[BlueZ,2/2] obexd: only run one instance at once

Obex is a device-oriented protocol, so only one instance can run per device.
But Linux file security is user-oriented, so obexd should be a user service.
Tell systemd to only run this service for the first non-system user to log in.

Without this patch, errors like the following will occur if you
use the "switch account" feature of your desktop environment,
then log in with another account:

Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001133-0000-1000-8000-00805f9b34fb which is already registered
Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001132-0000-1000-8000-00805f9b34fb which is already registered
Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 0000112f-0000-1000-8000-00805f9b34fb which is already registered
Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001104-0000-1000-8000-00805f9b34fb which is already registered
Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001106-0000-1000-8000-00805f9b34fb which is already registered
Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00001105-0000-1000-8000-00805f9b34fb which is already registered
Mar 26 15:20:38 andrews-2024-laptop bluetoothd[873]: src/profile.c:register_profile() :1.2016 tried to register 00005005-0000-1000-8000-0002ee000001 which is already registered
Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered
Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered
Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered
Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered
Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered
Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered
Mar 26 15:20:38 andrews-2024-laptop obexd[1795560]: bluetooth: RequestProfile error: org.bluez.Error.NotPermitted, UUID already registered

The above errors indicate the service completely failed to register, so this
does not change the user experience beyond removing the above messages.
Specifically, the first user who logs in to a multi-user system still retains
obex access to devices paired by users who log in later.

This is based on a pair of recent changes to the FluidSynth daemon:

https://github.com/FluidSynth/fluidsynth/pull/1491
https://github.com/FluidSynth/fluidsynth/pull/1528

This was discussed in the comments for a GitHub advisory available at
https://github.com/bluez/bluez/security/advisories/GHSA-fpgq-25xf-jcwv
but comments are not shown in the published version of the advisory.
To summarise the useful conversation with Luiz Augusto von Dentz:

Obex requires access to the user's home directory, so an attacker can only
transfer files between locations the user controls.  That may be a problem
if the user who runs obexd is different to the user who paired the device,
but solving that would involve pairing per-user, which causes other problems.
Bluetooth connections can be initiated by peripherals, so switching user could
trigger re-pairing and cause the original user to lose access to the device.
This may seem reasonable for file access, but for example users would likely
object to constantly re-pairing their Bluetooth keyboard.

Signed-off-by: Andrew Sayers <kernel.org@pileofstuff.org>
---
 obexd/src/obex.service.in | 6 ++++++
 tools/bluez.tmpfiles.in   | 1 +
 2 files changed, 7 insertions(+)

Message ID	20250416152039.971257-3-kernel.org@pileofstuff.org
State	New
Headers	show Received: from alt2.a-painless.mh.aa.net.uk (alt2.a-painless.mh.aa.net.uk [81.187.30.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1717207E1D for <linux-bluetooth@vger.kernel.org>; Wed, 16 Apr 2025 15:20:56 +0000 (UTC) From: Andrew Sayers <kernel.org@pileofstuff.org> To: linux-bluetooth@vger.kernel.org Cc: Andrew Sayers <kernel.org@pileofstuff.org> Subject: [PATCH BlueZ 2/2] obexd: only run one instance at once Date: Wed, 16 Apr 2025 16:19:36 +0100 Message-ID: <20250416152039.971257-3-kernel.org@pileofstuff.org> In-Reply-To: <20250416152039.971257-1-kernel.org@pileofstuff.org> References: <20250416152039.971257-1-kernel.org@pileofstuff.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	obexd: only run one instance at once \| expand [BlueZ,0/2] obexd: only run one instance at once [BlueZ,1/2] build: add bluez.tmpfiles [BlueZ,2/2] obexd: only run one instance at once

[BlueZ,2/2] obexd: only run one instance at once

Commit Message

Patch