* [PATCH v2 BlueZ 0/2] obexd: only run one instance at once
@ 2025-04-18 15:30 Andrew Sayers
2025-04-18 15:30 ` [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles Andrew Sayers
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Andrew Sayers @ 2025-04-18 15:30 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Andrew Sayers
Obex is a device-oriented protocol, so only one instance can run per device.
But Linux file security is user-oriented, so obexd should be a user service.
Tell systemd to only run this service for the first non-system user to log in.
This series causes systemd not to run obexd if it would just generate errors,
after adding a new bluez.tmpfiles file that distributors will need to install.
Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org>
---
V1 -> V2 add a hint in obex.service.in about installing the tmpfile
(recommended by Luiz Augusto von Dentz)
Andrew Sayers (2):
build: add bluez.tmpfiles
obexd: only run one instance at once
.gitignore | 1 +
configure.ac | 1 +
obexd/src/obex.service.in | 9 +++++++++
tools/bluez.tmpfiles.in | 1 +
4 files changed, 12 insertions(+)
^ permalink raw reply [flat|nested] 8+ messages in thread* [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles 2025-04-18 15:30 [PATCH v2 BlueZ 0/2] obexd: only run one instance at once Andrew Sayers @ 2025-04-18 15:30 ` Andrew Sayers 2025-04-18 15:35 ` Luiz Augusto von Dentz 2025-04-18 15:30 ` [PATCH BlueZ v2 2/2] obexd: only run one instance at once Andrew Sayers 2025-04-18 16:16 ` [PATCH v2 BlueZ 0/2] " Pauli Virtanen 2 siblings, 1 reply; 8+ messages in thread From: Andrew Sayers @ 2025-04-18 15:30 UTC (permalink / raw) To: linux-bluetooth; +Cc: Andrew Sayers Systemd tmpfiles ensure the status of particular files. Add a file that bluez can use in future. Distributors should install the new "tools/bluez.tmpfiles" file, e.g. by moving it to `debian/bluez.tmpfile` or using Fedora's `%{_tmpfilesdir}` variable. Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org> --- .gitignore | 1 + configure.ac | 1 + tools/bluez.tmpfiles.in | 0 3 files changed, 2 insertions(+) create mode 100644 tools/bluez.tmpfiles.in diff --git a/.gitignore b/.gitignore index 108c3b820..e4431443f 100644 --- a/.gitignore +++ b/.gitignore @@ -157,6 +157,7 @@ obexd/src/obex.service obexd/src/org.bluez.obex.service tools/obex-client-tool tools/obex-server-tool +tools/bluez.tmpfiles unit/test-gobex unit/test-gobex-apparam unit/test-gobex-header diff --git a/configure.ac b/configure.ac index 1e089aaa7..4ebd513d6 100644 --- a/configure.ac +++ b/configure.ac @@ -530,5 +530,6 @@ AC_CONFIG_FILES( src/bluetooth.service tools/bluetooth-logger.service tools/mpris-proxy.service + tools/bluez.tmpfiles ) AC_OUTPUT diff --git a/tools/bluez.tmpfiles.in b/tools/bluez.tmpfiles.in new file mode 100644 index 000000000..e69de29bb -- 2.49.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles 2025-04-18 15:30 ` [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles Andrew Sayers @ 2025-04-18 15:35 ` Luiz Augusto von Dentz 2025-04-18 16:40 ` Andrew Sayers 0 siblings, 1 reply; 8+ messages in thread From: Luiz Augusto von Dentz @ 2025-04-18 15:35 UTC (permalink / raw) To: Andrew Sayers; +Cc: linux-bluetooth Hi Andrew, On Fri, Apr 18, 2025 at 11:31 AM Andrew Sayers <kernel.org@pileofstuff.org> wrote: > > Systemd tmpfiles ensure the status of particular files. > Add a file that bluez can use in future. > > Distributors should install the new "tools/bluez.tmpfiles" file, e.g. by > moving it to `debian/bluez.tmpfile` or using Fedora's `%{_tmpfilesdir}` > variable. I thought we would not be adding this anymore with the addition to '-' prefix and the added comments that should be left to distros to figure it out. > Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org> > --- > .gitignore | 1 + > configure.ac | 1 + > tools/bluez.tmpfiles.in | 0 > 3 files changed, 2 insertions(+) > create mode 100644 tools/bluez.tmpfiles.in > > diff --git a/.gitignore b/.gitignore > index 108c3b820..e4431443f 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -157,6 +157,7 @@ obexd/src/obex.service > obexd/src/org.bluez.obex.service > tools/obex-client-tool > tools/obex-server-tool > +tools/bluez.tmpfiles > unit/test-gobex > unit/test-gobex-apparam > unit/test-gobex-header > diff --git a/configure.ac b/configure.ac > index 1e089aaa7..4ebd513d6 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -530,5 +530,6 @@ AC_CONFIG_FILES( > src/bluetooth.service > tools/bluetooth-logger.service > tools/mpris-proxy.service > + tools/bluez.tmpfiles > ) > AC_OUTPUT > diff --git a/tools/bluez.tmpfiles.in b/tools/bluez.tmpfiles.in > new file mode 100644 > index 000000000..e69de29bb > -- > 2.49.0 > > -- Luiz Augusto von Dentz ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles 2025-04-18 15:35 ` Luiz Augusto von Dentz @ 2025-04-18 16:40 ` Andrew Sayers 2025-04-18 17:26 ` Pauli Virtanen 0 siblings, 1 reply; 8+ messages in thread From: Andrew Sayers @ 2025-04-18 16:40 UTC (permalink / raw) To: Luiz Augusto von Dentz; +Cc: linux-bluetooth, Pauli Virtanen On 18/04/2025 16:35, Luiz Augusto von Dentz wrote: > Hi Andrew, > > On Fri, Apr 18, 2025 at 11:31 AM Andrew Sayers > <kernel.org@pileofstuff.org> wrote: >> Systemd tmpfiles ensure the status of particular files. >> Add a file that bluez can use in future. >> >> Distributors should install the new "tools/bluez.tmpfiles" file, e.g. by >> moving it to `debian/bluez.tmpfile` or using Fedora's `%{_tmpfilesdir}` >> variable. > I thought we would not be adding this anymore with the addition to '-' > prefix and the added comments that should be left to distros to figure > it out. Ah sorry, I thought you meant to add the comment *instead of* the '-'. Leaving it to distro's feels a bit dangerous, but Pauli Virtanen's idea seems like a better approach anyway (thanks Pauli!). I'll take a look at that and should be back with a v3 next week. > >> Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org> >> --- >> .gitignore | 1 + >> configure.ac | 1 + >> tools/bluez.tmpfiles.in | 0 >> 3 files changed, 2 insertions(+) >> create mode 100644 tools/bluez.tmpfiles.in >> >> diff --git a/.gitignore b/.gitignore >> index 108c3b820..e4431443f 100644 >> --- a/.gitignore >> +++ b/.gitignore >> @@ -157,6 +157,7 @@ obexd/src/obex.service >> obexd/src/org.bluez.obex.service >> tools/obex-client-tool >> tools/obex-server-tool >> +tools/bluez.tmpfiles >> unit/test-gobex >> unit/test-gobex-apparam >> unit/test-gobex-header >> diff --git a/configure.ac b/configure.ac >> index 1e089aaa7..4ebd513d6 100644 >> --- a/configure.ac >> +++ b/configure.ac >> @@ -530,5 +530,6 @@ AC_CONFIG_FILES( >> src/bluetooth.service >> tools/bluetooth-logger.service >> tools/mpris-proxy.service >> + tools/bluez.tmpfiles >> ) >> AC_OUTPUT >> diff --git a/tools/bluez.tmpfiles.in b/tools/bluez.tmpfiles.in >> new file mode 100644 >> index 000000000..e69de29bb >> -- >> 2.49.0 >> >> > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles 2025-04-18 16:40 ` Andrew Sayers @ 2025-04-18 17:26 ` Pauli Virtanen 2025-04-18 18:09 ` Luiz Augusto von Dentz 0 siblings, 1 reply; 8+ messages in thread From: Pauli Virtanen @ 2025-04-18 17:26 UTC (permalink / raw) To: Andrew Sayers, Luiz Augusto von Dentz; +Cc: linux-bluetooth pe, 2025-04-18 kello 17:40 +0100, Andrew Sayers kirjoitti: > On 18/04/2025 16:35, Luiz Augusto von Dentz wrote: > > Hi Andrew, > > > > On Fri, Apr 18, 2025 at 11:31 AM Andrew Sayers > > <kernel.org@pileofstuff.org> wrote: > > > Systemd tmpfiles ensure the status of particular files. > > > Add a file that bluez can use in future. > > > > > > Distributors should install the new "tools/bluez.tmpfiles" file, e.g. by > > > moving it to `debian/bluez.tmpfile` or using Fedora's `%{_tmpfilesdir}` > > > variable. > > I thought we would not be adding this anymore with the addition to '-' > > prefix and the added comments that should be left to distros to figure > > it out. > > Ah sorry, I thought you meant to add the comment *instead of* the '-'. > Leaving it to distro's feels a bit dangerous, but Pauli Virtanen's idea > seems like a better approach anyway (thanks Pauli!). > > I'll take a look at that and should be back with a v3 next week. Note though that the seat state monitoring also has some drawbacks, e.g. ssh logins are not considered "active" so for headless / system- wide obexd configurations you'd probably want some command-line or configuration option to disable the feature. > > > Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org> > > > --- > > > .gitignore | 1 + > > > configure.ac | 1 + > > > tools/bluez.tmpfiles.in | 0 > > > 3 files changed, 2 insertions(+) > > > create mode 100644 tools/bluez.tmpfiles.in > > > > > > diff --git a/.gitignore b/.gitignore > > > index 108c3b820..e4431443f 100644 > > > --- a/.gitignore > > > +++ b/.gitignore > > > @@ -157,6 +157,7 @@ obexd/src/obex.service > > > obexd/src/org.bluez.obex.service > > > tools/obex-client-tool > > > tools/obex-server-tool > > > +tools/bluez.tmpfiles > > > unit/test-gobex > > > unit/test-gobex-apparam > > > unit/test-gobex-header > > > diff --git a/configure.ac b/configure.ac > > > index 1e089aaa7..4ebd513d6 100644 > > > --- a/configure.ac > > > +++ b/configure.ac > > > @@ -530,5 +530,6 @@ AC_CONFIG_FILES( > > > src/bluetooth.service > > > tools/bluetooth-logger.service > > > tools/mpris-proxy.service > > > + tools/bluez.tmpfiles > > > ) > > > AC_OUTPUT > > > diff --git a/tools/bluez.tmpfiles.in b/tools/bluez.tmpfiles.in > > > new file mode 100644 > > > index 000000000..e69de29bb > > > -- > > > 2.49.0 > > > > > > > > -- Pauli Virtanen ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles 2025-04-18 17:26 ` Pauli Virtanen @ 2025-04-18 18:09 ` Luiz Augusto von Dentz 0 siblings, 0 replies; 8+ messages in thread From: Luiz Augusto von Dentz @ 2025-04-18 18:09 UTC (permalink / raw) To: Pauli Virtanen; +Cc: Andrew Sayers, linux-bluetooth Hi Pauli, On Fri, Apr 18, 2025 at 1:26 PM Pauli Virtanen <pav@iki.fi> wrote: > > pe, 2025-04-18 kello 17:40 +0100, Andrew Sayers kirjoitti: > > On 18/04/2025 16:35, Luiz Augusto von Dentz wrote: > > > Hi Andrew, > > > > > > On Fri, Apr 18, 2025 at 11:31 AM Andrew Sayers > > > <kernel.org@pileofstuff.org> wrote: > > > > Systemd tmpfiles ensure the status of particular files. > > > > Add a file that bluez can use in future. > > > > > > > > Distributors should install the new "tools/bluez.tmpfiles" file, e.g. by > > > > moving it to `debian/bluez.tmpfile` or using Fedora's `%{_tmpfilesdir}` > > > > variable. > > > I thought we would not be adding this anymore with the addition to '-' > > > prefix and the added comments that should be left to distros to figure > > > it out. > > > > Ah sorry, I thought you meant to add the comment *instead of* the '-'. > > Leaving it to distro's feels a bit dangerous, but Pauli Virtanen's idea > > seems like a better approach anyway (thanks Pauli!). > > > > I'll take a look at that and should be back with a v3 next week. > > Note though that the seat state monitoring also has some drawbacks, > e.g. ssh logins are not considered "active" so for headless / system- > wide obexd configurations you'd probably want some command-line or > configuration option to disable the feature. I wonder if it wouldn't make sense to add seat options directly into the systemd service file so it does the monitoring by itself rather than each component having to do it on its own. > > > > Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org> > > > > --- > > > > .gitignore | 1 + > > > > configure.ac | 1 + > > > > tools/bluez.tmpfiles.in | 0 > > > > 3 files changed, 2 insertions(+) > > > > create mode 100644 tools/bluez.tmpfiles.in > > > > > > > > diff --git a/.gitignore b/.gitignore > > > > index 108c3b820..e4431443f 100644 > > > > --- a/.gitignore > > > > +++ b/.gitignore > > > > @@ -157,6 +157,7 @@ obexd/src/obex.service > > > > obexd/src/org.bluez.obex.service > > > > tools/obex-client-tool > > > > tools/obex-server-tool > > > > +tools/bluez.tmpfiles > > > > unit/test-gobex > > > > unit/test-gobex-apparam > > > > unit/test-gobex-header > > > > diff --git a/configure.ac b/configure.ac > > > > index 1e089aaa7..4ebd513d6 100644 > > > > --- a/configure.ac > > > > +++ b/configure.ac > > > > @@ -530,5 +530,6 @@ AC_CONFIG_FILES( > > > > src/bluetooth.service > > > > tools/bluetooth-logger.service > > > > tools/mpris-proxy.service > > > > + tools/bluez.tmpfiles > > > > ) > > > > AC_OUTPUT > > > > diff --git a/tools/bluez.tmpfiles.in b/tools/bluez.tmpfiles.in > > > > new file mode 100644 > > > > index 000000000..e69de29bb > > > > -- > > > > 2.49.0 > > > > > > > > > > > > > -- > Pauli Virtanen -- Luiz Augusto von Dentz ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH BlueZ v2 2/2] obexd: only run one instance at once 2025-04-18 15:30 [PATCH v2 BlueZ 0/2] obexd: only run one instance at once Andrew Sayers 2025-04-18 15:30 ` [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles Andrew Sayers @ 2025-04-18 15:30 ` Andrew Sayers 2025-04-18 16:16 ` [PATCH v2 BlueZ 0/2] " Pauli Virtanen 2 siblings, 0 replies; 8+ messages in thread From: Andrew Sayers @ 2025-04-18 15:30 UTC (permalink / raw) To: linux-bluetooth; +Cc: Andrew Sayers Obex is a device-oriented protocol, so only one instance can run per device. But Linux file security is user-oriented, so obexd should be a user service. Tell systemd to only run this service for the first non-system user to log in. Without this patch, errors like the following will occur if you use the "switch account" feature of your desktop environment, then log in with another account: Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001133-0000-1000-8000-00805f9b34fb which is already registered Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001132-0000-1000-8000-00805f9b34fb which is already registered Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 0000112f-0000-1000-8000-00805f9b34fb which is already registered Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001104-0000-1000-8000-00805f9b34fb which is already registered Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001106-0000-1000-8000-00805f9b34fb which is already registered Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001105-0000-1000-8000-00805f9b34fb which is already registered Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00005005-0000-1000-8000-0002ee000001 which is already registered Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered The above errors indicate the service completely failed to register, so this does not change the user experience beyond removing the above messages. Specifically, the first user who logs in to a multi-user system still retains obex access to devices paired by users who log in later. This is based on a pair of recent changes to the FluidSynth daemon: https://github.com/FluidSynth/fluidsynth/pull/1491 https://github.com/FluidSynth/fluidsynth/pull/1528 This was discussed in the comments for a GitHub advisory available at https://github.com/bluez/bluez/security/advisories/GHSA-fpgq-25xf-jcwv but comments are not shown in the published version of the advisory. To summarise the useful conversation with Luiz Augusto von Dentz: Obex requires access to the user's home directory, so an attacker can only transfer files between locations the user controls. That may be a problem if the user who runs obexd is different to the user who paired the device, but solving that would involve pairing per-user, which causes other problems. Bluetooth connections can be initiated by peripherals, so switching user could trigger re-pairing and cause the original user to lose access to the device. This may seem reasonable for file access, but for example users would likely object to constantly re-pairing their Bluetooth keyboard. Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org> --- obexd/src/obex.service.in | 9 +++++++++ tools/bluez.tmpfiles.in | 1 + 2 files changed, 10 insertions(+) diff --git a/obexd/src/obex.service.in b/obexd/src/obex.service.in index cf4d8c985..f269bc513 100644 --- a/obexd/src/obex.service.in +++ b/obexd/src/obex.service.in @@ -1,10 +1,19 @@ [Unit] Description=Bluetooth OBEX service +# This is a user-specific service, but bluetooth is a device-specific protocol. +# Only run one instance at a time, even if multiple users log in at once: +ConditionPathExists=!/run/lock/bluez/obexd.lock +ConditionUser=!@system [Service] Type=dbus BusName=org.bluez.obex ExecStart=@PKGLIBEXECDIR@/obexd +# If the service fails on the following line, please ensure +# the bluez tmpfile has been installed in /usr/lib/tmpfiles.d/ +ExecStartPre=touch /run/lock/bluez/obexd.lock +ExecStopPost=rm -f /run/lock/bluez/obexd.lock + [Install] Alias=dbus-org.bluez.obex.service diff --git a/tools/bluez.tmpfiles.in b/tools/bluez.tmpfiles.in index e69de29bb..05b8ad65c 100644 --- a/tools/bluez.tmpfiles.in +++ b/tools/bluez.tmpfiles.in @@ -0,0 +1 @@ +d /run/lock/bluez 0777 root root -- 2.49.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2 BlueZ 0/2] obexd: only run one instance at once 2025-04-18 15:30 [PATCH v2 BlueZ 0/2] obexd: only run one instance at once Andrew Sayers 2025-04-18 15:30 ` [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles Andrew Sayers 2025-04-18 15:30 ` [PATCH BlueZ v2 2/2] obexd: only run one instance at once Andrew Sayers @ 2025-04-18 16:16 ` Pauli Virtanen 2 siblings, 0 replies; 8+ messages in thread From: Pauli Virtanen @ 2025-04-18 16:16 UTC (permalink / raw) To: Andrew Sayers, linux-bluetooth Hi, pe, 2025-04-18 kello 16:30 +0100, Andrew Sayers kirjoitti: > Obex is a device-oriented protocol, so only one instance can run per device. > But Linux file security is user-oriented, so obexd should be a user service. > Tell systemd to only run this service for the first non-system user to log in. Sound servers have this same problem. As there's no concept of multiple users in BlueZ, the solution there is to monitor systemd/elogind seat state, and detach the user process from bluetoothd if the seat is inactive. How to do the monitoring, see: https://gitlab.freedesktop.org/pipewire/wireplumber/-/blob/master/modules/module-logind.c#L52 > > This series causes systemd not to run obexd if it would just generate errors, > after adding a new bluez.tmpfiles file that distributors will need to install. > > Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org> > --- > > V1 -> V2 add a hint in obex.service.in about installing the tmpfile > (recommended by Luiz Augusto von Dentz) > > Andrew Sayers (2): > build: add bluez.tmpfiles > obexd: only run one instance at once > > .gitignore | 1 + > configure.ac | 1 + > obexd/src/obex.service.in | 9 +++++++++ > tools/bluez.tmpfiles.in | 1 + > 4 files changed, 12 insertions(+) ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-04-18 18:09 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-04-18 15:30 [PATCH v2 BlueZ 0/2] obexd: only run one instance at once Andrew Sayers 2025-04-18 15:30 ` [PATCH BlueZ v2 1/2] build: add bluez.tmpfiles Andrew Sayers 2025-04-18 15:35 ` Luiz Augusto von Dentz 2025-04-18 16:40 ` Andrew Sayers 2025-04-18 17:26 ` Pauli Virtanen 2025-04-18 18:09 ` Luiz Augusto von Dentz 2025-04-18 15:30 ` [PATCH BlueZ v2 2/2] obexd: only run one instance at once Andrew Sayers 2025-04-18 16:16 ` [PATCH v2 BlueZ 0/2] " Pauli Virtanen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox