Bug 212821 - hpiod: unable to bind socket 2208: Permission denied
hpiod: unable to bind socket 2208: Permission denied
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: hplip (Show other bugs)
6
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
:
Depends On:
Blocks: FC6Update
  Show dependency treegraph
 
Reported: 2006-10-29 06:49 EST by Jurandy Junior
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.6.10-1.fc6.4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-02 05:11:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jurandy Junior 2006-10-29 06:49:59 EST
Description of problem:
hpiod failed to down!

Version-Release number of selected component (if applicable):
[root@weise ~]# rpm -qa | grep hplip
hplip-1.6.7-4

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:
[root@weise ~]# cat /var/log/messages | grep hpiod
Oct 29 08:05:20 weise hpiod: unable to bind socket 2208: Permission denied 

Expected results:
hplip down without errors!

Additional info:
no change was made in original confs files!
Comment 1 Tim Waugh 2006-10-31 06:27:53 EST
Please try this test update:

  https://www.redhat.com/archives/fedora-test-list/2006-October/msg01025.html

You should be able to do this using:

  yum --enablerepo=updates-testing update hpijs hplip libsane-hpaio
Comment 2 Jurandy Junior 2006-10-31 07:12:08 EST
Hi,

I'll try the test update.


More information about the error:
[root@weise jurandy]# cat /var/log/messages | grep hpiod
Oct 30 05:48:38 weise kernel: audit(1162198118.233:71): avc:  denied  {
name_bind } for  pid=1970 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 05:48:38 weise kernel: audit(1162198118.233:71): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bfdc58d0 a2=8725170 a3=bfdc597c items=0
ppid=1969 pid=1970 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 05:48:38 weise hpiod: unable to bind socket 2208: Permission denied 
Oct 30 20:53:17 weise hpiod: unable to bind socket 2208: Permission denied 
Oct 30 20:53:20 weise kernel: audit(1162252397.987:72): avc:  denied  {
name_bind } for  pid=1983 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 20:53:20 weise kernel: audit(1162252397.987:72): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bfda6310 a2=94aa170 a3=bfda63bc items=0
ppid=1982 pid=1983 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 21:37:11 weise hpiod: unable to bind socket 2208: Permission denied 
Oct 30 21:37:11 weise kernel: audit(1162255031.921:72): avc:  denied  {
name_bind } for  pid=2035 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 21:37:11 weise kernel: audit(1162255031.921:72): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bff6d820 a2=90c8170 a3=bff6d8cc items=0
ppid=2034 pid=2035 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 23:41:05 weise hpiod: unable to bind socket 2208: Permission denied 
Oct 30 23:41:08 weise kernel: audit(1162262465.902:72): avc:  denied  {
name_bind } for  pid=2025 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 23:41:08 weise kernel: audit(1162262465.902:72): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bf9adbd0 a2=9525170 a3=bf9adc7c items=0
ppid=2024 pid=2025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 23:57:33 weise kernel: audit(1162263453.407:68): avc:  denied  {
name_bind } for  pid=1988 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0
tclass=tcp_socket
Oct 30 23:57:33 weise kernel: audit(1162263453.407:68): arch=40000003
syscall=102 success=no exit=-13 a0=2 a1=bf8cd280 a2=8718170 a3=bf8cd32c items=0
ppid=1987 pid=1988 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hpiod" exe="/usr/sbin/hpiod"
subj=system_u:system_r:hplip_t:s0 key=(null)
Oct 30 23:57:33 weise hpiod: unable to bind socket 2208: Permission denied 


More information about how reproducible:
I upgraded (not reinstall) FC5 to FC6.

I updated kernel.586 (bug:anaconda) to kernel.686.

Kernel Version:
[root@weise ~]# uname -r
2.6.18-1.2798.fc6

I have selinux installed and running in enforcing mode.
[root@weise ~]# rpm -qa | grep selinux
selinux-policy-2.4.1-3.fc6
libselinux-devel-1.30.29-2
libselinux-1.30.29-2
libselinux-python-1.30.29-2

I believe this could be a selinux problem.

Thanks for your attention.

Regards,

Jurandy Junior
Comment 3 Tim Waugh 2006-10-31 07:29:26 EST
What's in /etc/sysconfig/selinux?
Comment 4 Tim Waugh 2006-10-31 07:40:20 EST
The selinux policy should be allowing name_bind for TCP port 2208.  From looking
at the policy source code, it *does*.  The FC6 machines I have here also allow
this.  So this is a bit of a mystery to me.
Comment 5 Jurandy Junior 2006-10-31 08:00:04 EST
[root@weise jurandy]# cat /etc/sysconfig/selinux 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0 
Comment 6 Tim Waugh 2006-10-31 08:01:56 EST
Same as my config.  What does 'rpm -V hplip' say?
Comment 7 Jurandy Junior 2006-10-31 08:43:37 EST
Nothing.

[root@weise ~]# rpm -V hplip
[root@weise ~]# 
Comment 8 Daniel Walsh 2006-10-31 09:34:13 EST
You are not updated to the latest policy.  A new policy package was just
released to testing.  selinux-policy-2.4.2-3.fc6.  Please update to this version
and make sure the update is successful. 
Comment 9 Steven Stern 2006-11-01 08:06:26 EST
I'm having the same problem on a clean install of FC6 with SELINUX disabled. 
The test version seeems to have fixed the problem.
Comment 10 Fedora Update System 2006-11-01 14:27:34 EST
Errata pushed: hplip-1.6.10-1.fc6.4

Note You need to log in before you can comment on or make changes to this bug.