2179560 – SELinux is preventing blueman-rfcomm- from 'watch' accesses on the Verzeichnis /dev.

Bug 2179560 - SELinux is preventing blueman-rfcomm- from 'watch' accesses on the Verzeichnis /dev.

Summary: SELinux is preventing blueman-rfcomm- from 'watch' accesses on the Verzeichni...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	37
Hardware:	x86_64
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	---
Assignee:	Zdenek Pytela
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:9d6f75f491cedfae2bbb561a7a0...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-03-18 16:44 UTC by fschaupp
Modified:	2023-05-10 01:40 UTC (History)
CC List:	7 users (show)
Fixed In Version:	selinux-policy-37.20-1.fc37
Clone Of:
Environment:
Last Closed:	2023-05-10 01:40:26 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	fedora-selinux selinux-policy pull 1636	0	None	open	Allow blueman watch generic device dirs	2023-04-05 19:26:19 UTC

Description fschaupp 2023-03-18 16:44:12 UTC

Description of problem:
SELinux is preventing blueman-rfcomm- from 'watch' accesses on the Verzeichnis /dev.

*****  Plugin catchall (100. confidence) suggests   **************************

Wenn Sie denken, dass es blueman-rfcomm- standardmäßig erlaubt sein sollte, watch Zugriff auf dev directory zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen:
# ausearch -c 'blueman-rfcomm-' --raw | audit2allow -M my-bluemanrfcomm
# semodule -X 300 -i my-bluemanrfcomm.pp

Additional Information:
Source Context                system_u:system_r:blueman_t:s0
Target Context                system_u:object_r:device_t:s0
Target Objects                /dev [ dir ]
Source                        blueman-rfcomm-
Source Path                   blueman-rfcomm-
Port                          <Unbekannt>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-37.19-1.fc37.noarch
Local Policy RPM              selinux-policy-targeted-37.19-1.fc37.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 6.1.18-200.fc37.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Sat Mar 11 16:09:14 UTC 2023
                              x86_64 x86_64
Alert Count                   1
First Seen                    2023-03-18 17:42:23 CET
Last Seen                     2023-03-18 17:42:23 CET
Local ID                      952b6d30-4737-4fe5-9796-7827ce23f15f

Raw Audit Messages
type=AVC msg=audit(1679157743.258:415): avc:  denied  { watch } for  pid=38811 comm="blueman-rfcomm-" path="/dev" dev="devtmpfs" ino=1 scontext=system_u:system_r:blueman_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir permissive=0


Hash: blueman-rfcomm-,blueman_t,device_t,dir,watch

Version-Release number of selected component:
selinux-policy-targeted-37.19-1.fc37.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.17.4
hashmarkername: setroubleshoot
kernel:         6.1.18-200.fc37.x86_64
type:           libreport

Potential duplicate: bug 1979920

Comment 1 Fedora Update System 2023-04-26 19:55:02 UTC

FEDORA-2023-13093d1386 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-13093d1386

Comment 2 Fedora Update System 2023-04-27 01:40:07 UTC

FEDORA-2023-13093d1386 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-13093d1386`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-13093d1386

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 3 Fedora Update System 2023-05-10 01:40:26 UTC

FEDORA-2023-13093d1386 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.