LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-04-2018, 03:42 AM   #1
H1p8r10n
Member
 
Registered: Feb 2016
Location: on the border of milky way
Distribution: Slackware
Posts: 106

Rep: Reputation: Disabled
bad behaviour of blueman at startup


Hi,

Since last update, blueman ask each user for the root password at session start.

the pk policy is not correct for a desktop application that shouldn't require each user to know the root passwd (and even : not to enter any password just to launch the bluetooth applet).

This should be fixed with appropriate <allow_active>yes</allow_active> directives in /usr/share/polkit-1/actions/org.blueman.policy.

All the best
JP
 
Old 08-04-2018, 04:00 AM   #2
zakame
Member
 
Registered: Apr 2012
Distribution: Debian, Ubuntu, Slackware
Posts: 248

Rep: Reputation: 149Reputation: 149
Yep, see here. There's probably either a blueman or polkit update to ship with updated rules.
 
Old 08-04-2018, 04:04 AM   #3
H1p8r10n
Member
 
Registered: Feb 2016
Location: on the border of milky way
Distribution: Slackware
Posts: 106

Original Poster
Rep: Reputation: Disabled
ok, waiting for next blueman package
 
Old 08-04-2018, 07:36 AM   #4
chrisVV
Member
 
Registered: Aug 2010
Posts: 306

Rep: Reputation: 117Reputation: 117
The latest blueman package now available in slackware-current does enable users within the 'netdev' group to use blueman (/etc/polkit-1/rules.d/30-blueman-netdev-allow-access.rules), but it would be nice to have consistency. To use blueman effectively, which means gaining access to bluetoothd via dbus, I have found that the user also has to be a member of the 'lp' group (/etc/dbus-1/system.d/bluetooth.conf); otherwise blueman-applet seems unable to see the bluetooth device in the user's session or allow the user to carry things such as pairing.

Maybe this is a quirk of my system and/or I have something else misconfigured, but if not it would be nice to have membership of one group being sufficient to use bluetooth properly.
 
Old 08-04-2018, 07:56 AM   #5
zakame
Member
 
Registered: Apr 2012
Distribution: Debian, Ubuntu, Slackware
Posts: 248

Rep: Reputation: 149Reputation: 149
Quote:
Originally Posted by chrisVV View Post
The latest blueman package now available in slackware-current does enable users within the 'netdev' group to use blueman (/etc/polkit-1/rules.d/30-blueman-netdev-allow-access.rules), but it would be nice to have consistency. To use blueman effectively, which means gaining access to bluetoothd via dbus, I have found that the user also has to be a member of the 'lp' group (/etc/dbus-1/system.d/bluetooth.conf); otherwise blueman-applet seems unable to see the bluetooth device in the user's session or allow the user to carry things such as pairing.

Maybe this is a quirk of my system and/or I have something else misconfigured, but if not it would be nice to have membership of one group being sufficient to use bluetooth properly.
I reckon on a default "adduser", it does prompt to add lp and other secondary groups (you need to press UP):

Code:
root@drift:~# adduser foo

Login name for new user: foo

User ID ('UID') [ defaults to next available ]: 

Initial group [ users ]: 
Additional UNIX groups:

Users can belong to additional UNIX groups on the system.
For local users using graphical desktop login managers such
as XDM/KDM, users may need to be members of additional groups
to access the full functionality of removable media devices.

* Security implications *
Please be aware that by adding users to additional groups may
potentially give access to the removable media of other users.

If you are creating a new user for remote shell access only,
users do not need to belong to any additional groups as standard,
so you may press ENTER at the next prompt.

Press ENTER to continue without adding any additional groups
Or press the UP arrow key to add/select/edit additional groups
:  audio cdrom floppy input lp netdev plugdev power scanner video
Looks like /etc/dbus-1/system.d/bluetooth.conf is for configuring bluez for sending print jobs over bluetooth, hence the need for 'lp'.
 
Old 08-04-2018, 08:03 AM   #6
chrisVV
Member
 
Registered: Aug 2010
Posts: 306

Rep: Reputation: 117Reputation: 117
Quote:
Originally Posted by zakame View Post
Looks like /etc/dbus-1/system.d/bluetooth.conf is for configuring bluez for sending print jobs over bluetooth, hence the need for 'lp'.
/etc/dbus-1/system.d/bluetooth.conf is for configuring bluez. As I said, if the user is not a member of 'lp' on my machine then the user's blueman session has no access to bluetooth. It has nothing in particular to do with printing (although printing is one of the things that could be done via bluetooth). It seems a bizarre choice of group name.

Are you saying that on your machine you can remove a user from the 'lp' group and still have that user using blueman effectively for everything except printing?
 
Old 08-04-2018, 09:07 AM   #7
zakame
Member
 
Registered: Apr 2012
Distribution: Debian, Ubuntu, Slackware
Posts: 248

Rep: Reputation: 149Reputation: 149
Quote:
Originally Posted by chrisVV View Post
Are you saying that on your machine you can remove a user from the 'lp' group and still have that user using blueman effectively for everything except printing?
Indeed, I just removed myself from lp and bluetooth-applet could not start:

Code:
[zakame:~] % groups zakame
zakame : users floppy audio video cdrom plugdev power netdev scanner
[zakame:~] % blueman-applet 
blueman-applet version 2.0.4 starting
_________
Load (/usr/lib64/python2.7/site-packages/blueman/main/PluginManager.py:60)
['Menu', 'RecentConns', 'TransferService', 'ExitItem', 'StandardItems', 'NMPANSupport', 'Headset', 'StatusIcon', 'PPPSupport', 'AuthAgent', 'NetUsage', 'Networking', 'DiscvManager', 'DBusService', 'DhcpClient', 'NMDUNSupport', 'KillSwitch', 'PowerManager', 'ShowConnected', 'SerialManager', 'GameControllerWakelock'] 
ERROR:dbus.proxies:Introspect error on :1.0:/: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.39" (uid=1000 pid=2977 comm="/usr/bin/python2.7 /usr/bin/blueman-applet ") interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply="0" destination=":1.0" (uid=0 pid=1027 comm="/usr/sbin/bluetoothd ")
Traceback (most recent call last):
  File "/usr/bin/blueman-applet", line 121, in <module>
    BluemanApplet()
  File "/usr/bin/blueman-applet", line 63, in __init__
    self.Plugins.Load()
  File "/usr/lib64/python2.7/site-packages/blueman/main/PluginManager.py", line 90, in Load
    __import__(self.module_path.__name__ + ".%s" % plugin, None, None, [])
  File "/usr/lib64/python2.7/site-packages/blueman/plugins/applet/AuthAgent.py", line 9, in <module>
    import blueman.main.applet.BluezAgent as BluezAgent
  File "/usr/lib64/python2.7/site-packages/blueman/main/applet/BluezAgent.py", line 23, in <module>
    from blueman.bluez.Agent import Agent, AgentMethod
  File "/usr/lib64/python2.7/site-packages/blueman/bluez/Agent.py", line 48, in <module>
    class Agent(dbus.service.Object):
  File "/usr/lib64/python2.7/site-packages/blueman/bluez/Agent.py", line 56, in Agent
    @AgentMethod
  File "/usr/lib64/python2.7/site-packages/blueman/bluez/Agent.py", line 38, in AgentMethod
    if BlueZInterface.get_interface_version()[0] < 5:
  File "/usr/lib64/python2.7/site-packages/blueman/bluez/BlueZInterface.py", line 17, in get_interface_version
    introspection = dbus.Interface(obj, 'org.freedesktop.DBus.Introspectable').Introspect()
  File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 70, in __call__
    return self._proxy_method(*args, **keywords)
  File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
    **keywords)
  File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
    message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 2 matched rules; type="method_call", sender=":1.39" (uid=1000 pid=2977 comm="/usr/bin/python2.7 /usr/bin/blueman-applet ") interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply="0" destination=":1.0" (uid=0 pid=1027 comm="/usr/sbin/bluetoothd ")
/etc/dbus-1/system.d/bluetooth.conf comes from upstream, and this particular commit adds the lp access. I suppose the file could be patched to add netdev, as well as lp.
 
Old 08-04-2018, 09:29 AM   #8
chrisVV
Member
 
Registered: Aug 2010
Posts: 306

Rep: Reputation: 117Reputation: 117
Quote:
Originally Posted by zakame View Post
I suppose the file could be patched to add netdev, as well as lp.
Since the polkit-1 authorization configuration for blueman now refers to the 'netdev' group, which seems perfectly reasonable, I would modify the access rules for bluez's dbus interface (as used by blueman) also to refer to netdev. I would just replace the reference to 'lp' with a reference to 'netdev', but if people are squeamish about that I guess it could be added instead.
 
Old 08-04-2018, 09:45 AM   #9
zakame
Member
 
Registered: Apr 2012
Distribution: Debian, Ubuntu, Slackware
Posts: 248

Rep: Reputation: 149Reputation: 149
Also, the polkit rule needs to be added in blueman for -stable as well.
 
Old 08-04-2018, 03:18 PM   #10
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,019

Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
Quote:
Originally Posted by chrisVV View Post
/etc/dbus-1/system.d/bluetooth.conf is for configuring bluez. As I said, if the user is not a member of 'lp' on my machine then the user's blueman session has no access to bluetooth. It has nothing in particular to do with printing (although printing is one of the things that could be done via bluetooth). It seems a bizarre choice of group name.
That was upstream's choice, not Slackware's.
 
Old 08-04-2018, 04:11 PM   #11
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,570

Rep: Reputation: 4753Reputation: 4753Reputation: 4753Reputation: 4753Reputation: 4753Reputation: 4753Reputation: 4753Reputation: 4753Reputation: 4753Reputation: 4753Reputation: 4753
Quote:
Originally Posted by zakame View Post
Also, the polkit rule needs to be added in blueman for -stable as well.
Is the behavior of blueman on -stable a regression, or is it acting like it always did? As far as I can tell, we never previously shipped a polkit rule for blueman.
 
Old 08-04-2018, 05:48 PM   #12
Skaendo
Member
 
Registered: Dec 2014
Location: West Texas, USA
Distribution: Slackware64-14.2
Posts: 747

Rep: Reputation: Disabled
For 14.2 I had to add a 10-blueman.rules as suggested in this thread: https://www.linuxquestions.org/quest...6/#post5887256 except that I used the format from here: https://github.com/blueman-project/b...wiki/PolicyKit and replaced wheel with netdev

Code:
/* Allow users in netdev group to use blueman feature requiring root without authentication */
polkit.addRule(function(action, subject) {
    if ((action.id == "org.blueman.network.setup" ||
         action.id == "org.blueman.dhcp.client" ||
         action.id == "org.blueman.rfkill.setstate" ||
         action.id == "org.blueman.pppd.pppconnect") &&
        subject.isInGroup("netdev")) {
        return polkit.Result.YES;
    }
});
 
2 members found this post helpful.
Old 08-04-2018, 09:28 PM   #13
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,019

Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
Quote:
Originally Posted by volkerdi View Post
Is the behavior of blueman on -stable a regression, or is it acting like it always did? As far as I can tell, we never previously shipped a polkit rule for blueman.
It appears to be a regression. I was mildly surprised by the popup asking for root access to run rfkill after a post-blueman-upgrade reboot.
 
2 members found this post helpful.
Old 08-04-2018, 10:49 PM   #14
zakame
Member
 
Registered: Apr 2012
Distribution: Debian, Ubuntu, Slackware
Posts: 248

Rep: Reputation: 149Reputation: 149
Quote:
Originally Posted by volkerdi View Post
Is the behavior of blueman on -stable a regression, or is it acting like it always did? As far as I can tell, we never previously shipped a polkit rule for blueman.
I had to add the same polkit rule on my -stable as well, otherwise I'd get an alert window.
 
Old 08-11-2018, 07:07 PM   #15
Skaendo
Member
 
Registered: Dec 2014
Location: West Texas, USA
Distribution: Slackware64-14.2
Posts: 747

Rep: Reputation: Disabled
I just did a fresh install of 14.2, updated it and had to add the 10-buleman.rules to fix its behavior again.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ User Control Panel>Private Messages>List Messages bad behaviour? stf92 LQ Suggestions & Feedback 3 09-02-2017 07:27 AM
[SOLVED] Bad Monitor and/or Bad Graphic Card or Just Plain Bad Luck Steve R. Linux - Hardware 12 08-27-2014 01:52 PM
Bad, Bad, BAD! (Firefox is basically ditching html5 video support) smeezekitty General 11 05-05-2010 06:29 PM
Gnome Desktop Window Behaviour = Bad Virtuality Linux - Software 0 01-02-2008 07:21 AM
Strange XServer behaviour on startup elven Linux - Newbie 2 01-25-2005 09:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration