bluetooth on FC5

[Charles-Edouard Ruault]

Charles-Edouard Ruault wrote:
> Hi All,
>
> i've compiled and installed kdebluetooth on my Fedora ppc distro, i'm 
> trying to get the stuff working and i'm getting the following problems 
> related to SELinux:
>
> When i want to browse a device which is not yet paired with the laptop 
> i'm getting errors, because hcid is denied a few filesystem operations:
>
> audit(1146044994.917:786): avc:  denied  { create } for  pid=1836 
> comm="hcid" name="bluetooth" scontext=system_u:system_r:bluetooth_t:s0 
> tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
>
> I've then straced hcid and found out that it's trying to create a 
> directory /var/lib/bluetooth and that this operation is being denied ( 
> thus the above log ).
> I've manually created the directory:
> mkdir -p /var/lib/bluetooth/
> and then
> chcon system_u:object_r:bluetooth_var_lib_t bluetooth
>
> and now everything's fine.
> So i guess two things could be done in order to fix this :
>
> 1) allow hcid to create a dir in /var/lib ( i.e add this to the policy 
> : allow bluetooth_t var_lib_t:dir create; )
> 2) during installation of the bluetooth packages, create the 
> /var/lib/bluetooth directory and tag it properly.
>
Ok i spoke too quickly, after trying to pair with my phone i got the 
following avc message:
audit(1146046683.267:792): avc:  denied  { execute_no_trans } for  
pid=3742 comm="sh" name="kbluepin" dev=hda10 ino=1740403 
scontext=user_u:system_r:bluetooth_t:s0 
tcontext=system_u:object_r:lib_t:s0 tclass=file

So we should also add the following to the policy:
allow bluetooth_t lib_t:file execute_no_trans;


-- 
Charles-Edouard Ruault
GPG key Id E4D2B80C