Bug 431000

Summary: SELinux is preventing hcid(/usr/sbin/hcid) (bluetooth_t) "dac_override" to <Unknown> (bluetooth_t).
Product: [Fedora] Fedora Reporter: Matěj Cepl <mcepl>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: bnocera, dwalsh, mcepl
Target Milestone: ---Keywords: SELinux
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-05 22:19:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Matěj Cepl 2008-01-31 00:04:32 UTC

SELinux is preventing hcid(/usr/sbin/hcid) (bluetooth_t) "dac_override" to <Unknown>

Detailed Description:

[SELinux in permissive mode, the operation would have been denied but was
permitted due to enforcing mode.]

SELinux denied access requested by hcid(/usr/sbin/hcid). It is not expected that
this access is required by hcid(/usr/sbin/hcid) and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:bluetooth_t
Target Context                unconfined_u:system_r:bluetooth_t
Target Objects                None [ capability ]
Source                        hcid(/usr/sbin/hcid)
Port                          <Unknown>
Host                          viklef.ceplovi.cz
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-81.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     viklef.ceplovi.cz
Platform                      Linux viklef.ceplovi.cz #1 SMP
                              Mon Jan 14 21:37:30 EST 2008 i686 i686
Alert Count                   1
First Seen                    Čt 31. leden 2008, 00:58:50 CET
Last Seen                     Čt 31. leden 2008, 00:58:50 CET
Local ID                      8bac8eef-20b1-4c07-9013-c5232b8d202d
Line Numbers                  

Raw Audit Messages            

host=viklef.ceplovi.cz type=AVC msg=audit(1201737530.859:1097): avc:  denied  {
dac_override } for  pid=28831 comm="hcid" capability=1
tcontext=unconfined_u:system_r:bluetooth_t:s0 tclass=capability

host=viklef.ceplovi.cz type=SYSCALL msg=audit(1201737530.859:1097):
arch=40000003 syscall=5 success=yes exit=12 a0=b7fc01f5 a1=241 a2=100
a3=bfccaae4 items=0 ppid=1 pid=28831 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="hcid" exe="/usr/sbin/hcid"
subj=unconfined_u:system_r:bluetooth_t:s0 key=(null)

Version-Release number of selected component (if applicable):

Comment 1 Bastien Nocera 2008-01-31 00:25:45 UTC
I don't understand what that means.

Comment 2 Daniel Walsh 2008-01-31 16:15:39 UTC
It means hcid is trying to do something with an object that it is not owned by root.

Added to policy in 

Fixed in selinux-policy-3.2.5-23.fc9

Comment 3 Daniel Walsh 2008-03-05 22:19:13 UTC
CLosed as this should be fixed in rawhide.  If this problem persists please
reopen the bugzilla.