π ~1 min read
Table of contents
Symptom & Impact
Containerized service fails to expose expected host port and stays unreachable.
Environment & Reproduction
Typically occurs with rootless podman and non-default service ports.
podman run -d -p 443:8443 myimageRoot Cause Analysis
SELinux port type does not allow the target daemon context to bind requested port.
Quick Triage
Inspect AVC denials, current port labels, and container logs.
ausearch -m avc -ts recent
semanage port -l | grep httpStep-by-Step Diagnosis
Verify runtime bind failures and policy context mismatch.
podman logs
journalctl -t setroubleshoot -n 50
Solution – Primary Fix
Label custom port with appropriate SELinux type and restart workload.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
sudo semanage port -a -t http_port_t -p tcp 8443 || sudo semanage port -m -t http_port_t -p tcp 8443
podman restart 
Solution – Alternative Approaches
Use standard allowed ports or map to an existing labeled service port.
Verification & Acceptance Criteria
Port binds successfully and traffic reaches container service.
ss -ltnp | grep 8443
curl -k https://localhost:8443Rollback Plan
Remove custom port label if not needed.
sudo semanage port -d -t http_port_t -p tcp 8443Prevention & Hardening
Maintain an approved port-to-type mapping catalog for containerized services.
Related Errors & Cross-Refs
Related to rootless networking limits and firewalld missing port exposure.
Related tutorial: View the step-by-step tutorial for rhel-10.
View all rhel-10 tutorials on the Tutorials Hub β
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Podman and SELinux container policy references for enterprise Linux.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β we respond within one business day.
