Solving the “Permission denied: make_sock: could not bind to address” issue when starting Apache on Linux

October 17, 2012 5 Comments

Does this looks familiar ?

[laurent2@centos2 conf]$ sudo service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:8082
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:8082
no listening sockets available, shutting down
Unable to open logs
 [FAILED]

No, it’s not because I’m not running this as root (as explained here, here and there) : you can see in the command above that I’ve used the sudo command !

It’s (again) because SELinux is preventing the httpd process to listen on port 8082.

This can be checked by having a look at the SELinux log files:

  • if the auditd daemon is running, SELinux denials are in /var/log/audit/audit.log.
  • if the daemon is not running, you’ll find them in /var/log/messages.
[laurent2@centos2 conf]$ sudo tail /var/log/audit/audit.log
[SNIP]
type=AVC msg=audit(1350478371.269:183): avc: denied { name_bind } for pid=3207 comm="httpd" src=8082 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
[SNIP]

To make sure that SELinux is indeed the culprit, you can simply temporarly disable it to see if that solves your issue:

[laurent2@centos2 conf]$ getenforce
Enforcing
[laurent2@centos2 conf]$ sudo setenforce 0
[sudo] password for laurent2:
[laurent2@centos2 conf]$ getenforce
Permissive
[laurent2@centos2 conf]$ sudo service httpd start
Starting httpd: [ OK ]

Now the reason why SELinux prevents httpd to start listening on port 8082 is because only a certain number of ports are allowed:

[laurent2@centos2 conf]$ sudo semanage port -l | grep http
 http_cache_port_t tcp 3128, 8080, 8118, 8123, 10001-10010
 http_cache_port_t udp 3130
 http_port_t tcp 80, 443, 488, 8008, 8009, 8443
 pegasus_http_port_t tcp 5988
 pegasus_https_port_t tcp 5989

(by the way: if semanage is not installed, check here)

From there, you can choose to either disable SELinux, use a port that is currently allowed, or add the port you want to use to the list of authorized ports.

Filed under Linux Tagged with , ,

About lkubaski
www.kubaski.com

5 Responses to Solving the “Permission denied: make_sock: could not bind to address” issue when starting Apache on Linux

  1. Andrzej says:
    January 10, 2014 at 8:40 am

    thank you!!! It was very helpful

    Reply
  2. Psykoral says:
    March 5, 2014 at 10:08 pm

    THANK YOU THANK YOU THANK YOU. Do you know how many “you’re not running it as root” posts I saw? lol

    Reply
  3. dodol says:
    September 12, 2014 at 2:47 am

    it works like a charm, thank you mate.

    Reply
  4. arcolife says:
    February 25, 2015 at 10:02 pm

    This made my day. Thanks mate!

    Reply
  5. Marta says:
    May 27, 2015 at 7:10 am

    Muchas gracias. Llevaba varios dias con este error sin saber como solucionarlo. Mil gracias!!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: