Ubuntu
bluez package

Starting bluez service is denied

Bug #1560094 reported by Robertino Benis
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bluez (Ubuntu)
Expired
High
Unassigned

Bug Description

If snappy core is updated in the background (on Raspberry Pi 2), and then bluez installed, starting the service is failing.

Denials:

[ 45.955490] audit: type=1400 audit(1458574955.667:11): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=834 comm="c0
[ 46.197608] audit: type=1326 audit(1458574955.907:12): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=831 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=40000028 sysc0
[ 46.275680] audit: type=1400 audit(1458574955.987:13): apparmor="DENIED" operation="create" profile="bluez5_bluez_5.37-2-armhf" pid=829 comm="bluetoothd" family="bluetooth" sock_type="raw" protocol=1
[ 46.276483] audit: type=1326 audit(1458574955.987:14): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=829 comm="bluetoothd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/bluetoothd" sig=31 arch=4000
[ 46.412021] audit: type=1326 audit(1458574956.123:15): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=839 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=40000028 sysc0
[ 46.504308] audit: type=1400 audit(1458574956.215:16): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=842 comm="c0
[ 46.520137] audit: type=1400 audit(1458574956.231:17): apparmor="DENIED" operation="create" profile="bluez5_bluez_5.37-2-armhf" pid=841 comm="bluetoothd" family="bluetooth" sock_type="raw" protocol=1
[ 46.520800] audit: type=1326 audit(1458574956.231:18): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=841 comm="bluetoothd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/bluetoothd" sig=31 arch=4000
[ 46.625293] audit: type=1326 audit(1458574956.335:19): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=844 comm="obexd" exe="/snaps/bluez5/5.37-2-armhf/usr/lib/bluetooth/obexd" sig=31 arch=40000028 sysc0
[ 46.721080] audit: type=1400 audit(1458574956.431:20): apparmor="DENIED" operation="mknod" profile="bluez5_bluez_5.37-2-armhf" name="/etc/dbus-1/system.d/bluez5_bluez_5.37-2-armhf.conf" pid=847 comm="c2

If trying to start bluetootctl:

[ 582.205066] audit: type=1400 audit(1458575491.915:31): apparmor="DENIED" operation="connect" profile="bluez5_bluetoothctl_5.37-2-armhf" name="/run/dbus/system_bus_socket" pid=993 comm="bluetoothctl" re0
[bluetooth]#

ubuntu@localhost:~$ snappy list
Name Date Version Developer
bluez5 2016-02-04 5.37-2-armhf canonical
canonical-pi2 2016-02-02 3.0 canonical
canonical-pi2-linux 2016-02-03 4.3.0-1006-3 canonical
ubuntu-core 2016-03-08 16.04.0-15.armhf canonical
ubuntu@localhost:~$

ubuntu@localhost:~$ snappy info
release: core/rolling
architecture: armhf
frameworks: bluez5.canonical
apps:

Related branches

lp:~bluetooth/bluez/snap-core-rolling
lp:~ssweeny/bluez/snappy-interface
Simon Fels: Approve
Tony Espy: Pending requested
Bluetooth: Pending requested
Diff: 1457 lines (+13/-1384)
6 files modified
bluez.apparmor (+0/-222)
bluez.seccomp (+0/-457)
obex.apparmor (+0/-225)
obex.seccomp (+0/-457)
parts/plugins/x-autotools.py (+3/-3)
snapcraft.yaml (+10/-20)
Simon Fels (morphis)
tags: added: bluez-snappy
removed: bluez snap
Revision history for this message
Tony Espy (awe) wrote :

Our wrapper scripts for bluez ( bluetoothd ) and obexd are currently copying DBus configuration files before starting the service. This was done as snappy had no way to allow a framework type snap such as bluez or network-manager a way to install a DBus configuration file.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Your snapcraft.yaml is wrong for the new world. Ie, you have:

apps:
  bluetoothctl:
    command: usr/bin/bluetoothctl
    uses: [bluez-client]
  obexctl:
    command: usr/bin/obexctl
    uses: [bluez-client]
  bluez:
    command: "usr/lib/bluetooth/bluetoothd -E"
    daemon: simple
    uses: [bluez-service]
  obex:
    command: "usr/lib/bluetooth/obexd"
    daemon: simple
    uses: [obex-service]
uses:
  bluez-client:
    type: migration-skill
    caps: [bluez_client]
  bluez-service:
    type: migration-skill
    security-policy:
      apparmor: bluez.apparmor
      seccomp: bluez.seccomp
  obex-service:
    type: migration-skill
    security-policy:
      apparmor: obex.apparmor
      seccomp: obex.seccomp

But you should 's/uses:/plugs:/' and 's/type: migration-skill/interface: old-security/'.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Also, you should be using the new snappy interface for dbus instead of adding rules to copy dbus bus policy files into place. I haven't used this before-- you might ping zyga for details.

Revision history for this message
Tony Espy (awe) wrote :

@Jamie

Thanks for the comment... I'll work on re-vising the snapcraft.yaml and will follow-up with zyga for details on the new snappy dbus interface. Hopefully it allows us to do all that the standard DBus conf file allows.

Simon Fels (morphis)
Changed in bluez (Ubuntu):
status: New → In Progress
assignee: nobody → Scott Sweeny (ssweeny)
importance: Undecided → High
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

In progress?

Changed in bluez (Ubuntu):
status: In Progress → Incomplete
assignee: Scott Sweeny (ssweeny) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for bluez (Ubuntu) because there has been no activity for 60 days.]

Changed in bluez (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.