[ltp] HOWTO: Thinkpad T42p Bluetooth DUN and Treo 650

linux-thinkpad@linux-thinkpad.org linux-thinkpad@linux-thinkpad.org
Wed, 29 Jun 2005 17:26:21 +0100 (BST) 

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--8323328-435838994-1120062381=:25428
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8BIT

On Tue, 28 Jun 2005, Dax Kelson wrote:

> Using my ThinkPad T42p and my Treo 650 I wrote a HOWTO on using setting
> up my laptop to get Internet access anywhere (with cell phone coverage)
> over a Bluetooth DUN connection.
>
> You can check it out here:
>
> http://www.gurulabs.com/goodies/Using_Linux_and_Bluetooth_DUN_with_the_Treo650.php
>
> Dax Kelson
> Guru Labs

Dax,

Can I suggest one modification (I haven't tried yet!).  Most FC4 uses
seem to be putting SELinux in permissive mode, i.e. effectively
turning it off when they hit problems, as your guide suggests. This
shouldn't be necessary.  A compromise approach to actually tweaking
the SELinux policy source (which *can* sometimes be tricky) is to see
if you can ask SELinux to just ignore a specific daemon.

Try running system-config-securitylevel - run it as a user, which
will prompt for the root password via console-helper (as there seems
to be a bug which sometimes only renders non-X access when run as
root).  Click the tab "SELinux", then "SELinux Service Protection",
then try "Disable SELinux protection for bluetooth daemon".  OK and
exit.

All this will do is write a line to:
/etc/selinux/targeted/booleans.local

Restart relevant bluetooth daemons and see if this fixes it.  I'd be
interested to know, as it's preferable to just turning off SELinux
protection completely.

To get deeper into fixing the problem if you want to preserve more of
SELinux's protection, you'd need to tweak the policy source files for
bluetooth: install the selinux-policy-targeted-sources RPM, watch
/var/log/audit/audit.log, and feed the "deniedÂ" errors into
audit2allow on stdin.  This would probably supply you with suggested
lines to change in:

/etc/selinux/targeted/src/policy/domains/program/bluetooth.te

- then remake the policy.  But this is a much bigger level up, and
probably one I wouldn't bother doing, and certainly not documenting
for general use just now.

This is part of my campaign to encourage people to not just turn off
SELinux globally when it hits problems - like they used to with
firewalls :)  I'd be interested if this helps.
--8323328-435838994-1120062381=:25428--