cups-lpd: Unable to reserve port: Permission denied
Garry Williams
gtwilliams at gmail.com
Tue Apr 3 19:05:46 UTC 2007
I'm copying the list so others can benefit.
On 4/2/07, David Hull <hull at snap.com> wrote:
> Hi. I saw your post on the web about your CUPS LPD problem. I've
> recently starting seeing the same issue here. I have no understanding
> of the underlying problem, but I was able to work around it by changing
> the printer URI from:
>
> lpd://marengo.pas.lab/milli
>
> to
>
> lpd://marengo.pas.lab/milli?reserve=none
Thank you for the suggestion. It worked.
(Actually my URI is lpd://ip-address/?reserve=none .)
I believe that the underlying cause of this problem is a change to the
selinux policy for cups. I believe that a recent change to the policy
restricts the cups process to only being able to bind to port 631. (I
can't explain the lack of any avc message when the cups-lpd process
receives an error from bind() due to the policy.)
I don't know whether to call this a bug in the selinux policy or a bug
in cups-lpd. It seems that there are historical reasons why a
*client* wants or even must bind to a privileged port number. Anyway,
the work-around you suggest is probably better than modifying the cups
selinux policy. Most folks never want to access a lpd server.
--
Garry Williams +1 678 656-4579
More information about the fedora-list
mailing list