bluetooth on FC5: Working policies for bluez-pin & kbluepin

Charles-Edouard Ruault ce at ruault.com
Wed Apr 26 14:39:59 UTC 2006 

Ok,
after all the noise i made on the list, here's my contribution :
i've made two policies to allow kdebluetooth to work with selinux
One is when using the bluez-pin helper for pairing, the other one is 
when using kdebluepin pairing program.

You still have to manually create and label the /var/lib/bluetooth 
directory in order for this to work
mkdir -p /var/lib/bluetooth/
chcon system_u:object_r:bluetooth_var_lib_t /var/lib/bluetooth

then select the policy you want and run:

checkmodule -M -m -o policyname.mod policyname.te
semodule_package -o policyname.pp -m policyname.mod
semodule -i policyname.pp

Hope this helps !


Charles-Edouard Ruault wrote:
> Hi All,
>
> i've compiled and installed kdebluetooth on my Fedora ppc distro, i'm 
> trying to get the stuff working and i'm getting the following problems 
> related to SELinux:
>
> When i want to browse a device which is not yet paired with the laptop 
> i'm getting errors, because hcid is denied a few filesystem operations:
>
> audit(1146044994.917:786): avc:  denied  { create } for  pid=1836 
> comm="hcid" name="bluetooth" scontext=system_u:system_r:bluetooth_t:s0 
> tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
>
> I've then straced hcid and found out that it's trying to create a 
> directory /var/lib/bluetooth and that this operation is being denied ( 
> thus the above log ).
> I've manually created the directory:
> mkdir -p /var/lib/bluetooth/
> and then
> chcon system_u:object_r:bluetooth_var_lib_t bluetooth
>
> and now everything's fine.
> So i guess two things could be done in order to fix this :
>
> 1) allow hcid to create a dir in /var/lib ( i.e add this to the policy 
> : allow bluetooth_t var_lib_t:dir create; )
> 2) during installation of the bluetooth packages, create the 
> /var/lib/bluetooth directory and tag it properly.
>


-- 
Charles-Edouard Ruault
GPG key Id E4D2B80C

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: kbluepin.te
Url: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060426/b9457002/attachment.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bluezpin.te
Url: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060426/b9457002/attachment-0001.pl

More information about the selinux mailing list