Bug 1161169 - SELinux is preventing /usr/libexec/bluetooth/bluetoothd from read, write access on the chr_file uhid.
Summary: SELinux is preventing /usr/libexec/bluetooth/bluetoothd from read, write acce...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 21
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:352f460b60ef218d4ed3ec75dfb...
: 1105423 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-06 14:53 UTC by Guillaume Poirier-Morency
Modified: 2014-12-03 17:15 UTC (History)
6 users (show)

Fixed In Version: selinux-policy-3.13.1-99.fc21
Clone Of:
Environment:
Last Closed: 2014-12-03 17:15:27 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Guillaume Poirier-Morency 2014-11-06 14:53:23 UTC 
Description of problem:
SELinux is preventing /usr/libexec/bluetooth/bluetoothd from read, write access on the chr_file uhid.

*****  Plugin catchall (100. confidence) suggests   **************************

If vous pensez que bluetoothd devrait être autorisé à accéder read write sur uhid chr_file par défaut.
Then vous devriez rapporter ceci en tant qu'anomalie.
Vous pouvez générer un module de stratégie local pour autoriser cet accès.
Do
autoriser cet accès pour le moment en exécutant :
# grep bluetoothd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:bluetooth_t:s0
Target Context                system_u:object_r:uhid_device_t:s0
Target Objects                uhid [ chr_file ]
Source                        bluetoothd
Source Path                   /usr/libexec/bluetooth/bluetoothd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           bluez-5.23-1.fc21.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-92.fc21.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.17.2-300.fc21.x86_64 #1 SMP Thu
                              Oct 30 19:23:48 UTC 2014 x86_64 x86_64
Alert Count                   98
First Seen                    2014-10-19 17:06:52 EDT
Last Seen                     2014-11-06 09:51:15 EST
Local ID                      29812fb1-c711-46b0-892a-328cef63c35a

Raw Audit Messages
type=AVC msg=audit(1415285475.339:28): avc:  denied  { read write } for  pid=749 comm="bluetoothd" name="uhid" dev="devtmpfs" ino=13015 scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:uhid_device_t:s0 tclass=chr_file permissive=0


type=SYSCALL msg=audit(1415285475.339:28): arch=x86_64 syscall=open success=no exit=EACCES a0=7fdcae983025 a1=80002 a2=7fdcb07b0d00 a3=50 items=0 ppid=1 pid=749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=bluetoothd exe=/usr/libexec/bluetooth/bluetoothd subj=system_u:system_r:bluetooth_t:s0 key=(null)

Hash: bluetoothd,bluetooth_t,uhid_device_t,chr_file,read,write

Version-Release number of selected component:
selinux-policy-3.13.1-92.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.17.2-300.fc21.x86_64
type:           libreport

Potential duplicate: bug 1105423
Comment 1 Lukas Vrabec 2014-11-07 11:09:27 UTC 
Hi, 

Please use:
# restorecon -v /etc/shadow

to fix our issue.
Comment 2 Lukas Vrabec 2014-11-07 11:24:55 UTC 
Soryy bad bug.
Comment 3 Miroslav Grepl 2014-11-07 12:17:30 UTC 
*** Bug 1105423 has been marked as a duplicate of this bug. ***
Comment 4 Lukas Vrabec 2014-11-07 13:34:36 UTC 
commit a15918e01b5084e43b21ccebaa9f9b1908d59c86
Author: Lukas Vrabec <lvrabec>
Date:   Fri Nov 7 13:23:21 2014 +0100

    Allow bluetooth read/write uhid devices. BZ (1161169)


Fixed in rawhide,f21,f20
Comment 5 Fedora Update System 2014-11-21 12:24:06 UTC 
selinux-policy-3.13.1-99.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-99.fc21
Comment 6 Fedora Update System 2014-12-03 17:15:27 UTC 
selinux-policy-3.13.1-99.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.