bluetooth on FC5
Charles-Edouard Ruault
ce at ruault.com
Wed Apr 26 10:27:29 UTC 2006
Charles-Edouard Ruault wrote:
> Hi All,
>
> i've compiled and installed kdebluetooth on my Fedora ppc distro, i'm
> trying to get the stuff working and i'm getting the following problems
> related to SELinux:
>
> When i want to browse a device which is not yet paired with the laptop
> i'm getting errors, because hcid is denied a few filesystem operations:
>
> audit(1146044994.917:786): avc: denied { create } for pid=1836
> comm="hcid" name="bluetooth" scontext=system_u:system_r:bluetooth_t:s0
> tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
>
> I've then straced hcid and found out that it's trying to create a
> directory /var/lib/bluetooth and that this operation is being denied (
> thus the above log ).
> I've manually created the directory:
> mkdir -p /var/lib/bluetooth/
> and then
> chcon system_u:object_r:bluetooth_var_lib_t bluetooth
>
> and now everything's fine.
> So i guess two things could be done in order to fix this :
>
> 1) allow hcid to create a dir in /var/lib ( i.e add this to the policy
> : allow bluetooth_t var_lib_t:dir create; )
> 2) during installation of the bluetooth packages, create the
> /var/lib/bluetooth directory and tag it properly.
>
Ok i spoke too quickly, after trying to pair with my phone i got the
following avc message:
audit(1146046683.267:792): avc: denied { execute_no_trans } for
pid=3742 comm="sh" name="kbluepin" dev=hda10 ino=1740403
scontext=user_u:system_r:bluetooth_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
So we should also add the following to the policy:
allow bluetooth_t lib_t:file execute_no_trans;
--
Charles-Edouard Ruault
GPG key Id E4D2B80C
More information about the fedora-selinux-list
mailing list