Ask Your Question
0

cups: I can not share printers

asked 2017-08-19 00:53:54 -0500

toddandmargo gravatar image

updated 2017-08-19 02:32:34 -0500

vtrefny gravatar image

Hi All,

 # rpm -qa cups\*
cups-lpd-2.2.2-6.fc26.x86_64
cups-filters-1.13.4-3.fc26.x86_64
cups-filesystem-2.2.2-6.fc26.noarch
cups-2.2.2-6.fc26.x86_64
cups-pdf-2.6.1-12.fc26.x86_64
cups-pk-helper-0.2.6-2.fc26.x86_64
cups-libs-2.2.2-6.fc26.x86_64
cups-filters-libs-1.13.4-3.fc26.x86_64
cups-client-2.2.2-6.fc26.x86_64

 # grep -i share /etc/cups/printers.conf
Shared Yes
Shared Yes
Shared Yes
Shared Yes
Shared Yes

I am replacing a Centos5 server with a Fedora 26 server. i have cups configured for all the printers and they all have printed test pages. All of are set to "shared".

problem: all my clients are XP and none can attach to any of the shared cups printers, neither with lpr or TCP/IP. (They are all XP, so no tests from W7.)

And cups-lpd won't start do to an SELinux error:

 #  systemctl start cups-lpd.socket
● cups-lpd.socket - CUPS LPD Server Socket
   Loaded: loaded (/usr/lib/systemd/system/cups-lpd.socket; enabled; vendor preset: disabled)
   Active: failed (Result: resources)
   Listen: [::]:515 (Stream)
 Accepted: 0; Connected: 0

Aug 18 18:26:49 FedoraServer.xxxx.local systemd[1]: cups-lpd.socket: Failed to listen on sockets: Permission denied
Aug 18 18:26:49 FedoraServer.xxxx.local systemd[1]: Failed to listen on CUPS LPD Server Socket.
Aug 18 18:26:49 FedoraServer.xxxx.local systemd[1]: cups-lpd.socket: Unit entered failed state.
Aug 18 18:30:54 FedoraServer.xxxx.local systemd[1]: cups-lpd.socket: Failed to listen on sockets: Permission denied
Aug 18 18:30:54 FedoraServer.xxxx.local systemd[1]: Failed to listen on CUPS LPD Server Socket.
Aug 18 18:33:45 FedoraServer.xxxx.local systemd[1]: cups-lpd.socket: Failed to listen on sockets: Permission denied
Aug 18 18:33:45 FedoraServer.xxxx.local systemd[1]: Failed to listen on CUPS LPD Server Socket.
Aug 18 18:37:30 FedoraServer.xxxx.local systemd[1]: cups-lpd.socket: Failed to listen on sockets: Permission denied
Aug 18 18:37:30 FedoraServer.xxxx.local systemd[1]: Failed to listen on CUPS LPD Server Socket.

SELinux is preventing systemd from setopt access on the tcp_socket port None. allow this access for now by executing:

 # ausearch -c 'systemd' --raw | audit2allow -M my-systemd
 # semodule -X 300 -i my-systemd.pp

And the suggested action does not work.

What am I doing wrong?

Many thanks, -T

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
1

answered 2017-08-19 05:06:43 -0500

villykruse gravatar image

There are six more selinux permissions to be enabled. As long as selinux is in enforcing mode, you would only get one at a time. Set enforcing to permisive

setenforce Permissive

then restart cups-lpd.socket and run some print request.

This should get selinux reports for most of your problems.

The permissions you need are these (as given by the generated .te file.

module my_allow_cups_lpd 1.0;

require {
        type cupsd_lpd_t;
        type init_t;
        class tcp_socket { accept bind create getattr ioctl listen setopt };
}

#============= init_t ==============
allow init_t cupsd_lpd_t:tcp_socket { accept bind create getattr ioctl listen setopt };

This cannot be used directly as you need to use the .pp file for installing permissions. So it is easiest to create the permissions from the error messages.

edit flag offensive delete link more

Comments

That did the trick. Thank you!

toddandmargo gravatar imagetoddandmargo ( 2017-08-19 19:39:35 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2017-08-19 00:53:54 -0500

Seen: 119 times

Last updated: Aug 19 '17