The dbus interface is inaccessible from a regular user, so one has to edit /etc/dbus-1/system.d/bluetooth.conf. This has a few shortcomings: 1) You can easily mess up if you aren't familiar with dbus, and allow something which you shouldn't. 2) Leads to another configuration file for which you should watch during etc-update, and all the related problems. As having an additional group matches almost all cases where one would play with system.d/bluetooth.conf, I propose in the addition to the current policy at_console="true", a policy group="bluetooth" to be created, together with the bluetooth group. Like this (copied from the default Debian installation of BlueZ): <policy group="bluetooth"> <allow send_destination="org.bluez"/> </policy> I understand that it is assumed that the consolekit policy should be enough, but for some weird reason it doesn't work for me, and also you need to use this for remote access to the bluetooth device, or for running local daemons that access the bluetooth device. Reproducible: Always
Actually, I asked devs to place group="plugdev" in bluetooth.conf and in fact, it's in tree now. Some devs raised the fact that ConsoleKit should be used instead but I am personally against it (don't ask me about my opinion about ConsoleKit please) because we have "plugdev" group already in use in other parts of the system. Anyway, I'd like to have it fixed in a proper, definitive way too.
(In reply to comment #1) > Actually, I asked devs to place group="plugdev" in bluetooth.conf and in fact, > it's in tree now. > > Some devs raised the fact that ConsoleKit should be used instead but I am > personally against it (don't ask me about my opinion about ConsoleKit please) > because we have "plugdev" group already in use in other parts of the system. > > Anyway, I'd like to have it fixed in a proper, definitive way too. Which is to use ConsoleKit. The process is as follows: ConsoleKit is being called via pam when a user logs in, creating the /var/run/console/<USERNAME> file, allowing the at_console policy in bluetooth.conf being evaluated to true if the user is local. No need for plugdev and no need for yet another bluetooth group.
net-wireless/kbluetooth has now, ewarn "net-wireless/bluez can't work as normal user, so you need to setup" ewarn "your dbus privilege granting yourself, see bug:" ewarn "http://bugs.gentoo.org/279616" since people kept coming to me asking why their device can't be used from GUI, but only from command-line.
(In reply to comment #3) > net-wireless/kbluetooth has now, > > ewarn "net-wireless/bluez can't work as normal user, so you need to setup" > ewarn "your dbus privilege granting yourself, see bug:" > ewarn "http://bugs.gentoo.org/279616" > > since people kept coming to me asking why their device can't be used from GUI, > but only from command-line. Now that I have followed directions, i.e. "seen BUG 279616", I have no idea what I should do. Surely I am dumb, but perhaps the ewarn could be made clearer?
I have tried to follow the instructions explained her but I still can't use kbluetooth. The file /etc/dbus/system.d/bluetooth.conf now contains the following lines: <policy user="root"> <allow own="org.bluez"/> <allow send_destination="org.bluez"/> <allow send_interface="org.bluez.Agent"/> </policy> <policy at_console="true"> <allow own="org.bluez"/> <allow send_destination="org.bluez"/> <allow send_interface="org.bluez.Agent"/> </policy> <policy group="plugdev"> <allow own="org.bluez"/> <allow send_destination="org.bluez"/> <allow send_interface="org.bluez.Agent"/> </policy> <policy context="default"> <deny send_destination="org.bluez"/> I am a member of the plugdev group and kbluetoth still doesn't work as a normal user even if the policy for the group plugdev is the same as for root. Using kdesu to launch kbluetooth as root works but I don't thinks it's the best solution ! Can somebody explain what's happening ?
Please forget my previous comment. I had inadvertently disabled the bluetooth adapter on my laptop !
(In reply to comment #6) > Please forget my previous comment. I had inadvertently disabled the bluetooth > adapter on my laptop ! > has this now been added to the ebuild and therefore fixed please as there is allready a file with very simular contents called : File: /etc/dbus-1/system.d/bluetooth.conf <!-- This configuration file specifies the required security policies for Bluetooth core daemon to work. --> <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <!-- ../system.conf have denied everything, so we just punch some holes --> <policy user="root"> <allow own="org.bluez"/> <allow send_destination="org.bluez"/> <allow send_interface="org.bluez.Agent"/> </policy> <policy at_console="true"> <allow send_destination="org.bluez"/> </policy> <policy context="default"> <deny send_destination="org.bluez"/> </policy> </busconfig>
Added to /etc/dbus-1/system.d/bluetooth.conf: <policy group="plugdev"> <allow own="org.bluez"/> <allow send_destination="org.bluez"/> <allow send_interface="org.bluez.Agent"/> </policy> And now bluetooth works (tested with kbluetooth). Is this a good fix or just a hack? I'm using net-wireless/bluez-4.39-r2 but the fix is not present.
(In reply to comment #8) > Added to /etc/dbus-1/system.d/bluetooth.conf: > > <policy group="plugdev"> > <allow own="org.bluez"/> > <allow send_destination="org.bluez"/> > <allow send_interface="org.bluez.Agent"/> > </policy> > > And now bluetooth works (tested with kbluetooth). Is this a good fix or just a > hack? I'm using net-wireless/bluez-4.39-r2 but the fix is not present. > That looks correct to me and that's what our bluez should be installing until all this policykit vs. polkit and hal deprecation has been completed by upstream(s). Unfortunately I'm not the maintainer...
This support already exists in the latest ebuild via the plugdev group.
(In reply to comment #10) > This support already exists in the latest ebuild via the plugdev group. My bluetooth.conf - freshly installed - doesn't mention the plugdev group at all. This is for net-wireless/bluez-4.39-r2.
(In reply to comment #11) > (In reply to comment #10) > > This support already exists in the latest ebuild via the plugdev group. > > My bluetooth.conf - freshly installed - doesn't mention the plugdev group at > all. > This is for net-wireless/bluez-4.39-r2. Read the ebuild ;-) and disable flag 'consolekit'.
