my selinux report:

Source Context:  unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023Target Context:  system_u:object_r:gpmctl_t:s0Target Objects:  /dev/gpmctl [ sock_file ]Source:  gpsdSource Path:  /usr/sbin/gpsdPort:  <Unknown>Host:  hp4Source RPM Packages:  gpsd-2.37-2.fc9Target RPM Packages:  Policy RPM:  selinux-policy-3.5.13-54.fc10Selinux Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchall_fileHost Name:  hp4Platform:  Linux hp4 2.6.27.21-170.2.56.fc10.x86_64 #1 SMP Mon Mar 23 23:08:10 EDT 2009 x86_64 x86_64Alert Count:  9First Seen:  Thu 09 Apr 2009 09:40:59 PM PDTLast Seen:  Fri 10 Apr 2009 05:45:41 AM PDTLocal ID:  37f40af4-ae7b-4cab-a8ed-23daec4c9c3fLine Numbers:  Raw Audit Messages :node=hp4 type=AVC msg=audit(1239367541.409:21): avc: denied { getattr } for pid=3226 comm="gpsd" path="/dev/gpmctl" dev=tmpfs ino=8737 scontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gpmctl_t:s0 tclass=sock_file node=hp4 type=SYSCALL msg=audit(1239367541.409:21): arch=c000003e syscall=4 success=no exit=-13 a0=610ba0 a1=7fff0bb15240 a2=7fff0bb15240 a3=4000 items=0 ppid=1 pid=3226 auid=500 uid=0 gid=14 euid=99 suid=0 fsuid=99 egid=14 sgid=14 fsgid=14 tty=(none) ses=1 comm="gpsd" exe="/usr/sbin/gpsd" subj=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 key=(null)

I confirm this bug, exactly the same problem.

I am on Fedora 11 by the way, sorry for forgetting to mention it in the last comment.

Same issue found on F11 whilst following instructions fron the Fedora Wiki:
http://fedoraproject.org/wiki/How_to_configure_and_use_GPS_over_bluetooth

Steps to reproduce:
1. Connect an USB Bluetooth dongle to a F11 machine.
2. Follow Fedora Wiki steps to map /dev/rfcomm0 to a Bluetooth GPS
3. Start gpds connecting to the port: "$ sudo gpsd /dev/rfcomm0"
4. First SELinux log: "SElinux prevented gpsd from using the terminal 0"
5. Run SELinux browser "Allowing Access" command of "$ sudo setsebool -P allow_daemons_use_tty=1"
6. Start gpsd connecting to the port: "$ sudo gpsd /dev/rfcomm0"
7. Second SELinux denial "SELinux is preventing gpsd (gpsd_t) "read write" unconfined_t"

As GPSd is a basically a hardware driver, it a key feature for it to connect to a device in /dev so it makes sense (to me at least) to alter the default policy.

A post to a forum suggested that even with SELinux disabled, GPSd may not work on Fedora:
http://www.engardelinux.org/modules/index/list_archives.cgi?list=fedora-selinux&page=0094.html&month=2009-06

I am having the same problem when using a Sprint PCMCIA Broadband air card (Novatel Wireless Merlin S720) that includes a GPS module in a Dell Latitude D620 laptop.

SELinux is preventing gpsd (gpsd_t) "read write" unconfined_t. Detailed DescriptionSELinux denied access requested by gpsd. It is not expected that this access is required by gpsd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing AccessYou can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional InformationSource Context:  unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023Target Context:  unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023Target Objects:  socket [ tcp_socket ]Source:  gpsdSource Path:  /usr/sbin/gpsdPort:  <Unknown>Host:  localhost.localdomainSource RPM Packages:  gpsd-2.39-3.fc11Target RPM Packages:  Policy RPM:  selinux-policy-3.6.12-53.fc11
Selinux Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchallHost Name:  localhost.localdomainPlatform:  Linux localhost.localdomain 2.6.29.4-167.fc11.i586 #1 SMP Wed May 27 17:14:37 EDT 2009 i686 i686Alert Count:  4First Seen:  Thu 02 Jul 2009 05:09:18 PM EDTLast Seen:  Thu 02 Jul 2009 05:13:38 PM EDTLocal ID:  46d8b7b0-911b-41c6-8758-6867a0add4c7Line Numbers:  Raw Audit Messages :node=localhost.localdomain type=AVC msg=audit(1246569218.702:23): avc: denied { read write } for pid=3612 comm="gpsd" path="socket:[18873]" dev=sockfs ino=18873 scontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=tcp_socket node=localhost.localdomain type=AVC msg=audit(1246569218.702:23): avc: denied { read write } for pid=3612 comm="gpsd" path="socket:[18926]" dev=sockfs ino=18926 scontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=tcp_socket node=localhost.localdomain type=SYSCALL msg=audit(1246569218.702:23): arch=40000003 syscall=11 success=yes exit=0 a0=98fba60 a1=98fbae8 a2=98faaf0 a3=98fbae8 items=0 ppid=3508 pid=3612 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid

Can you please attach your /var/log/audit/audit.log after a denial?

(In reply to comment #6)
> Can you please attach your /var/log/audit/audit.log after a denial?  

type=AVC msg=audit(1250558957.503:128): avc:  denied  { fsetid } for  pid=7994 comm="gpsd" capability=4 scontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 tclass=capability
type=AVC msg=audit(1250558957.503:128): avc:  denied  { fsetid } for  pid=7994 comm="gpsd" capability=4 scontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 tclass=capability
type=SYSCALL msg=audit(1250558957.503:128): arch=c000003e syscall=90 success=no exit=-1219805224 a0=7fff6fa05f7e a1=21b0 a2=7fff6fa02ce0 a3=7fff6fa02a30 items=0 ppid=1 pid=7994 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="gpsd" exe="/usr/sbin/gpsd" subj=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 key=(null)

Created attachment 357727 [details]
gpsd audit log

Hi,

Tried the test again, and was able to connect gpsd to a BT GPS and run tangoGPS, GPSdrive, etc.

N.B. This is the same machine as my previous post (Comment #4) which has had a little SELinux config away from the stock as-shipped state.

The current versions are:
$ rpm -qa|grep selinux
selinux-policy-targeted-3.6.12-72.fc11.noarch
libselinux-2.0.80-1.fc11.i586
libselinux-utils-2.0.80-1.fc11.i586
selinux-policy-3.6.12-72.fc11.noarch
libselinux-python-2.0.80-1.fc11.i586
$ rpm -q gpsd
gpsd-2.39-3.fc11.i586
$ uname -a
Linux netbook 2.6.29.6-217.2.7.fc11.i686.PAE #1 SMP Fri Aug 14 20:52:46 EDT 2009 i686 i686 i386 GNU/Linux

Best regards,

James

audit2allow suggest:

#============= gpsd_t ==============
allow gpsd_t self:capability fsetid;

Moving to selinux-policy, so Dan can take a look and decide what's best in this case.

Miroslav add this to F10 and F11 policy.

The unconfined_t tcp_socket read write avc is fixed by an update to nss_ldap

Fixed in 

selinux-policy-3.5.13-70.fc10
selinux-policy-3.6.12-79.fc11

This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Closing as current release

Well the selinux issue gpsd_t "read write" looks like it cleared.

Thank you.

Ironically, I swear it worked at least once but now i dont really see an error but it wont read from gps again, lol.  I must have changed something or there is another bug, but thats another report.

Thanks for the policy update.