Hide Forgot
Description of problem: SELinux is preventing smfpnetdiscover from 'name_bind' accesses on the udp_socket port 22161. ***** Plugin bind_ports (92.2 confidence) suggests ************************ If you want to allow smfpnetdiscover to bind to network port 22161 Then you need to modify the port type. Do # semanage port -a -t PORT_TYPE -p udp 22161 где PORT_TYPE может принимать значения: howl_port_t, ipp_port_t. ***** Plugin catchall_boolean (7.83 confidence) suggests ****************** If вы хотите выполнить следующее: allow nis to enabled Then вы должны сообщить SELinux об этом, включив переключатель «nis_enabled». Дополнительная документация на 'None' ман странице. Do setsebool -P nis_enabled 1 ***** Plugin catchall (1.41 confidence) suggests ************************** If вы считаете, что smfpnetdiscover следует разрешить доступ name_bind к port 22161 udp_socket по умолчанию. Then рекомендуется создать отчет об ошибке. Чтобы разрешить доступ, можно создать локальный модуль политики. Do allow this access for now by executing: # ausearch -c 'smfpnetdiscover' --raw | audit2allow -M my-smfpnetdiscover # semodule -X 300 -i my-smfpnetdiscover.pp Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:unreserved_port_t:s0 Target Objects port 22161 [ udp_socket ] Source smfpnetdiscover Source Path smfpnetdiscover Port 22161 Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.24.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.7.7-100.fc23.x86_64 #1 SMP Fri Oct 7 22:16:13 UTC 2016 x86_64 x86_64 Alert Count 13 First Seen 2016-09-20 12:02:36 MSK Last Seen 2016-10-21 01:52:28 MSK Local ID eb620e66-a897-43bf-a5f7-219de838b76f Raw Audit Messages type=AVC msg=audit(1477003948.162:329): avc: denied { name_bind } for pid=16867 comm="smfpnetdiscover" src=22161 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=0 Hash: smfpnetdiscover,cupsd_t,unreserved_port_t,udp_socket,name_bind Version-Release number of selected component: selinux-policy-3.13.1-158.24.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.7.7-100.fc23.x86_64 type: libreport
hi, Is port "22161" default used by smfpnetdiscover? Thanks.
Hi Lukas, I am only bind's co-maintainer for short time, so I suggest you ask thozza or pemensik.
$ dnf whatprovides */smfpnetdiscover Last metadata expiration check: 26 days, 3:44:11 ago on Wed Oct 26 13:17:07 2016. Error: No Matches found $ dnf search *smfpnetdiscover* Last metadata expiration check: 26 days, 3:45:32 ago on Wed Oct 26 13:17:07 2016. Error: No matches found. I'm definitely not the right person to provide any info in this bug. BTW there seems to be no package named "smfpnetdiscover" in Fedora as well as no package providing executable file named "smfpnetdiscover".
Thanks Tomas. Closing this issue as WONTFIX. If you want allow it on your system please run: #semanage port -a -t ipp_port_t -p udp 2216 Lukas.
smfpnetdiscovery is part of Samsung's closed drivers for the M2026 and similar printers. It didn't give this error on f24... but seems to have started for me on f27. (Last I tried the open drivers didn't work with their new printer)