Description of problem: I plug bt adapter into USB and run 'service bluetooth start' and get dbus notification about AVC. type=AVC msg=audit(1209491018.883:82): avc: denied { read write } for pid=10193 comm="rfcomm" path="/var/tmp/kdecache-jutuomal/kpc/kde-icon-cache.data" dev=dm-2 ino=2981925 scontext=unconfined_u:system_r:bluetooth_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file Version-Release number of selected component (if applicable): selinux-policy-3.3.1-35.fc9.noarch How reproducible: always. Additional info: I'm running KDE desktop and kbluetooth applet/plasmoid.
Well first of all this is a security vulnerability having a well known path that a user can manipulate and get a process running as root to write to it. There has got to be a better way to handle this. The inter process communication should be taking place in a file directory controlled by rfcomm
You can temporarily allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp
That must be a kdebluetooth problem, because the bluez-utils don't do any such thing.
Actually, I'm seeing the same error on a number of KDE applications running on the current rawhide. This doesn't look like a kdebluetooth problem. (I'd venture and guess this is a generic KDE/SELinux problem). Never the less, I'll do some testing before pushing the pushing the bug back to KDE/SELinux. - Gilboa
OK. I'm seeing the same warning on a number of other services. E.g. (arp, ip) host=gilboa-vmh-rawhide64 type=AVC msg=audit(1209542094.49:765): avc: denied { read write } for pid=4303 comm="arping" path="/var/tmp/kdecache-gilboa/kpc/kde-icon-cache.index" dev=dm-0 ino=535929 scontext=unconfined_u:system_r:netutils_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file host=gilboa- host=gilboa-vmh-rawhide64 type=AVC msg=audit(1209542093.514:764): avc: denied { read write } for pid=4300 comm="ip" path="/var/tmp/kdecache-gilboa/kpc/kde-icon-cache.index" dev=dm-0 ino=535929 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file Refiling against SELinux. - Gilboa
This is a leaked file descriptor from the kde login/session. All open file descriptors need to be closed on exec fcntl(fd, F_SETFD, FD_CLOSEXEC)
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Has this been resolve in KDE 4.0.5?
> Changing version to '9' as part of upcoming Fedora 9 GA. > Has this been resolve in KDE 4.0.5? I don't know. I've filed this against f8 and that is still supported release and that's what I will be using for quite a while.
err, that was rawhide. Well, don't have that installation anymore.
That "kpc" directory is the KDE 4 icon cache (it stands for "KDE Pixmap Cache"). It can't be a kdebluetooth issue, as kdebluetooth is still KDE 3.
Going to close this with the impending release of KDE4.1 If you find this is still an issue feel free to reopen this bug.