Bug 234742
| Summary: | selinux blocks access for hpiod to talk to scanner (hp multifunction printer) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bernard Johnson <bjohnson> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-04-12 12:53:46 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Is this a normal port for hpiod to try to connect to? hpiod is currently able to connect to network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0) You can add this port by executing semanage port -a -t hplip_port_t -P tcp 8290 Honestly, I don't know if it's a normal port - but I have to assume it is. I don't normally run with selinux on with this box because I use it for mock builds and have unresolved selinux badness going on - but that's another story. I just noticed this because the hard drive in the machine failed and I rebuilt the machine and forgot to turn off selinux right away. As far as I can tell, it's only the scanner that uses this port. Fixed in selinux-policy-2.4.6-52 Verified. |
Description of problem: selinux blocks access for hpiod to talk to scanner (hp multifunction printer). Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-46.fc6 How reproducible: Always, just try using something xsane to scan. Actual results: Apr 1 04:19:41 snowflake kernel: audit(1175422781.500:10): avc: denied { name_connect } for pid=12550 comm="hpiod" dest=8290 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket