Bug 1262955 - unable to connect/pair bluetooth mouse when selinux is in enforced mode
unable to connect/pair bluetooth mouse when selinux is in enforced mode
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
22
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-14 14:15 EDT by Igor Mammedov
Modified: 2016-03-29 17:03 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-12 10:21:48 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Igor Mammedov 2015-09-14 14:15:15 EDT
Description of problem:

connection to bluetooth mouse fails if selinux is in enforced mode

here is probably relevant messages from log:
---
Sep 14 20:39:53 desktop kernel: usb 2-1.4: new full-speed USB device number 6 using ehci-pci
Sep 14 20:39:54 desktop audit[751]: <audit-1107> pid=751 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } f
                                     exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Sep 14 20:40:03 desktop kernel: usb 2-1.4: New USB device found, idVendor=1131, idProduct=1001
Sep 14 20:40:03 desktop kernel: usb 2-1.4: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Sep 14 20:40:03 desktop kernel: usb 2-1.4: Product: ISSCBTA
Sep 14 20:40:03 desktop systemd[1]: Starting Load/Save RF Kill Switch Status of rfkill1...
Sep 14 20:40:03 desktop systemd[1]: Reached target Bluetooth.
Sep 14 20:40:03 desktop systemd[1]: Starting Bluetooth.
Sep 14 20:40:03 desktop systemd[1]: Started Load/Save RF Kill Switch Status of rfkill1.
Sep 14 20:40:03 desktop audit[1]: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-rfkill@rfkill1 comm="systemd" exe="/usr/
Sep 14 20:40:03 desktop bluetoothd[940]: Failed to obtain handles for "Service Changed" characteristic
Sep 14 20:40:03 desktop bluetoothd[940]: Endpoint registered: sender=:1.46 path=/MediaEndpoint/A2DPSource
Sep 14 20:40:03 desktop bluetoothd[940]: Endpoint registered: sender=:1.46 path=/MediaEndpoint/A2DPSink
Sep 14 20:40:41 desktop gnome-control-center.desktop[2015]: (gnome-control-center:2015): Bluetooth-WARNING **: Setting up /org/bluez/hci0/dev_00_02_76_14_1F_66 failed: Timeout was r
Sep 14 20:40:51 desktop audit[751]: <audit-1107> pid=751 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } f
                                     exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
Sep 14 20:41:12 desktop gnome-control-center.desktop: (gnome-control-center:2015): Bluetooth-WARNING **: Setting up /org/bluez/hci0/dev_00_02_76_14_1F_66 failed: Timeout was reached
Sep 14 20:41:45 desktop gnome-control-center.desktop: (gnome-control-center:2015): Bluetooth-WARNING **: Setting up /org/bluez/hci0/dev_00_02_76_14_1F_66 failed: GDBus.Error:org.blu
ez.Error.AuthenticationTimeout: Authentication Timeout
---

Switching to permissive mode "setenforce 0" allows to connect/pair mouse.

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-128.12.fc22.noarch
selinux-policy-targeted-3.13.1-128.12.fc22.noarch
gnome-bluetooth-libs-3.16.1-1.fc22.x86_64
gnome-bluetooth-3.16.1-1.fc22.x86_64
bluez-5.29-2.fc22.x86_64
bluez-libs-5.29-2.fc22.x86_64


How reproducible:
100%

Steps to Reproduce:
1. try to pair bt mouse

Actual results:
pairing timed out

Expected results:
pairing successful
Comment 1 Miroslav Grepl 2015-09-21 04:44:03 EDT
Could you please re-test it in permissive and add output of

# ausearch -m avc,user_avc -ts recent
Comment 2 Igor Mammedov 2015-10-12 08:10:52 EDT
(In reply to Miroslav Grepl from comment #1)
> Could you please re-test it in permissive and add output of
> 
> # ausearch -m avc,user_avc -ts recent

I'm sorry for late reply,
the system went through several updates by now and I can't reproduce issue anymore.
Comment 3 Lukas Vrabec 2015-10-12 10:21:48 EDT
Closing for now. Feel free to re-open this if you could reproduce it.
Comment 4 webdesigner 2016-03-25 13:53:55 EDT
the problem is reproducable

# ausearch -m avc,user_avc -ts recent
----
time->Fri Mar 25 19:49:08 2016
type=USER_AVC msg=audit(1458928148.430:293): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Fri Mar 25 19:49:08 2016
type=USER_AVC msg=audit(1458928148.430:294): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission stop for class system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Comment 5 webdesigner 2016-03-25 13:59:23 EDT
addittional info about the system 

uname -ra
Linux dell.home 4.4.6-300.fc23.x86_64 #1 SMP Wed Mar 16 22:10:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/redhat-release 
Fedora release 23 (Twenty Three)
Comment 6 Lukas Vrabec 2016-03-29 07:13:45 EDT
I don't think this is the same problem. 
Do you have any problems connecting bluetooth mouse while SELinux is in enforcing mode? 

Could you attach /var/log/audit/audit.log file? 

Thank you.
Comment 7 webdesigner 2016-03-29 13:28:45 EDT
(In reply to Lukas Vrabec from comment #6)
> I don't think this is the same problem. 
> Do you have any problems connecting bluetooth mouse while SELinux is in
> enforcing mode? 
> 
> Could you attach /var/log/audit/audit.log file? 
> 
> Thank you.

Yes, enforcing selinux prevents communication with bluetooth mouse
Comment 8 webdesigner 2016-03-29 13:55:29 EDT
(In reply to Lukas Vrabec from comment #6)
> I don't think this is the same problem. 
> Do you have any problems connecting bluetooth mouse while SELinux is in
> enforcing mode? 
> 
> Could you attach /var/log/audit/audit.log file? 
> 
> Thank you.

1) starting service

journalctl -f


бер 29 20:49:46 dell.home polkitd[1092]: Registered Authentication Agent for unix-process:7955:8987194 (system bus name :1.91 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale uk_UA.UTF-8)
бер 29 20:49:46 dell.home bluetoothd[7579]: Terminating
бер 29 20:49:46 dell.home bluetoothd[7579]: Endpoint unregistered: sender=:1.36 path=/MediaEndpoint/A2DPSource
бер 29 20:49:46 dell.home systemd[1]: Stopping Bluetooth service...
бер 29 20:49:46 dell.home bluetoothd[7579]: Endpoint unregistered: sender=:1.36 path=/MediaEndpoint/A2DPSink
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.36" (uid=1000 pid=1979 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.36" (uid=1000 pid=1979 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.36" (uid=1000 pid=1979 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="error", sender=":1.36" (uid=1000 pid=1979 comm="/usr/bin/pulseaudio --start --log-target=syslog ") interface="(unset)" member="(unset)" error name="org.bluez.MediaEndpoint1.Error.NotImplemented" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.41" (uid=1000 pid=2129 comm="/usr/libexec/bluetooth/obexd ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.41" (uid=1000 pid=2129 comm="/usr/libexec/bluetooth/obexd ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.41" (uid=1000 pid=2129 comm="/usr/libexec/bluetooth/obexd ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.41" (uid=1000 pid=2129 comm="/usr/libexec/bluetooth/obexd ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.41" (uid=1000 pid=2129 comm="/usr/libexec/bluetooth/obexd ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home dbus[964]: [system] Rejected send message, 10 matched rules; type="method_return", sender=":1.41" (uid=1000 pid=2129 comm="/usr/libexec/bluetooth/obexd ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.82" (uid=0 pid=7579 comm="/usr/libexec/bluetooth/bluetoothd ")
бер 29 20:49:46 dell.home bluetoothd[7579]: Stopping SDP server
бер 29 20:49:46 dell.home bluetoothd[7579]: Exit
бер 29 20:49:46 dell.home dbus[964]: [system] Activating via systemd: service name='org.bluez' unit='dbus-org.bluez.service'
бер 29 20:49:46 dell.home audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
бер 29 20:49:46 dell.home systemd[1]: Starting Bluetooth service...
бер 29 20:49:46 dell.home bluetoothd[7963]: Bluetooth daemon 5.36
бер 29 20:49:46 dell.home dbus[964]: [system] Successfully activated service 'org.bluez'
бер 29 20:49:46 dell.home bluetoothd[7963]: Starting SDP server
бер 29 20:49:46 dell.home systemd[1]: Started Bluetooth service.
бер 29 20:49:46 dell.home audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
бер 29 20:49:46 dell.home dbus[964]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service'
бер 29 20:49:46 dell.home bluetoothd[7963]: Bluetooth management interface 1.10 initialized
бер 29 20:49:46 dell.home bluetoothd[7963]: Failed to obtain handles for "Service Changed" characteristic
бер 29 20:49:46 dell.home systemd[1]: Starting Hostname Service...
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=filter family=2 entries=0
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=security family=2 entries=0
бер 29 20:49:46 dell.home bluetoothd[7963]: Endpoint registered: sender=:1.36 path=/MediaEndpoint/A2DPSource
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=mangle family=2 entries=0
бер 29 20:49:46 dell.home bluetoothd[7963]: Endpoint registered: sender=:1.36 path=/MediaEndpoint/A2DPSink
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=nat family=2 entries=0
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=raw family=2 entries=0
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=filter family=10 entries=0
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=security family=10 entries=0
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=mangle family=10 entries=0
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=nat family=10 entries=0
бер 29 20:49:46 dell.home audit: NETFILTER_CFG table=raw family=10 entries=0
бер 29 20:49:46 dell.home audit[7970]: SYSCALL arch=c000003e syscall=272 success=yes exit=0 a0=40000000 a1=7fff20194aa0 a2=fffffffffffffff5 a3=30 items=0 ppid=1 pid=7970 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(ostnamed)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
бер 29 20:49:46 dell.home audit: PROCTITLE proctitle="(ostnamed)"
бер 29 20:49:46 dell.home polkitd[1092]: Unregistered Authentication Agent for unix-process:7955:8987194 (system bus name :1.91, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale uk_UA.UTF-8) (disconnected from bus)
бер 29 20:49:46 dell.home dbus[964]: [system] Successfully activated service 'org.freedesktop.hostname1'
бер 29 20:49:46 dell.home systemd[1]: Started Hostname Service.
бер 29 20:49:46 dell.home audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
бер 29 20:50:00 dell.home systemd[1]: Starting system activity accounting tool...
бер 29 20:50:00 dell.home systemd[1]: Started system activity accounting tool.
бер 29 20:50:00 dell.home audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sysstat-collect comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
бер 29 20:50:00 dell.home audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sysstat-collect comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
бер 29 20:50:16 dell.home audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'



tail -f /var/log/audit/audit.log
type=SERVICE_STOP msg=audit(1459273786.412:459): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1459273786.432:460): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=bluetooth comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=filter family=2 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=security family=2 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=mangle family=2 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=nat family=2 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=raw family=2 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=filter family=10 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=security family=10 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=mangle family=10 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=nat family=10 entries=0
type=NETFILTER_CFG msg=audit(1459273786.441:461): table=raw family=10 entries=0
type=SYSCALL msg=audit(1459273786.441:461): arch=c000003e syscall=272 success=yes exit=0 a0=40000000 a1=7fff20194aa0 a2=fffffffffffffff5 a3=30 items=0 ppid=1 pid=7970 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(ostnamed)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
type=PROCTITLE msg=audit(1459273786.441:461): proctitle="(ostnamed)"
type=SERVICE_START msg=audit(1459273786.555:462): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1459273800.646:463): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sysstat-collect comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1459273800.646:464): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sysstat-collect comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_STOP msg=audit(1459273816.599:465): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'


2) try to connect
journalctl -f

бер 29 20:54:41 dell.home audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
бер 29 20:54:46 dell.home bluetoothd[8281]: Can't get HIDP connection info
бер 29 20:54:51 dell.home bluetoothd[8281]: connect error: Host is down (112)
Comment 9 webdesigner 2016-03-29 17:03:49 EDT
(In reply to Lukas Vrabec from comment #6)
> I don't think this is the same problem. 
> Do you have any problems connecting bluetooth mouse while SELinux is in
> enforcing mode? 
> 
> Could you attach /var/log/audit/audit.log file? 
> 
> Thank you.

My apologies!

The battery in the mouse is almost done 

this was useful: http://comments.gmane.org/gmane.linux.hardware.thinkpad/43852 


Sorry for disturbing

Note You need to log in before you can comment on or make changes to this bug.