severity 1017988 normal
found 1017988 5.66-1
thanks
Raising severity as this warning concerns more than one user. My journal has
this:
Jul 29 00:10:33 AnonymizedMachineName kernel: Bluetooth: hci0: BCM: firmware
Patch file not found, tried:
Jul 29 00:10:33 AnonymizedMachineName kernel: Bluetooth: hci0: BCM:
'brcm/BCM20702A1-413c-8197.hcd'
Jul 29 00:10:33 AnonymizedMachineName kernel: Bluetooth: hci0: BCM:
'brcm/BCM-413c-8197.hcd'
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Starting
accounts-daemon.service - Accounts Service...
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Started acpi-fakekey.service
- ACPI fakekey daemon.
Jul 29 00:10:33 AnonymizedMachineName kernel: ACPI: AC: AC Adapter [AC]
(off-line)
Jul 29 00:10:33 AnonymizedMachineName kernel: input: ACPI Virtual Keyboard
Device as /devices/virtual/input/input23
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Started acpi-support.service
- ACPI support daemon.
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Started acpid.service - ACPI
event daemon.
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: anacron.service - Run anacron
jobs was skipped because of an unmet condition check (ConditionACPower=true).
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Starting avahi-daemon.service
- Avahi mDNS/DNS-SD Stack...
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Starting bluetooth.service -
Bluetooth service...
Jul 29 00:10:33 AnonymizedMachineName (uetoothd)[713]: ConfigurationDirectory
'bluetooth' already exists but the mode is different. (File system: 755
ConfigurationDirectoryMode: 555)
Let's take a look at various bluetooth-related directories:
# find / -type d -iname \*blue\* -exec ls -lad {} \;
…
find: ‘/run/user/1000/doc’: Keine Berechtigung
find: ‘/run/user/1000/gvfs’: Keine Berechtigung
drw------- 2 root root 40 29. Jul 00:10 /run/systemd/propagate/bluetooth.service
drwx------ 3 root root 4096 3. Okt 2012 /var/lib/bluetooth
drwxr-xr-x 2 root root 4096 27. Apr 2015
/var/lib/systemd/deb-systemd-helper-enabled/bluetooth.target.wants
drwx------ 3 root root 4096 29. Jul 00:10
/var/tmp/systemd-private-1b81fdf5b8874508bc9eae082c60fc15-bluetooth.service-HCJpfF
drwxr-xr-x 2 root root 4096 13. Jul 16:43 /etc/bluetooth
drwxr-xr-x 2 root root 4096 27. Apr 2015
/etc/systemd/system/bluetooth.target.wants
…
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/libexec/bluetooth
drwxr-xr-x 3 root root 4096 28. Apr 2015 /usr/lib/x86_64-linux-gnu/bluetooth
drwxr-xr-x 2 root root 4096 13. Jul 22:54
/usr/lib/x86_64-linux-gnu/spa-0.2/bluez5
drwxr-xr-x 2 root root 4096 14. Jul 03:08
/usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/bluezqt
drwxr-xr-x 6 root root 4096 22. Jul 17:25
/usr/lib/modules/6.1.0-10-amd64/kernel/net/bluetooth
drwxr-xr-x 2 root root 4096 22. Jul 17:25
/usr/lib/modules/6.1.0-10-amd64/kernel/drivers/bluetooth
drwxr-xr-x 2 root root 4096 13. Jul 22:44 /usr/share/wireplumber/bluetooth.lua.d
…
drwxr-xr-x 2 root root 4096 13. Jul 22:44
/usr/share/doc/gir1.2-gnomebluetooth-3.0
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/bluez-cups
drwxr-xr-x 2 root root 4096 14. Jul 03:08 /usr/share/doc/libkf5bluezqt-data
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/bluez-obexd
drwxr-xr-x 2 root root 4096 13. Jul 22:54 /usr/share/doc/libspa-0.2-bluetooth
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/bluetooth
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/libbluetooth3
drwxr-xr-x 2 root root 4096 13. Jul 22:44
/usr/share/doc/libgnome-bluetooth-ui-3.0-13
drwxr-xr-x 2 root root 4096 14. Jul 03:08 /usr/share/doc/libkf5bluezqt6
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/bluez
drwxr-xr-x 2 root root 4096 13. Jul 22:39
/usr/share/doc/libgnome-bluetooth-3.0-13
…
drwxr-xr-x 2 root root 4096 13. Jul 22:39
/usr/share/doc/gnome-bluetooth-3-common
drwxr-xr-x 2 root root 4096 13. Jul 22:44 /usr/share/doc/gnome-bluetooth-sendto
drwxr-xr-x 2 root root 4096 14. Jul 03:08
/usr/share/doc/qml-module-org-kde-bluezqt
drwxr-xr-x 2 root root 4096 13. Jul 22:54 /usr/share/spa-0.2/bluez5
drwxr-xr-x 2 root root 4096 13. Jul 22:39 /usr/share/gnome-bluetooth-3.0
drwx------ 3 root root 60 29. Jul 00:10
/tmp/systemd-private-1b81fdf5b8874508bc9eae082c60fc15-bluetooth.service-Y0ZhEd
drwxr-xr-x 3 root root 0 29. Jul 00:10 /sys/kernel/debug/bluetooth
drwxr-xr-x 2 root root 0 29. Jul 00:10 /sys/class/bluetooth
drwxr-xr-x 3 root root 0 29. Jul 00:10
/sys/devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.4/3-1.4:1.0/bluetooth
drwxr-xr-x 2 root root 0 29. Jul 00:10
/sys/fs/cgroup/system.slice/bluetooth.service
drwxr-xr-x 6 root root 0 29. Jul 00:10 /sys/module/bluetooth
These are many directories. Running
# find / -type d -iname \*blue\* -exec dpkg -S {} \;
yields /etc/bluetooth, /usr/libexec/bluetooth,
/usr/lib/x86_64-linux-gnu/bluetooth, /usr/share/doc/bluez as belonging to the
package bluez, so (regardless of which permissions of which directories should
be set differently, why, and how) the warning better be more specific and
provide the full path to the directory, whichever it might be. (“Configuration”
hints to /etc/…, but you never know ….)
As for ConfigurationDirectoryMode, the machine in question on has the following
in /usr/lib/systemd/system/bluetooth.service:
[Unit]
Description=Bluetooth service
Documentation=man:bluetoothd(8)
ConditionPathIsDirectory=/sys/class/bluetooth
[Service]
Type=dbus
BusName=org.bluez
ExecStart=/usr/libexec/bluetooth/bluetoothd
NotifyAccess=main
#WatchdogSec=10
#Restart=on-failure
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
LimitNPROC=1
# Filesystem lockdown
ProtectHome=true
ProtectSystem=strict
PrivateTmp=true
ProtectKernelTunables=true
ProtectControlGroups=true
StateDirectory=bluetooth
StateDirectoryMode=0700
ConfigurationDirectory=bluetooth
ConfigurationDirectoryMode=0555
# Execute Mappings
MemoryDenyWriteExecute=true
# Privilege escalation
NoNewPrivileges=true
# Real-time
RestrictRealtime=true
[Install]
WantedBy=bluetooth.target
Alias=dbus-org.bluez.service
Now, a warning should warn the user or at least the admin. I admit, I feel
warned. In plain English, what is it that could/should make me unhappy? What
kind of havoc might occur to me, and how to avoid it?
Gratefully,
AlMa
