On Wed, Nov 28, 2007 at 10:24:52AM -0000, Martin Pitt wrote:
> Public bug reported:
>
> Binary package hint: apparmor
>
> See bug 147800 for details, cupsys' apparmor profile causes bluez-cups
> to break because AppArmor does not allow the creation of a bluetooth
> socket:
>
> Nov 28 11:19:18 donald kernel: [ 9030.516116]
> audit(1196245158.605:22): type=1503 operation="socket_create"
> family="bluetooth" sock_type="seqpacket" protocol=0 pid=16752
> profile="/usr/sbin/cupsd"
>
> However, there is no way to configure a profile to create it. There are
> no particular socket ACLs (at least not documented ones), and it still
> happens if I allow access to all files and all capabilities. Thus the
> only working fallback is to allow unconfined execution.
I believe this is a documentation bug (and perhaps a logprof bug), but
adding the statement
On Wed, Nov 28, 2007 at 10:24:52AM -0000, Martin Pitt wrote: 8.605:22) : type=1503 operation= "socket_ create" "seqpacket" protocol=0 pid=16752 "/usr/sbin/ cupsd"
> Public bug reported:
>
> Binary package hint: apparmor
>
> See bug 147800 for details, cupsys' apparmor profile causes bluez-cups
> to break because AppArmor does not allow the creation of a bluetooth
> socket:
>
> Nov 28 11:19:18 donald kernel: [ 9030.516116]
> audit(119624515
> family="bluetooth" sock_type=
> profile=
>
> However, there is no way to configure a profile to create it. There are
> no particular socket ACLs (at least not documented ones), and it still
> happens if I allow access to all files and all capabilities. Thus the
> only working fallback is to allow unconfined execution.
I believe this is a documentation bug (and perhaps a logprof bug), but
adding the statement
network bluetooth,
should stop this action from being rejected.
-- NxNW.org/ ~steve/
Steve Beattie
<email address hidden>
http://