Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1017988: bluez: systemd: ConfigurationDirectory 'bluetooth' already exists but the mode is different
2,321 views
Skip to first unread message
Kevin Locke
Aug 23, 2022, 1:10:04 PM8/23/22
to
Package: bluez
Version: 5.65-1
Severity: minor
Dear Maintainer,
With bluez 5.65-1 and systemd 251.3-1, the following message is logged
on boot:
systemd[1234]: ConfigurationDirectory 'bluetooth' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 555)
My understanding is that this occurs because bluez creates the
/etc/bluetooth directory with mode 0755, yet
/lib/systemd/system/bluetooth.service contains
[Service]
ConfigurationDirectory=bluetooth
ConfigurationDirectoryMode=0555
Creating /etc/bluetooth with mode 0555 or setting
ConfigurationDirectoryMode to 0755 should resolve the warning.
Thanks,
Kevin
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (990, 'testing-debug'), (990, 'testing'), (500, 'unstable-debug'), (500, 'stable-debug'), (500, 'unstable'), (101, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-rc2 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages bluez depends on:
ii dbus [default-dbus-system-bus] 1.14.0-2
ii init-system-helpers 1.64
ii kmod 30+20220630-3
ii libasound2 1.2.7.2-1
ii libc6 2.34-4
ii libdbus-1-3 1.14.0-2
ii libdw1 0.187-1
ii libglib2.0-0 2.72.3-1+b1
ii libreadline8 8.1.2-1.2
ii libudev1 251.3-1
ii lsb-base 11.2
ii udev 251.3-1
bluez recommends no packages.
Versions of packages bluez suggests:
pn pulseaudio-module-bluetooth <none>
-- no debconf information
Version: 5.65-1
Severity: minor
Dear Maintainer,
With bluez 5.65-1 and systemd 251.3-1, the following message is logged
on boot:
systemd[1234]: ConfigurationDirectory 'bluetooth' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 555)
My understanding is that this occurs because bluez creates the
/etc/bluetooth directory with mode 0755, yet
/lib/systemd/system/bluetooth.service contains
[Service]
ConfigurationDirectory=bluetooth
ConfigurationDirectoryMode=0555
Creating /etc/bluetooth with mode 0555 or setting
ConfigurationDirectoryMode to 0755 should resolve the warning.
Thanks,
Kevin
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (990, 'testing-debug'), (990, 'testing'), (500, 'unstable-debug'), (500, 'stable-debug'), (500, 'unstable'), (101, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-rc2 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages bluez depends on:
ii dbus [default-dbus-system-bus] 1.14.0-2
ii init-system-helpers 1.64
ii kmod 30+20220630-3
ii libasound2 1.2.7.2-1
ii libc6 2.34-4
ii libdbus-1-3 1.14.0-2
ii libdw1 0.187-1
ii libglib2.0-0 2.72.3-1+b1
ii libreadline8 8.1.2-1.2
ii libudev1 251.3-1
ii lsb-base 11.2
ii udev 251.3-1
bluez recommends no packages.
Versions of packages bluez suggests:
pn pulseaudio-module-bluetooth <none>
-- no debconf information
Al Ma
Jul 28, 2023, 8:10:05 PM7/28/23
to
severity 1017988 normal
found 1017988 5.66-1
thanks
Raising severity as this warning concerns more than one user. My journal has this:
Jul 29 00:10:33 AnonymizedMachineName kernel: Bluetooth: hci0: BCM: firmware Patch file not found, tried:
Jul 29 00:10:33 AnonymizedMachineName kernel: Bluetooth: hci0: BCM: 'brcm/BCM20702A1-413c-8197.hcd'
Jul 29 00:10:33 AnonymizedMachineName kernel: Bluetooth: hci0: BCM: 'brcm/BCM-413c-8197.hcd'
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Starting accounts-daemon.service - Accounts Service...
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Started acpi-fakekey.service - ACPI fakekey daemon.
Jul 29 00:10:33 AnonymizedMachineName kernel: ACPI: AC: AC Adapter [AC] (off-line)
Jul 29 00:10:33 AnonymizedMachineName kernel: input: ACPI Virtual Keyboard Device as /devices/virtual/input/input23
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Started acpi-support.service - ACPI support daemon.
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Started acpid.service - ACPI event daemon.
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: anacron.service - Run anacron jobs was skipped because of an unmet condition check (ConditionACPower=true).
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Starting avahi-daemon.service - Avahi mDNS/DNS-SD Stack...
Jul 29 00:10:33 AnonymizedMachineName systemd[1]: Starting bluetooth.service - Bluetooth service...
Jul 29 00:10:33 AnonymizedMachineName (uetoothd)[713]: ConfigurationDirectory 'bluetooth' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 555)
Let's take a look at various bluetooth-related directories:
# find / -type d -iname \*blue\* -exec ls -lad {} \;
…
find: ‘/run/user/1000/doc’: Keine Berechtigung
find: ‘/run/user/1000/gvfs’: Keine Berechtigung
drw------- 2 root root 40 29. Jul 00:10 /run/systemd/propagate/bluetooth.service
drwx------ 3 root root 4096 3. Okt 2012 /var/lib/bluetooth
drwxr-xr-x 2 root root 4096 27. Apr 2015 /var/lib/systemd/deb-systemd-helper-enabled/bluetooth.target.wants
drwx------ 3 root root 4096 29. Jul 00:10 /var/tmp/systemd-private-1b81fdf5b8874508bc9eae082c60fc15-bluetooth.service-HCJpfF
drwxr-xr-x 2 root root 4096 13. Jul 16:43 /etc/bluetooth
drwxr-xr-x 2 root root 4096 27. Apr 2015 /etc/systemd/system/bluetooth.target.wants
…
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/libexec/bluetooth
drwxr-xr-x 3 root root 4096 28. Apr 2015 /usr/lib/x86_64-linux-gnu/bluetooth
drwxr-xr-x 2 root root 4096 13. Jul 22:54 /usr/lib/x86_64-linux-gnu/spa-0.2/bluez5
drwxr-xr-x 2 root root 4096 14. Jul 03:08 /usr/lib/x86_64-linux-gnu/qt5/qml/org/kde/bluezqt
drwxr-xr-x 6 root root 4096 22. Jul 17:25 /usr/lib/modules/6.1.0-10-amd64/kernel/net/bluetooth
drwxr-xr-x 2 root root 4096 22. Jul 17:25 /usr/lib/modules/6.1.0-10-amd64/kernel/drivers/bluetooth
drwxr-xr-x 2 root root 4096 13. Jul 22:44 /usr/share/wireplumber/bluetooth.lua.d
…
drwxr-xr-x 2 root root 4096 13. Jul 22:44 /usr/share/doc/gir1.2-gnomebluetooth-3.0
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/bluez-cups
drwxr-xr-x 2 root root 4096 14. Jul 03:08 /usr/share/doc/libkf5bluezqt-data
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/bluez-obexd
drwxr-xr-x 2 root root 4096 13. Jul 22:54 /usr/share/doc/libspa-0.2-bluetooth
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/bluetooth
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/libbluetooth3
drwxr-xr-x 2 root root 4096 13. Jul 22:44 /usr/share/doc/libgnome-bluetooth-ui-3.0-13
drwxr-xr-x 2 root root 4096 14. Jul 03:08 /usr/share/doc/libkf5bluezqt6
drwxr-xr-x 2 root root 4096 13. Jul 16:42 /usr/share/doc/bluez
drwxr-xr-x 2 root root 4096 13. Jul 22:39 /usr/share/doc/libgnome-bluetooth-3.0-13
…
drwxr-xr-x 2 root root 4096 13. Jul 22:39 /usr/share/doc/gnome-bluetooth-3-common
drwxr-xr-x 2 root root 4096 13. Jul 22:44 /usr/share/doc/gnome-bluetooth-sendto
drwxr-xr-x 2 root root 4096 14. Jul 03:08 /usr/share/doc/qml-module-org-kde-bluezqt
drwxr-xr-x 2 root root 4096 13. Jul 22:54 /usr/share/spa-0.2/bluez5
drwxr-xr-x 2 root root 4096 13. Jul 22:39 /usr/share/gnome-bluetooth-3.0
drwx------ 3 root root 60 29. Jul 00:10 /tmp/systemd-private-1b81fdf5b8874508bc9eae082c60fc15-bluetooth.service-Y0ZhEd
drwxr-xr-x 3 root root 0 29. Jul 00:10 /sys/kernel/debug/bluetooth
drwxr-xr-x 2 root root 0 29. Jul 00:10 /sys/class/bluetooth
drwxr-xr-x 3 root root 0 29. Jul 00:10 /sys/devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.4/3-1.4:1.0/bluetooth
drwxr-xr-x 2 root root 0 29. Jul 00:10 /sys/fs/cgroup/system.slice/bluetooth.service
drwxr-xr-x 6 root root 0 29. Jul 00:10 /sys/module/bluetooth
These are many directories. Running
# find / -type d -iname \*blue\* -exec dpkg -S {} \;
yields /etc/bluetooth, /usr/libexec/bluetooth, /usr/lib/x86_64-linux-gnu/bluetooth, /usr/share/doc/bluez as belonging to the package bluez, so (regardless of which permissions of which directories should be set differently, why, and how) the warning better be more specific and provide the full path to the directory, whichever it might be. (“Configuration” hints to /etc/…, but you never know ….)
As for ConfigurationDirectoryMode, the machine in question on has the following in /usr/lib/systemd/system/bluetooth.service:
[Unit]
Description=Bluetooth service
Documentation=man:bluetoothd(8)
ConditionPathIsDirectory=/sys/class/bluetooth
[Service]
Type=dbus
BusName=org.bluez
ExecStart=/usr/libexec/bluetooth/bluetoothd
NotifyAccess=main
#WatchdogSec=10
#Restart=on-failure
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
LimitNPROC=1
# Filesystem lockdown
ProtectHome=true
ProtectSystem=strict
PrivateTmp=true
ProtectKernelTunables=true
ProtectControlGroups=true
StateDirectory=bluetooth
StateDirectoryMode=0700
ConfigurationDirectory=bluetooth
ConfigurationDirectoryMode=0555
# Execute Mappings
MemoryDenyWriteExecute=true
# Privilege escalation
NoNewPrivileges=true
# Real-time
RestrictRealtime=true
[Install]
WantedBy=bluetooth.target
Alias=dbus-org.bluez.service
Now, a warning should warn the user or at least the admin. I admit, I feel warned. In plain English, what is it that could/should make me unhappy? What kind of havoc might occur to me, and how to avoid it?
Gratefully,
AlMa
Max Nikulin
Jan 2, 2024, 1:10:04 AM1/2/24
to
Control: tag -1 upstream
Control: forwarded -1 https://github.com/bluez/bluez/issues/414
On Tue, 23 Aug 2022 10:56:27 -0600 Kevin Locke wrote:
>
> systemd[1234]: ConfigurationDirectory 'bluetooth' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 555)
[...]
> [Service]
> ConfigurationDirectory=bluetooth
> ConfigurationDirectoryMode=0555
These lines were added to fix
<https://github.com/bluez/bluez/issues/329>
"systemd failed to set up mount namespacing for /var/lib/bluetooth"
and it seems the intention was to have the `/etc/bluetooth` directory
read-only. Actually the effect is the opposite. `ProtectSystem=strict`
causes `/` being mounted read-only and `ConfigurationDirectory` causes
`/etc/` mounted as writable.
So the extra directives decrease degree of protection against various
potential vulnerabilities in bluetoothd. Otherwise the reported warning
may be considered harmless.
As a workaround you may create the following configuration drop-in file
/etc/systemd/system/bluetooth.service.d/disable-configuration-directory.conf
---- 8< ----
[Service]
ConfigurationDirectory=
ConfigurationDirectoryMode=
---- >8 ----
To apply updated configuration run
systemctl daemon-reload
systemctl restart bluetooth.service
Control: forwarded -1 https://github.com/bluez/bluez/issues/414
On Tue, 23 Aug 2022 10:56:27 -0600 Kevin Locke wrote:
>
> systemd[1234]: ConfigurationDirectory 'bluetooth' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 555)
> [Service]
> ConfigurationDirectory=bluetooth
> ConfigurationDirectoryMode=0555
These lines were added to fix
<https://github.com/bluez/bluez/issues/329>
"systemd failed to set up mount namespacing for /var/lib/bluetooth"
and it seems the intention was to have the `/etc/bluetooth` directory
read-only. Actually the effect is the opposite. `ProtectSystem=strict`
causes `/` being mounted read-only and `ConfigurationDirectory` causes
`/etc/` mounted as writable.
So the extra directives decrease degree of protection against various
potential vulnerabilities in bluetoothd. Otherwise the reported warning
may be considered harmless.
As a workaround you may create the following configuration drop-in file
/etc/systemd/system/bluetooth.service.d/disable-configuration-directory.conf
---- 8< ----
[Service]
ConfigurationDirectory=
ConfigurationDirectoryMode=
---- >8 ----
To apply updated configuration run
systemctl daemon-reload
systemctl restart bluetooth.service
0 new messages