Best way to manage custom ports in SELinux

view full story

http://serverfault.com – On RHEL 6.2, we're using httpd on a host as a front-end proxy for Tomcat on another host, and we also have mod_status configured to listen on a non-standard port to provide status info to a monitoring tool. Therefore, we need httpd to 1) establish network connections, and 2) listen on a non-standard port. The default targeted policy (currently in permissive mode) only allows httpd to listen on a defined list of ports (semanage port -l | grep http_port_t), and won't allow httpd to make outbound network connections. aureport -a shows the AVC denials when httpd tries to bind to the custom stat (HowTos)