Bug 212821

Summary: hpiod: unable to bind socket 2208: Permission denied
Product: [Fedora] Fedora Reporter: Jurandy Junior <jurandy_junior>
Component: hplipAssignee: Tim Waugh <twaugh>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: subscribed-lists
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: 1.6.10-1.fc6.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-02 10:11:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 207681    

Description Jurandy Junior 2006-10-29 11:49:59 UTC 
Description of problem:
hpiod failed to down!

Version-Release number of selected component (if applicable):
[root@weise ~]# rpm -qa | grep hplip
hplip-1.6.7-4

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:
[root@weise ~]# cat /var/log/messages | grep hpiod
Oct 29 08:05:20 weise hpiod: unable to bind socket 2208: Permission denied 

Expected results:
hplip down without errors!

Additional info:
no change was made in original confs files!
Comment 1 Tim Waugh 2006-10-31 11:27:53 UTC 
Please try this test update:

  https://www.redhat.com/archives/fedora-test-list/2006-October/msg01025.html

You should be able to do this using:

  yum --enablerepo=updates-testing update hpijs hplip libsane-hpaio
Comment 2 Jurandy Junior 2006-10-31 12:12:08 UTC 
Hi,

I'll try the test update.


More information about the error:
[root@weise jurandy]# cat /var/log/messages | grep hpiod
Oct 30 05:48:38 weise kernel: audit(1162198118.233:71): avc:  denied  {
name_bind } for  pid=1970 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 05:48:38 weise kernel: audit(1162198118.233:71): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bfdc58d0 a2=8725170 a3=bfdc597c items=0
ppid=1969 pid=1970 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 05:48:38 weise hpiod: unable to bind socket 2208: Permission denied 
Oct 30 20:53:17 weise hpiod: unable to bind socket 2208: Permission denied 
Oct 30 20:53:20 weise kernel: audit(1162252397.987:72): avc:  denied  {
name_bind } for  pid=1983 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 20:53:20 weise kernel: audit(1162252397.987:72): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bfda6310 a2=94aa170 a3=bfda63bc items=0
ppid=1982 pid=1983 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 21:37:11 weise hpiod: unable to bind socket 2208: Permission denied 
Oct 30 21:37:11 weise kernel: audit(1162255031.921:72): avc:  denied  {
name_bind } for  pid=2035 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 21:37:11 weise kernel: audit(1162255031.921:72): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bff6d820 a2=90c8170 a3=bff6d8cc items=0
ppid=2034 pid=2035 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 23:41:05 weise hpiod: unable to bind socket 2208: Permission denied 
Oct 30 23:41:08 weise kernel: audit(1162262465.902:72): avc:  denied  {
name_bind } for  pid=2025 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 23:41:08 weise kernel: audit(1162262465.902:72): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bf9adbd0 a2=9525170 a3=bf9adc7c items=0
ppid=2024 pid=2025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 23:57:33 weise kernel: audit(1162263453.407:68): avc:  denied  {
name_bind } for  pid=1988 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 23:57:33 weise kernel: audit(1162263453.407:68): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bf8cd280 a2=8718170 a3=bf8cd32c items=0
ppid=1987 pid=1988 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 23:57:33 weise hpiod: unable to bind socket 2208: Permission denied 


More information about how reproducible:
I upgraded (not reinstall) FC5 to FC6.

I updated kernel.586 (bug:anaconda) to kernel.686.

Kernel Version:
[root@weise ~]# uname -r
2.6.18-1.2798.fc6

I have selinux installed and running in enforcing mode.
[root@weise ~]# rpm -qa | grep selinux
selinux-policy-2.4.1-3.fc6
libselinux-devel-1.30.29-2
libselinux-1.30.29-2
libselinux-python-1.30.29-2

I believe this could be a selinux problem.

Thanks for your attention.

Regards,

Jurandy Junior
Comment 3 Tim Waugh 2006-10-31 12:29:26 UTC 
What's in /etc/sysconfig/selinux?
Comment 4 Tim Waugh 2006-10-31 12:40:20 UTC 
The selinux policy should be allowing name_bind for TCP port 2208.  From looking
at the policy source code, it *does*.  The FC6 machines I have here also allow
this.  So this is a bit of a mystery to me.
Comment 5 Jurandy Junior 2006-10-31 13:00:04 UTC 
[root@weise jurandy]# cat /etc/sysconfig/selinux 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
Comment 6 Tim Waugh 2006-10-31 13:01:56 UTC 
Same as my config.  What does 'rpm -V hplip' say?
Comment 7 Jurandy Junior 2006-10-31 13:43:37 UTC 
Nothing.

[root@weise ~]# rpm -V hplip
[root@weise ~]#
Comment 8 Daniel Walsh 2006-10-31 14:34:13 UTC 
You are not updated to the latest policy.  A new policy package was just
released to testing.  selinux-policy-2.4.2-3.fc6.  Please update to this version
and make sure the update is successful.
Comment 9 Steven Stern 2006-11-01 13:06:26 UTC 
I'm having the same problem on a clean install of FC6 with SELINUX disabled. 
The test version seeems to have fixed the problem.
Comment 10 Fedora Update System 2006-11-01 19:27:34 UTC 
Errata pushed: hplip-1.6.10-1.fc6.4