Thanks again Herbert,
Den 30. aug. 2016 15:06, skrev Herbert Poetzl:
> On Tue, Aug 30, 2016 at 02:51:02PM +0200, Tor Rune Skoglund wrote:
>> Den 30. aug. 2016 12:19, skrev Herbert Poetzl:
>>> On Tue, Aug 30, 2016 at 11:01:39AM +0200, Tor Rune Skoglund wrote:
>>>> any suggestion on the best way to let a guest address and
>>>> fully acontrol specified bluetooth device?
>
>>> You probably need to modify the kernel to allow this in
>>> a safe way.
>
>>>> It seems like hcitool creates a socket, and when it tries
>>>> to write to it, it fails - as expected. (The relevant part
>>>> of strace is below.)
>
>>> A raw socket with a bluetooth protocol filter.
>
>>>> In other cases where we need hardware access to a device
>>>> from a guest, we have just created the corresponding device
>>>> node inside the guest, but I cannot see that the "raw"
>>>> bluetooth device is present as a device node in /dev ... (?)
>
>>> Bluetooth, like IRDA or CAN is very similar to 'normal'
>>> networking, so it comes with all the problems associated
>>> with 'assigning' a 'networking' device to a guest ...
>
>>>> (I'm no expert on this, so I am sure that I miss some-
>>>> thing.... ;)
>
>>>> Any pointers before I start RTFM ? ;)
>
>>> To be honest, I haven't even tried to do something like
>>> this before, and I haven't heard of anybody who did it
>>> either, so mostly undiscovered country I guess ...
>
>> OK, thanks Herbert.
>
>> In this current case, we are controlling both the guest and the
>> host, so are there any capabilities or any other cheap "hack"
>> we could do to make a guest "bluetooth-enabled"?
>
> First I would try giving the guest the NET_RAW capability,
> if that isn't enough, maybe NET_ADMIN will help, but neither
> is limited to bluetooth.
To conclude on this, adding NET_RAW cap before doing "strace hciconfig
hci0 up" got me to:
socket(PF_BLUETOOTH, SOCK_RAW, 1) = 3
ioctl(3, 0x800448d3, 0x80077e20) = 0
ioctl(3, 0x400448c9, 0) = -1 EPERM (Operation not permitted)
while adding NET_ADMIN worked all the way. Case closed for now.
BR,
Tor Rune Skoglund, trs@swi.no
>>>> socket(PF_BLUETOOTH, SOCK_RAW|SOCK_CLOEXEC, 1) = 3
>>>> ioctl(3, 0x800448d3, 0xbff1f650) = 0
>>>> close(3) = 0
>>>> socket(PF_BLUETOOTH, SOCK_RAW|SOCK_CLOEXEC, 1) = 3
>>>> ioctl(3, 0x800448d3, 0xbff1f690) = 0
>>>> close(3) = 0
>>>> socket(PF_BLUETOOTH, SOCK_RAW|SOCK_CLOEXEC, 1) = 3
>>>> bind(3, {sa_family=AF_BLUETOOTH,
>>>> sa_data="\0\0\0\0\0U\206\323\0\fm\267&\247"}, 6) = 0
>>>> setsockopt(3, SOL_IP, IP_TTL,
>>>> "\20\0\0\0\377\377\377\377\377\377\377\377\0\0\0\0", 16) = 0
>>>> fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
>>>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>>>> 0) = 0xb771f000
>>>> write(1, "< HCI Command: ogf 0x08, ocf 0x0"..., 44< HCI Command: ogf
>>>> 0x08, ocf 0x000a, plen 1
>>>> ) = 44
>>>> write(1, " 01 \n", 6 01
>>>> ) = 6
>>>> writev(3, [{"\1", 1}, {"\n \1", 3}, {"\1", 1}], 3) = -1 EPERM (Operation
>>>> not permitted)
>>>> dup(2) = 4
>>>> fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR)
>>>> brk(0) = 0x80039000
>>>> brk(0x8005a000) = 0x8005a000
>>>> fstat64(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
>>>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>>>> 0) = 0xb771e000
>>>> write(4, "Send failed: Operation not permi"..., 37Send failed: Operation
>>>> not permitted
>>>> ) = 37
Received on Fri Sep 2 09:55:33 2016