Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1142461ybl; Wed, 8 Jan 2020 11:46:58 -0800 (PST) X-Google-Smtp-Source: APXvYqw+uW10IAotdHUAj1GfXZB2n+/aeOQUFU5wDBYePX376acjdBlf7OGIliv7jgw7CMMp0Urw X-Received: by 2002:aca:4b46:: with SMTP id y67mr188370oia.121.1578512818357; Wed, 08 Jan 2020 11:46:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578512818; cv=none; d=google.com; s=arc-20160816; b=i7a8WiIkMTUHqdfLdiG5HlYe79bgRa+mwrpUPGr/7O7QDOe3zYzm/jt8BugETK+aXf E2EVtwkn9auYAipAeS7rBbcNKXOv0m/lN8PkyP1Zks2u8aIMK7rU5KCCDff88DC0IErf 0cydQNkmMF8SItDZo4p6Sc7x1EF03YftpZ0MfoWeR65QtTkyAVdRZv+3YB047M764N76 hF8EG3ecOdxyCHatUHaehCygriYk57o1fyyiAAgXcn4Y2uAYVv66r7tHDMlW2N5kpRkJ LuSvNGitT5ExLEleBXMAxvCACe96MCdYUsMZuYRFomrbUzEXCum1TJwGyVKQ3huJ15mA rrGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=YEDDBw2JdxDxTJpu/5+uRjl92iCg15NYbAU4Ncny4yI=; b=sVv25/MJKKpeWzaj1PhQZSidsWwqvY+ihF7SYYK8n6Yvru7Vmnj+8yHI87uqgWKLAi B+JoC9wKtATzSND3NKtIRu8yI1pysA2wX+FjdjA8PmyI2AnqWjYl3H1hdtelYraJOVVw B0lPT54iDM/hCSp4yXHet9BLsf9j5EpthcWXTI2t3KMiGvX3vsrPon3HChMisj9cBhfh Z4Qinw4X6u7xNHXD3nQOuCHw/LFL6clxnaO805/b+fA+iQQ94J12smyKbzexWIdr8ejI NcPnB9gh3OIXYnBvFwgSCkqh2LnOAAHQ45PEqH2swPMU+JRjLuKTiBirURut+4SOfr1+ Q2Ew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=CTbDD0iR; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e13si2377109otp.164.2020.01.08.11.46.46; Wed, 08 Jan 2020 11:46:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=CTbDD0iR; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727763AbgAHSnL (ORCPT + 99 others); Wed, 8 Jan 2020 13:43:11 -0500 Received: from mail-oi1-f173.google.com ([209.85.167.173]:33936 "EHLO mail-oi1-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726254AbgAHSnL (ORCPT ); Wed, 8 Jan 2020 13:43:11 -0500 Received: by mail-oi1-f173.google.com with SMTP id l136so3575539oig.1 for ; Wed, 08 Jan 2020 10:43:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YEDDBw2JdxDxTJpu/5+uRjl92iCg15NYbAU4Ncny4yI=; b=CTbDD0iR13hdmEfRKBcz8srFK+n3McbUmw6HOkQk4cccU/rUxVygcZhtErfxZq1MHO /KIBVtb10C8UpWk14MDfbObc1kkd5Gq3ITbxI8YBMyLwBn8tvORa4aJc2YhNFlZfQSN+ KAQwi+SvYMcIBHI2xaJZDVPTcKhn2/6Eif0jNvkTt1Rk1toSG/JTAZE3+ZxpfxVbpMpx 0RQ9PwalcVAi9u8WPdgj7zDBYMdqU6UIrT9sUBPcPUOKlVmofYWi7roNX7GuWdvJV6QM a8aMQF3EWg7yuHUYCG+k59WqKaJf6d8pZgtoEXgGMcA2pheuQj6O2O9RvNmlt0IKYDnj wHAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YEDDBw2JdxDxTJpu/5+uRjl92iCg15NYbAU4Ncny4yI=; b=b+OTX5moyXvNSGuHE8JivpiRZ9m31IWWOk/gJNYFHPYU/aa8jz9VjwB16xeikvTeA8 gDgieSqN2Hk+zZSgjP0eoyxroy8FM9B6ivIxjjsGWU9m5KLgA+JXfiV8gbfGLEfDZLSb HPIVNPOM2fJlnVrptuK0zWdbj4CO3QCZJJ1yPDLyh0EejZGDPmQQ7NQ32lTdCJ1Oj44a VK+cP3VFHqSr7e/loUs7B/2HQf4YI8HHyqaQAqx6Vnv2YZKVqjl9cCHu8hfSuQL7rKeU PimIeQ8lvP86iStAmyOb0UmEkZBjVjz5Wyv4rIQhI85+lwsxq4O6EGdFdO1MfQFoNFkw +rDw== X-Gm-Message-State: APjAAAUoaEef6E4qPDmLnM/eB5XS3PSpHgqXsoLkGdY2JDRA9hORwmKd mk2gLHTetUO4HJJa4JVnSayDRTVD02K/l/oJdtvHRcw5g+A= X-Received: by 2002:aca:b1d5:: with SMTP id a204mr14263oif.82.1578508990161; Wed, 08 Jan 2020 10:43:10 -0800 (PST) MIME-Version: 1.0 References: <85C0B54E4752CA4F873E7C78CF0B26F5020662DB2C@LNDWSMBX02.ad.mpc.local> In-Reply-To: <85C0B54E4752CA4F873E7C78CF0B26F5020662DB2C@LNDWSMBX02.ad.mpc.local> From: Luiz Augusto von Dentz Date: Wed, 8 Jan 2020 10:42:57 -0800 Message-ID: Subject: Re: Limiting what devices can pair over Bluetooth? To: James Pearson Cc: "linux-bluetooth@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi James, On Wed, Jan 8, 2020 at 3:47 AM James Pearson wrote: > > We don't normally enable Bluetooth on Linux (CentOS 7) installs for security reasons, but we have a case where we would like to use a Wacom tablet over Bluetooth > > I would like to be able to configure things so Bluetooth can _only_ be used to pair with Wacom tablets (or just HID devices?) > > As I never used Bluetooth in anger before, I'm struggling to find out where to start looking - does anyone know how to do this - or any pointers for where I should start looking? Are you asking this from the system or user perspective, from the system we don't have a configuration where you can restrict the types of devices that the user can pair, on the other hand there is nothing stopping the user interface (gnome, kde, etc) to implement such policy on their bluetooth settings, though be aware targeting a subset of HID devices may not be possible. -- Luiz Augusto von Dentz