A Linux server web application runs on port 6379 SELinux is

A linux server web application runs on port 6379 selinux is - CompTIA Linux + XK0-005

Question

A Linux server web application runs on port 6379. SELinux is enforcing.
Which of the following commands should resolve the permission denied issue?

Answers

semanage port -d -t http_port_t -p tcp 6379
correct

semanage port -a -t http_port_t -p tcp 6379
semanage port -a http_port_t -p top 6379
semanage port -l -t http_port_tcp 6379

Explanation

The Correct Answer is: b. semanage port -a -t http_port_t -p tcp 6379

When SELinux is enforcing, it restricts network ports based on policy types. If your web application is running on a non-standard port like 6379, you must explicitly allow it. The correct command uses semanage port -a to add port 6379, assigns it the http_port_t type (for web services), and specifies the TCP protocol. This change tells SELinux to allow HTTP services to bind to and use port 6379.

Why Other Options Are Incorrect:

a. semanage port -d -t http_port_t -p tcp 6379: This deletes the association of port 6379 from the http_port_t context. If port 6379 isn’t already mapped, this will fail or have no effect. It doesn’t add the needed permission, so it won’t resolve the “permission denied” error in an SELinux-enforcing context.
c. semanage port -a http_port_t -p top 6379: The syntax is incorrect: -t is missing before http_port_t, and the protocol should be tcp, not top. This command would fail to execute due to both argument and protocol errors.
d. semanage port -l -t http_port_tcp 6379: This command is syntactically incorrect. The -l option is used to list all port mappings and doesn’t support -t or a specific port input like 6379. It also incorrectly refers to http_port_tcp instead of http_port_t.