Bug 191642

Summary: Bluetooth doesn't store session data in enforcing mode.
Product: [Fedora] Fedora Reporter: Leszek Matok <lam>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: dwmw2
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-23 20:47:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
relevant part of /var/log/messages none

Description Leszek Matok 2006-05-14 12:32:35 UTC 
I'm attaching a fragment of my /var/log/messages showing the effects of a
successful connection to Bluetooth device (mobile phone). The connection was
initiated by simple "cat /dev/rfcomm0", then it asked for a PIN and
authenticated properly. So there's no big problem here, things seem to still
work, only I have to enter new PIN both on the phone and computer every time I
want to connect.

If I run setenforce 0 as root and connect once (entering the PIN), the
session/PIN/whatever is saved, so I can connect any time I want with no clicking
anywhere. I can run setenforce 1 then and still connect automatically.

This is selinux-policy-targeted-2.2.36-2.fc5
Comment 1 Leszek Matok 2006-05-14 12:32:36 UTC 
Created attachment 129003 [details]
relevant part of /var/log/messages
Comment 2 Daniel Walsh 2006-05-15 17:24:35 UTC 
You can 
restorecon /var/lib/bluetooth

Which should get rid of one of the AVC messages.  This directory should be
created and owned by bluez-utils.

What cache file is it trying to read from /var/?  How was this file created?
Comment 3 Leszek Matok 2006-05-15 19:42:36 UTC 
You were right, /var/lib/bluetooth had system_u:object_r:var_lib_t context,
restorecon changes it. But `rpm -qf /var/lib/bluetooth` says it doesn't belong
to any package, `rpm -ql bluez-utils|grep var` doesn't find anything there.

I checked on a friend's FC5, he has bluez-utils installed, but doesn't use
Bluetooth and there's no /var/lib/bluetooth at all (so it's not created by
post-installs script or something).

Now, for me (after restorecon), it creates directory
/var/lib/bluetooth/11:11:11:11:11:11 (which is the MAC of my device, strange but
true), where it stores /var/lib/bluetooth/11:11:11:11:11:11/linkkeys and
everything works just right.

So the problem is rather with creation of /var/lib/bluetooth and not
selinux-policy (sorry). In my case, if I `rm -rf /var/lib/bluetooth` as root and
run `hcitool scan` as normal user (with enforcing disabled temporarily, as I
said in my previous message), /var/lib/bluetooth instantly appears as:
drwxr-xr-x 3 user_u:object_r:var_lib_t        root root 4096 maj 15 21:20
/var/lib/bluetooth
I think that because the file is absent, hcid creates it with this context and
this is shown in dmesg.

Will we get bluez-utils update then?
Comment 4 Daniel Walsh 2006-05-23 20:47:04 UTC 
Fixed in rawhide. Hopefully will get updated soon in FC5