Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 458867 - SELinux is preventing hcid (bluetooth_t) "read" to ./oui.txt (hwdata_t)
Summary: SELinux is preventing hcid (bluetooth_t) "read" to ./oui.txt (hwdata_t)
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 8
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-08-12 19:07 UTC by Jeff Bastian
Modified: 2008-11-17 22:05 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-11-17 22:05:33 UTC
Type: ---

Attachments (Terms of Use)

Description Jeff Bastian 2008-08-12 19:07:10 UTC
Description of problem:
SELinux is preventing /usr/sbin/hcid (bluetooth_t) from reading /usr/share/hwdata/oui.txt (hwdata_t).  The context is correct on oui.txt; running 'restorecon -v' did not change anything.

Raw audit messages:
type=AVC msg=audit(1218567016.482:69): avc:  denied  { read } for  pid=2597 comm="hcid" name="oui.txt" dev=dm-0 ino=5507542 scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:hwdata_t:s0 tclass=file
type=SYSCALL msg=audit(1218567016.482:69): arch=c000003e syscall=2 success=no exit=-13 a0=7f4ae26a96b6 a1=0 a2=0 a3=0 items=0 ppid=1 pid=2597 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hcid" exe="/usr/sbin/hcid" subj=system_u:system_r:bluetooth_t:s0 key=(null)

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. Log in to KDE & launch KBluetooth
2. Right-click on the KBluetooth icon in the System Tray and go to
   Configuration -> Devices
3. Watch setroubleshoot pop up a window describing the denial
Actual results:
SElinux prevents hcid from reading oui.txt

Expected results:
Policy should allow hcid to read oui.txt

Additional info:

Comment 1 Daniel Walsh 2008-08-12 20:16:04 UTC
# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-113.fc8

Comment 2 Jeff Bastian 2008-08-12 20:35:03 UTC
You probably have something similar in selinux-policy-3.0.8-113.fc8, but here was my policy to fix this:


require {
        type bluetooth_t;
        type hwdata_t;

allow bluetooth_t hwdata_t:file r_file_perms;

Comment 3 Daniel Walsh 2008-08-13 15:44:31 UTC
If you used audit2allow -R you should have gotten


Comment 4 Jeff Bastian 2008-08-13 16:19:44 UTC
Ahh, I didn't use the -R flag.  I started with
  audit2allow -M mypol -l -i /var/log/audit/audit.log
as you recommended in comment #1 and it gave me
  allow bluetooth_t hwdata_t:file read;

I loaded the module, tried again, and SELinux blocked it again, this time on getattr.

But rather than running audit2allow again, I looked in some other policies I'd experimented with in the past and tried the r_file_perms macro which allowed it to work.

Did you mean selinux-policy-3.0.8-114.fc8 in comment #1?  It doesn't look like -113 has the fix.

Comment 5 Daniel Walsh 2008-08-13 16:31:06 UTC
Yes I lied.

That is why it is often better to user audit2allow -R to get the interface for full access rather then getting them one at a time.

Comment 6 Daniel Walsh 2008-11-17 22:05:33 UTC
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.