From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050309 Epiphany/1.5.8 Description of problem: I don't seem to be able to add a remote LPD printer using system-config-printer. In the GUI I get the error: Unable to reserve port: Permission denied when I try and print a test page. In /var/log/audit.log I get the following: type=KERNEL msg=audit(1111142292.822:5285658): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=883 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142293.825:5287764): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=882 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142293.825:5287764): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=372 items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142294.827:5288825): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=371 items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142294.827:5288825): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=881 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142295.830:5290758): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=370 items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142295.830:5290758): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=880 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142296.833:5293169): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=36f items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142296.833:5293169): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=879 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142297.836:5294586): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=36e items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142297.836:5294586): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=878 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142298.839:5295089): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=36d items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142298.839:5295089): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=877 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142299.842:5297669): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=36c items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142299.842:5297669): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=876 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142300.845:5298902): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=36b items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142300.845:5298902): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=875 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket type=KERNEL msg=audit(1111142301.847:5300512): syscall=102 exit=-13 a0=2 a1=bfec7004 a2=bc7ff4 a3=36a items=0 pid=7333 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111142301.847:5300512): avc: denied { name_bind } for pid=7333 exe=/usr/lib/cups/backend/lpd src=874 scontext=user_u:system_r:cupsd_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket Version-Release number of selected component (if applicable): selinux-policy-targeted-sources-1.23.2-1 How reproducible: Always Steps to Reproduce: 1. Fresh install of FC4T1 2. Run system-config-printer, entering root password if necessary 3. Add new remote LPD printer, finish by saying yes to "Print test page" question Actual Results: No test page is printed, error message in GUI printer list: Unable to reserve port: Permission denied Expected Results: Test page should be printed, printer should be available for use. Additional info: This is a regression from FC3, printing with same printer and settings worked perfectly.
I am having the same identical problem. I filed bug #151345 against system-config-printer. This may be the better component for that bug
*** Bug 151345 has been marked as a duplicate of this bug. ***
I've merged these two bugs. The actual change needs to happen in the SELinux policy, since the lpd backend really does need to do use port 515 for outbound connections.
Please run 'setenforce 0' and try again, and then post the resulting messages. Are there any new ones?
After running "setenforce 0" I can add the printer and it will print the test page. I get the following in /var/log/audit.log: type=KERNEL msg=audit(1111164267.701:10910176): item=1 inode=131075 dev=00:00 type=KERNEL msg=audit(1111164267.701:10910176): item=0 name=/bin/hostname inode=229610 dev=00:00 type=KERNEL msg=audit(1111164267.701:10910176): syscall=11 exit=0 a0=9d888e0 a1=9d82dc0 a2=9a2c220 a3=9a2c25d items=2 pid=13683 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { write } for pid=13683 exe=/bin/hostname path=/var/cache/alchemist/printconf.rpm/wm/_PRINTCONF_BACKEND_ dev=dm-4 ino=524334 scontext=root:system_r:hostname_t tcontext=user_u:object_r:cupsd_rw_etc_t tclass=file type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { write } for pid=13683 exe=/bin/hostname path=pipe:[60342] dev=pipefs ino=60342 scontext=root:system_r:hostname_t tcontext=root:system_r:unconfined_t tclass=fifo_file type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { read } for pid=13683 exe=/bin/hostname path=pipe:[60342] dev=pipefs ino=60342 scontext=root:system_r:hostname_t tcontext=root:system_r:unconfined_t tclass=fifo_file type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { read } for pid=13683 exe=/bin/hostname path=/var/cache/alchemist/printconf.rpm/wm/_PRINTCONF_BACKEND_ dev=dm-4 ino=524334 scontext=root:system_r:hostname_t tcontext=user_u:object_r:cupsd_rw_etc_t tclass=file type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { read } for pid=13683 exe=/bin/hostname path=/usr/share/printconf/util/queueTree.py dev=dm-3 ino=2556993 scontext=root:system_r:hostname_t tcontext=system_u:object_r:printconf_t tclass=file
The hostname bugs make no sence. I have fixed the original problem in fixed in selinux-policy-targeted-1.23.3-2 Dan
Does this have anything to do with bug# 145292 ?
selinux-policy-targeted-1.23.3-2 fixes the original problem for me. I can now add a remote LPD printer using system-config-printer and print a test page. Who is repsonsible for marking this bug as fixed?
Usually the poster if he is satisfied with the fix.