termwikidev for ServerName(13)Permission denied: make_sock: could not bind to address [::]:81(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81no listening sockets available, shutting downUnable to open logs解決辦法：semanage port -l|grep httpsemanage port -a -t http_port_t -p tcp 81這個兩個命令一是查看，一個是添加，添加完再查看一遍，若是有81，則成功。另可能要以root用戶運行。此外，若是要外網訪問，還要打開linux的防火牆：[root@localhost html]# vim /etc/sysconfig/iptables[root@localhost html]# service iptables restart重啓apache.相關資料：starting httpd 13 permission denied make_sock could not bind to address2010年01月19日 星期二 11:33In Fedora Core 5/6 and RHEL 5. We have made it easier to customize certain common parts of SELinux. In previous releases of SELinux if you wanted to change simple things like which port a daemon could listen to, you would need to write policy. Now we have the semanage utility. SELinux assigns types to all network ports on a system. By default all ports are less then 1024 are labeled reserved_port_t and all ports > 1024 are labeled port_t. If a port is assigned to a particular type say the http port 80, it has an assigned type of http_port_t. If you want to look at all the assigned ports in SELinux, you can use the semanage tool, semanage port -l. So if you executed semanage port -l | grep httphttp_cache_port_t tcp 3128, 8080, 8118http_cache_port_t udp 3130http_port_t tcp 80, 443, 488, 8008, 8009, 8443pegasus_http_port_t tcp 5988pegasus_https_port_t tcp 5989Here we see http_port_t is assigned to ports 80, 443, 488, 8008, 8009, 8443The policy is written to allow httpd_t http_port_t:tcp_socket name_bind;This means the apache command can "bind" to an port that is labeled http_port_t.So lets say you want to run httpd on port 81.So you edit /etc/httpd/http.confand change this line Listen 80to Listen 81Now restart the daemon.service httpd restartStopping httpd: [ OK ]Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:81(13)Permission denied: make_sock: could not bind to address 0.0.0.0:81no listening sockets available, shutting downUnable to open logs[FAILED]Now the daemon fails to start because it can not bind to port 81.This generates an AVC that looks like----time->Tue Dec 12 17:37:49 2006type=SYSCALL msg=audit(1165963069.248:852): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf96a830 a2=b5b1e8 a3=9e58b68 items=0 ppid=21133 pid=21134 auid=3267 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 comm="httpd" exe="/usr/sbin/httpd" subj=user_u:system_r:httpd_t:s0 key=(null)type=AVC msg=audit(1165963069.248:852): avc: denied { name_bind } for pid=21134 comm="httpd" src=81 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socketTo fix this you can use semanage to add the portsemanage port -a -t http_port_t -p tcp 81service httpd startStarting httpd: [ OK ]