Bug 431000 - SELinux is preventing hcid(/usr/sbin/hcid) (bluetooth_t) "dac_override" to <Unknown> (bluetooth_t).
SELinux is preventing hcid(/usr/sbin/hcid) (bluetooth_t) "dac_override" to <U...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-30 19:04 EST by Matěj Cepl
Modified: 2008-03-05 17:19 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-05 17:19:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matěj Cepl 2008-01-30 19:04:32 EST
Summary:

SELinux is preventing hcid(/usr/sbin/hcid) (bluetooth_t) "dac_override" to <Unknown>
(bluetooth_t).

Detailed Description:

[SELinux in permissive mode, the operation would have been denied but was
permitted due to enforcing mode.]

SELinux denied access requested by hcid(/usr/sbin/hcid). It is not expected that
this access is required by hcid(/usr/sbin/hcid) and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:bluetooth_t
Target Context                unconfined_u:system_r:bluetooth_t
Target Objects                None [ capability ]
Source                        hcid(/usr/sbin/hcid)
Port                          <Unknown>
Host                          viklef.ceplovi.cz
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-81.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     viklef.ceplovi.cz
Platform                      Linux viklef.ceplovi.cz 2.6.23.14-107.fc8 #1 SMP
                              Mon Jan 14 21:37:30 EST 2008 i686 i686
Alert Count                   1
First Seen                    Čt 31. leden 2008, 00:58:50 CET
Last Seen                     Čt 31. leden 2008, 00:58:50 CET
Local ID                      8bac8eef-20b1-4c07-9013-c5232b8d202d
Line Numbers                  

Raw Audit Messages            

host=viklef.ceplovi.cz type=AVC msg=audit(1201737530.859:1097): avc:  denied  {
dac_override } for  pid=28831 comm="hcid" capability=1
scontext=unconfined_u:system_r:bluetooth_t:s0
tcontext=unconfined_u:system_r:bluetooth_t:s0 tclass=capability

host=viklef.ceplovi.cz type=SYSCALL msg=audit(1201737530.859:1097):
arch=40000003 syscall=5 success=yes exit=12 a0=b7fc01f5 a1=241 a2=100
a3=bfccaae4 items=0 ppid=1 pid=28831 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="hcid" exe="/usr/sbin/hcid"
subj=unconfined_u:system_r:bluetooth_t:s0 key=(null)

Version-Release number of selected component (if applicable):
bluez-utils-3.20-6.fc8
selinux-policy-targeted-3.0.8-81.fc8
Comment 1 Bastien Nocera 2008-01-30 19:25:45 EST
I don't understand what that means.
Comment 2 Daniel Walsh 2008-01-31 11:15:39 EST
It means hcid is trying to do something with an object that it is not owned by root.

Added to policy in 

Fixed in selinux-policy-3.2.5-23.fc9
Comment 3 Daniel Walsh 2008-03-05 17:19:13 EST
CLosed as this should be fixed in rawhide.  If this problem persists please
reopen the bugzilla.

Note You need to log in before you can comment on or make changes to this bug.