Bug 606838 - selinux is preventing /usr/sbin/bluetoothd read access to device rfcomm0
selinux is preventing /usr/sbin/bluetoothd read access to device rfcomm0
Status: CLOSED DUPLICATE of bug 566332
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
13
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-22 11:25 EDT by samn210
Modified: 2010-06-23 07:35 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-06-23 07:35:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description samn210 2010-06-22 11:25:55 EDT
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.3) Gecko/20100403 Fedora/3.6.3-4.fc13 Firefox/3.6.3


Summary:

SELinux is preventing /usr/sbin/bluetoothd "read" access to device rfcomm0.

Detailed Description:

SELinux has denied bluetoothd "read" access to device rfcomm0. rfcomm0 is
mislabeled, this device has the default label of the /dev directory, which
should not happen. All Character and/or Block Devices should have a label. You
can attempt to change the label of the file using restorecon -v 'rfcomm0'. If
this device remains labeled device_t, then this is a bug in SELinux policy.
Please file a bg report. If you look at the other similar devices labels, ls -lZ
/dev/SIMILAR, and find a type that would work for rfcomm0, you can use chcon -t
SIMILAR_TYPE 'rfcomm0', If this fixes the problem, you can make this permanent
by executing semanage fcontext -a -t SIMILAR_TYPE 'rfcomm0' If the restorecon
changes the context, this indicates that the application that created the
device, created it without using SELinux APIs. If you can figure out which
application created the device, please file a bug report against this
application.

Allowing Access:

Attempt restorecon -v 'rfcomm0' or chcon -t SIMILAR_TYPE 'rfcomm0'

Additional Information:

Source Context                system_u:system_r:bluetooth_t:s0-s0:c0.c1023
Target Context                system_u:object_r:device_t:s0
Target Objects                rfcomm0 [ chr_file ]
Source                        bluetoothd
Source Path                   /usr/sbin/bluetoothd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           bluez-4.64-1.fc13
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-23.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   device
Host Name                     (removed)
Platform                      Linux sam-n210 2.6.33.5-124.fc13.i686 #1 SMP Fri
                              Jun 11 09:48:40 UTC 2010 i686 i686
Alert Count                   11
First Seen                    Mon 21 Jun 2010 10:44:00 AM IST
Last Seen                     Tue 22 Jun 2010 08:16:19 PM IST
Local ID                      a6d1dc8c-1b2e-414e-9563-a00cc0c9a52a
Line Numbers                  

Raw Audit Messages            

node=sam-n210 type=AVC msg=audit(1277217979.864:19): avc:  denied  { read } for  pid=1355 comm="bluetoothd" name="rfcomm0" dev=devtmpfs ino=18215 scontext=system_u:system_r:bluetooth_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file

node=sam-n210 type=SYSCALL msg=audit(1277217979.864:19): arch=40000003 syscall=5 success=no exit=-13 a0=fed8d8 a1=100 a2=0 a3=ff3018 items=0 ppid=1 pid=1355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="bluetoothd" exe="/usr/sbin/bluetoothd" subj=system_u:system_r:bluetooth_t:s0-s0:c0.c1023 key=(null)




Reproducible: Always
Comment 1 Miroslav Grepl 2010-06-23 02:35:58 EDT
If you look at the device is it labelled device_t?

ls -lZ /dev/rfcomm0
Comment 2 samn210 2010-06-23 07:20:26 EDT
(In reply to comment #1)
> If you look at the device is it labelled device_t?
> 
> ls -lZ /dev/rfcomm0    

there is no bluetoothd file or folder inside sbin then ls shows
[kannan@sam210 ~]$ ls -lZ /dev/rfcomm0
crw-rw----. root dialout system_u:object_r:tty_device_t:s0 /dev/rfcomm0

sir i am new to linux and liked its engneering so brifly explain what to do
Comment 3 Miroslav Grepl 2010-06-23 07:34:02 EDT
I just wanted to know what SELinux security context has /dev/rfcomm00 device. 

ls -Z  ... this option will show SELinux security context

Information about SELinux:

http://fedoraproject.org/wiki/SELinux
http://danwalsh.livejournal.com/22347.html
Comment 4 Miroslav Grepl 2010-06-23 07:35:08 EDT

*** This bug has been marked as a duplicate of bug 566332 ***

Note You need to log in before you can comment on or make changes to this bug.