On 14/01/2020 10:27, James Pearson wrote:
Gordon Messmer wrote:
On 1/13/20 2:26 AM, James Pearson wrote:
Which is a pity, as it's either an all or nothing with Bluetooth, which means we can't use Bluetooth for Wacom tablets without opening up access to file transfer over Bluetooth as well ...
What is the threat you're trying to mitigate, specifically? I don't see how pairing a tablet would allow file transfers. An unauthorized device can't unilaterally pair with your system.
If you enable Bluetooth on a workstation (by starting the 'bluetooth' service), then a normal user on the workstation can (for example) transfer files to/from a mobile phone - which is something we don't allow
Users don't have to have any special perms to do this - users can pair with any Bluetooth devices they want
i.e. it isn't possible to control what a user can and can't do with Bluetooth - so it isn't possible to allow pairing with just particular (or classes of) Bluetooth devices
Is it possible to control behaviour with udev rules?