Bug 165521

Summary:

SELinux targeted policy denies execution of Bluetooth pin helper

Product:

[Fedora] Fedora

Reporter:

Stefan Becker <chemobejk>

Component:

selinux-policy-targeted

Assignee:

Daniel Walsh <dwalsh>

Status:

CLOSED CURRENTRELEASE

QA Contact:

Severity:

medium

Docs Contact:

Priority:

medium

Version:

Target Milestone:

---

Target Release:

---

Hardware:

i386

OS:

Linux

Whiteboard:

Fixed In Version:

selinux-policy-targeted-1.27.1-2.6

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2005-10-19 01:42:26 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
audit.log with setenforce=0	none
audit.log with setenforce=0	none

Description Stefan Becker 2005-08-10 02:59:25 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
Pairing of new bluetooth devices fails because the pin helper execution is denied by the SELinux targeted policy.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.3-9

How reproducible:
Always

Steps to Reproduce:
1. Start pairing mode on a new Bluetooth device
2. Connect to the device, e.g. rfcomm connect <baddr>
3.
  

Actual Results:  Pairing fails. From /var/log/messages:

Aug  9 19:44:04 baraddur hcid[5892]: Bluetooth HCI daemon
Aug  9 19:44:04 baraddur sdpd[5894]: Bluetooth SDP daemon
Aug  9 19:44:04 baraddur hcid[5892]: Starting security manager 0
Aug  9 19:50:02 baraddur kernel: snd-bt-sco revision 1.6 $
Aug  9 19:50:07 baraddur hcid[5892]: link_key_request (sba=00:0A:3A:58:BC:54, dba=00:07:A4:10:30:C6)
Aug  9 19:50:08 baraddur hcid[5892]: pin_code_request (sba=00:0A:3A:58:BC:54, dba=00:07:A4:10:30:C6)
Aug  9 19:50:08 baraddur hcid[5985]: Can't exec PIN helper /usr/bin/bluez-pin: Permission denied (13)
Aug  9 19:50:09 baraddur hcid[5892]: link_key_request (sba=00:0A:3A:58:BC:54, dba=00:07:A4:10:30:C6)
Aug  9 19:50:09 baraddur hcid[5892]: pin_code_request (sba=00:0A:3A:58:BC:54, dba=00:07:A4:10:30:C6)
Aug  9 19:50:09 baraddur hcid[5986]: Can't exec PIN helper /usr/bin/bluez-pin: Permission denied (13)


Expected Results:  PIN requester pops up, allowing the pairing to be complete. From /var/log/messages:

Aug  9 19:54:23 baraddur hcid[6026]: Bluetooth HCI daemon
Aug  9 19:54:23 baraddur hcid[6026]: Starting security manager 0
Aug  9 19:54:23 baraddur sdpd[6028]: Bluetooth SDP daemon
Aug  9 19:55:50 baraddur hcid[6026]: link_key_request (sba=00:0A:3A:58:BC:54, dba=00:07:A4:10:30:C6)
Aug  9 19:55:50 baraddur hcid[6026]: pin_code_request (sba=00:0A:3A:58:BC:54, dba=00:07:A4:10:30:C6)
Aug  9 19:55:55 baraddur hcid[6026]: link_key_notify (sba=00:0A:3A:58:BC:54)
Aug  9 19:55:55 baraddur hcid[6026]: Replacing link key 00:0A:3A:58:BC:54 00:07:A4:10:30:C6


Additional info:

From /var/log/audit/auditd.log:

type=AVC msg=audit(1123642208.045:14417398): avc:  denied  { search } for  pid=5985 comm="hcid" name="bin" dev=hda3 ino=2490467 scontext=root:system_r:bluetooth_t tcontext=system_u:object_r:bin_t tclass=dir
type=SYSCALL msg=audit(1123642208.045:14417398): arch=40000003 syscall=33 success=no exit=-13 a0=9701030 a1=5 a2=c965d8 a3=9701470 items=1 pid=5985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hcid" exe="/usr/sbin/hcid"
type=CWD msg=audit(1123642208.045:14417398):  cwd="/"
type=PATH msg=audit(1123642208.045:14417398): item=0 name="/usr/bin/bluez-pin" flags=401  inode=2490467 dev=03:03 mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1123642209.314:14427668): avc:  denied  { search } for  pid=5986 comm="hcid" name="bin" dev=hda3 ino=2490467 scontext=root:system_r:bluetooth_t tcontext=system_u:object_r:bin_t tclass=dir
type=SYSCALL msg=audit(1123642209.314:14427668): arch=40000003 syscall=33 success=no exit=-13 a0=9701030 a1=5 a2=c965d8 a3=9701470 items=1 pid=5986 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hcid" exe="/usr/sbin/hcid"
type=CWD msg=audit(1123642209.314:14427668):  cwd="/"
type=PATH msg=audit(1123642209.314:14427668): item=0 name="/usr/bin/bluez-pin" flags=401  inode=2490467 dev=03:03 mode=040755 ouid=0 ogid=0 rdev=00:00

Comment 1 Daniel Walsh 2005-08-25 19:07:15 UTC

Fixed in selinux-policy-targeted-1.25.3-12

Comment 2 Stefan Becker 2005-08-29 23:34:34 UTC

Retested with selinux-policy-targeted-1.25.4-10: Problem still exists but the
error messages are different. The PIN helper seems to be executed now but it
fails immediately.

messages:

Aug 29 16:29:28 barradur hcid[21623]: Bluetooth HCI daemon
Aug 29 16:29:28 barradur hcid[21623]: Starting security manager 0
Aug 29 16:29:28 barradur sdpd[21625]: init_server: binding UNIX socket: Address
already in use
Aug 29 16:29:28 barradur sdpd[21625]: main: Server initialization failed
Aug 29 16:29:38 barradur hcid[21623]: link_key_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Aug 29 16:29:38 barradur hcid[21623]: pin_code_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Aug 29 16:29:38 barradur hcid[21632]: PIN helper exited abnormally with code 32512

audit.log

type=AVC msg=audit(1125358168.728:7388944): avc:  denied  { unlink } for 
pid=21625 comm="sdpd" name="sdp" dev=dm-0 ino=721601
scontext=root:system_r:bluetooth_t tcontext=root:object_r:var_run_t tclass=sock_file
type=SYSCALL msg=audit(1125358168.728:7388944): arch=40000003 syscall=10
success=no exit=-13 a0=bfaaa1ac a1=bfaaa160 a2=8e87b8 a3=bfaaa1aa items=1
pid=21625 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="sdpd" exe="/usr/sbin/sdpd"
type=CWD msg=audit(1125358168.728:7388944):  cwd="/"
type=PATH msg=audit(1125358168.728:7388944): item=0 name="/var/run/sdp" flags=10
 inode=720932 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1125358178.187:7462885): avc:  denied  { read } for 
pid=21633 comm="hcid" name="sh" dev=dm-0 ino=753668
scontext=root:system_r:bluetooth_t tcontext=system_u:object_r:bin_t tclass=lnk_file
type=SYSCALL msg=audit(1125358178.187:7462885): arch=40000003 syscall=11
success=no exit=-13 a0=295a9b a1=bfda93bc a2=9a54078 a3=400 items=1 pid=21633
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="hcid" exe="/usr/sbin/hcid"
type=CWD msg=audit(1125358178.187:7462885):  cwd="/"
type=PATH msg=audit(1125358178.187:7462885): item=0 name="/bin/sh" flags=101 
inode=753665 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1125358178.188:7462888): avc:  denied  { getattr } for 
pid=21632 comm="hcid" name="[479227]" dev=pipefs ino=479227
scontext=root:system_r:bluetooth_t tcontext=root:system_r:bluetooth_t
tclass=fifo_file
type=SYSCALL msg=audit(1125358178.188:7462888): arch=40000003 syscall=197
success=no exit=-13 a0=7 a1=bfdaa2ec a2=2a2ff4 a3=7 items=0 pid=21632
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="hcid" exe="/usr/sbin/hcid"
type=AVC_PATH msg=audit(1125358178.188:7462888):  path="pipe:[479227]"
type=AVC msg=audit(1125358178.188:7462890): avc:  denied  { read } for 
pid=21632 comm="hcid" name="[479227]" dev=pipefs ino=479227
scontext=root:system_r:bluetooth_t tcontext=root:system_r:bluetooth_t
tclass=fifo_file
type=SYSCALL msg=audit(1125358178.188:7462890): arch=40000003 syscall=3
success=no exit=-13 a0=7 a1=b7fab000 a2=2000 a3=9a55ec8 items=0 pid=21632
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="hcid" exe="/usr/sbin/hcid"
type=AVC_PATH msg=audit(1125358178.188:7462890):  path="pipe:[479227]"

Comment 3 Daniel Walsh 2005-08-30 13:48:56 UTC

Ok can you do a setenforce 0 and then retry, in order to gather all of the denials.

Thanks, 

Dan

Comment 4 Stefan Becker 2005-08-31 05:14:41 UTC

Commands:

# setenforce 0
# service bluetooth start
Starting Bluetooth services:                               [  OK  ]
# rfcomm connect 0 00:02:EE:93:9F:C8 1
Connected /dev/rfcomm0 to 00:02:EE:93:9F:C8 on channel 1
Press CTRL-C for hangup
Disconnected
# service bluetooth stop
Stopping Bluetooth services:                               [  OK  ]
# setenforce 1

messages:

Aug 30 21:56:11 barradur dbus: avc:  received setenforce notice (enforcing=0)
Aug 30 21:56:19 barradur hcid[25976]: Bluetooth HCI daemon
Aug 30 21:56:20 barradur hcid[25976]: Starting security manager 0
Aug 30 21:56:20 barradur sdpd[25980]: Bluetooth SDP daemon
Aug 30 21:56:42 barradur hcid[25976]: link_key_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Aug 30 21:56:42 barradur hcid[25976]: pin_code_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Aug 30 21:56:56 barradur hcid[25976]: link_key_notify (sba=00:0A:3A:58:BC:54)
Aug 30 21:56:56 barradur hcid[25976]: Replacing link key 00:0A:3A:58:BC:54
00:02:EE:93:9F:C8
Aug 30 21:57:14 barradur sdpd[25980]: terminating...
Aug 30 21:57:15 barradur hcid[25976]: Exit.
Aug 30 21:57:19 barradur dbus: avc:  received setenforce notice (enforcing=1)

audit.log: (see attachement)

Comment 5 Stefan Becker 2005-08-31 05:17:38 UTC

Created attachment 118275 [details]
audit.log with setenforce=0

Comment 6 Daniel Walsh 2005-09-19 20:20:35 UTC

Fixed in selinux-policy-*-1.27.1-2.1

Comment 7 Stefan Becker 2005-09-24 03:52:47 UTC

Retested with selinux-policy-targeted-1.27.1-2.1. Still doesn't work :-(

From /var/log/messages:

Sep 23 20:48:26 barradur hcid[1932]: link_key_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Sep 23 20:48:26 barradur hcid[1932]: pin_code_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Sep 23 20:48:26 barradur hcid[7207]: PIN helper exited abnormally with code 256

From /var/log/audit/audit.log:

type=AVC msg=audit(1127533887.164:113): avc:  denied  { read } for  pid=7286
comm="sh" name="mtab" dev=dm-0 ino=1510036
scontext=system_u:system_r:bluetooth_t tcontext=system_u:object_r:etc_runtime_t
tclass=file
type=SYSCALL msg=audit(1127533887.164:113): arch=40000003 syscall=5 success=no
exit=-13 a0=526dba a1=0 a2=1b6 a3=8b8aa60 items=1 pid=7286 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="sh" exe="/bin/bash"
type=CWD msg=audit(1127533887.164:113):  cwd="/"
type=PATH msg=audit(1127533887.164:113): item=0 name="/etc/mtab" flags=101 
inode=1510036 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1127533887.201:114): avc:  denied  { read } for  pid=7287
comm="sh" name="mtab" dev=dm-0 ino=1510036
scontext=system_u:system_r:bluetooth_t tcontext=system_u:object_r:etc_runtime_t
tclass=file
type=SYSCALL msg=audit(1127533887.201:114): arch=40000003 syscall=5 success=no
exit=-13 a0=526dba a1=0 a2=1b6 a3=919fa60 items=1 pid=7287 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="sh" exe="/bin/bash"
type=CWD msg=audit(1127533887.201:114):  cwd="/"
type=PATH msg=audit(1127533887.201:114): item=0 name="/etc/mtab" flags=101 
inode=1510036 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1127533887.207:115): avc:  denied  { read } for  pid=7287
comm="ps" name="mtab" dev=dm-0 ino=1510036
scontext=system_u:system_r:bluetooth_t tcontext=system_u:object_r:etc_runtime_t
tclass=file
type=SYSCALL msg=audit(1127533887.207:115): arch=40000003 syscall=5 success=no
exit=-13 a0=526dba a1=0 a2=1b6 a3=8c39008 items=1 pid=7287 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ps" exe="/bin/ps"
type=CWD msg=audit(1127533887.207:115):  cwd="/"
type=PATH msg=audit(1127533887.207:115): item=0 name="/etc/mtab" flags=101 
inode=1510036 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1127533887.208:116): avc:  denied  { read } for  pid=7287
comm="ps" name="stat" dev=proc ino=477560846
scontext=system_u:system_r:bluetooth_t tcontext=system_u:system_r:bluetooth_t
tclass=file
type=SYSCALL msg=audit(1127533887.208:116): arch=40000003 syscall=5 success=no
exit=-13 a0=546200 a1=0 a2=0 a3=546200 items=1 pid=7287 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ps" exe="/bin/ps"
type=CWD msg=audit(1127533887.208:116):  cwd="/"
type=PATH msg=audit(1127533887.208:116): item=0 name="/proc/self/stat" flags=101
 inode=477560846 dev=00:03 mode=0100444 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1127533887.227:117): avc:  denied  { write } for  pid=7286
comm="bluez-pin" name="X0" dev=dm-0 ino=1802361
scontext=system_u:system_r:bluetooth_t tcontext=system_u:object_r:tmp_t
tclass=sock_file
type=SYSCALL msg=audit(1127533887.227:117): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfd2a350 a2=c5cabc a3=13 items=1 pid=7286 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="bluez-pin"
exe="/usr/bin/bluez-pin"
type=SOCKADDR msg=audit(1127533887.227:117):
saddr=01002F746D702F2E5831312D756E69782F5830
type=SOCKETCALL msg=audit(1127533887.227:117): nargs=3 a0=3 a1=bfd2a4be a2=13
type=PATH msg=audit(1127533887.227:117): item=0 flags=1  inode=1802361 dev=fd:00
mode=0140777 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1127533887.229:118): avc:  denied  { connect } for  pid=7286
comm="bluez-pin" scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:bluetooth_t tclass=tcp_socket
type=SYSCALL msg=audit(1127533887.229:118): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfd2a310 a2=c5cabc a3=9b2aa78 items=0 pid=7286 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="bluez-pin"
exe="/usr/bin/bluez-pin"
type=SOCKADDR msg=audit(1127533887.229:118): saddr=020017707F0000010000000000000000
type=SOCKETCALL msg=audit(1127533887.229:118): nargs=3 a0=3 a1=9b2aa78 a2=10

Comment 8 Stefan Becker 2005-10-08 02:43:11 UTC

Retested with selinux-policy-targeted-1.27.1-2.3. Still doesn't work :-(

From /var/log/messages:

Oct  7 19:42:11 barradur hcid[3143]: link_key_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Oct  7 19:42:11 barradur hcid[3143]: pin_code_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Oct  7 19:42:12 barradur hcid[3162]: PIN helper exited abnormally with code 256

From /var/log/audit/audit.log:

type=AVC msg=audit(1128739332.044:41): avc:  denied  { read } for  pid=3164
comm="ps" name="stat" dev=proc ino=207355918 scontext=root:system_r:bluetooth_t
tcontext=root:system_r:bluetooth_t tclass=file
type=SYSCALL msg=audit(1128739332.044:41): arch=40000003 syscall=5 success=no
exit=-13 a0=546200 a1=0 a2=0 a3=546200 items=1 pid=3164 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ps" exe="/bin/ps"
type=CWD msg=audit(1128739332.044:41):  cwd="/"
type=PATH msg=audit(1128739332.044:41): item=0 name="/proc/self/stat" flags=101
 inode=207355918 dev=00:03 mode=0100444 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1128739332.097:42): avc:  denied  { write } for  pid=3163
comm="bluez-pin" name="X0" dev=dm-0 ino=1769542
scontext=root:system_r:bluetooth_t tcontext=system_u:object_r:tmp_t tclass=sock_file
type=SYSCALL msg=audit(1128739332.097:42): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfe6ad40 a2=c00abc a3=13 items=1 pid=3163 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="bluez-pin"
exe="/usr/bin/bluez-pin"
type=SOCKADDR msg=audit(1128739332.097:42):
saddr=01002F746D702F2E5831312D756E69782F5830
type=SOCKETCALL msg=audit(1128739332.097:42): nargs=3 a0=3 a1=bfe6aeae a2=13
type=PATH msg=audit(1128739332.097:42): item=0 flags=1  inode=1769542 dev=fd:00
mode=0140777 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1128739332.099:43): avc:  denied  { connect } for  pid=3163
comm="bluez-pin" scontext=root:system_r:bluetooth_t
tcontext=root:system_r:bluetooth_t tclass=tcp_socket
type=SYSCALL msg=audit(1128739332.099:43): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfe6ad00 a2=c00abc a3=81eaa58 items=0 pid=3163 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="bluez-pin"
exe="/usr/bin/bluez-pin"
type=SOCKADDR msg=audit(1128739332.099:43): saddr=020017707F0000010000000000000000
type=SOCKETCALL msg=audit(1128739332.099:43): nargs=3 a0=3 a1=81eaa58 a2=10

Comment 9 Daniel Walsh 2005-10-11 17:09:16 UTC

Could you try 

chcon -t bluetooth-helper_t /usr/bin/bluez-pin

THen try again in permissive mode, and report AVC messages.

Comment 10 Stefan Becker 2005-10-12 03:05:57 UTC

The chcon was wrong?

# chcon -t bluetooth-helper_t /usr/bin/bluez-pin
chcon: failed to change context of /usr/bin/bluez-pin to
system_u:object_r:bluetooth-helper_t: Invalid argument

# chcon -t bluetooth_helper_t /usr/bin/bluez-pin
chcon: failed to change context of /usr/bin/bluez-pin to
system_u:object_r:bluetooth_helper_t: Permission denied


After a little digging I figured out that this one works:

chcon -t bluetooth_helper_exec_t /usr/bin/bluez-pin


Commands:

# setenforce 0
# service bluetooth start
Starting Bluetooth services:                               [  OK  ]
# rfcomm connect 0 00:02:EE:93:9F:C8 1
Connected /dev/rfcomm0 to 00:02:EE:93:9F:C8 on channel 1
Press CTRL-C for hangup
Disconnected
# service bluetooth stop
Stopping Bluetooth services:                               [  OK  ]
# setenforce 1

messages:

Oct 11 19:59:23 barradur hcid[9431]: Bluetooth HCI daemon
Oct 11 19:59:23 barradur sdpd[9433]: Bluetooth SDP daemon
Oct 11 19:59:23 barradur hcid[9431]: Starting security manager 0
Oct 11 19:59:38 barradur hcid[9431]: link_key_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Oct 11 19:59:38 barradur hcid[9431]: pin_code_request (sba=00:0A:3A:58:BC:54,
dba=00:02:EE:93:9F:C8)
Oct 11 19:59:40 barradur gconfd (root-9444): starting (version 2.10.0), pid 9444
user 'root'
Oct 11 19:59:40 barradur gconfd (root-9444): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration
source at position 0
Oct 11 19:59:40 barradur gconfd (root-9444): Resolved address
"xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Oct 11 19:59:40 barradur gconfd (root-9444): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source
at position 2
Oct 11 19:59:48 barradur hcid[9431]: link_key_notify (sba=00:0A:3A:58:BC:54)
Oct 11 19:59:48 barradur hcid[9431]: Replacing link key 00:0A:3A:58:BC:54
00:02:EE:93:9F:C8
Oct 11 20:00:03 barradur sdpd[9433]: terminating...
Oct 11 20:00:03 barradur hcid[9431]: Exit.
Oct 11 20:00:10 barradur dbus: avc:  received setenforce notice (enforcing=1)

audit.log: (see attachement)

Comment 11 Stefan Becker 2005-10-12 03:07:25 UTC

Created attachment 119826 [details]
audit.log with setenforce=0

Comment 12 Daniel Walsh 2005-10-12 19:04:01 UTC

Ok lets try selinux-policy-targeted-1.27.1-2.6

Comment 13 Stefan Becker 2005-10-19 01:42:26 UTC

Retested with selinux-policy-targeted-1.27.1-2.6: Works OK now. Thanks.