I am not able to use zoom, either via flatpak or rpm. Both have ‘installed successfully’ - but neither opens.
I had a hunch that this would be related to selinux, and it appears to be - problem resolved - in case it helps anyone else.
SELinux is preventing /app/extra/zoom/zoom.real from execmod access on the file /memfd:JITCode:/app/extra/zoom/libQt5Qml.so.5 (deleted).
***** Plugin allow_execmod (53.1 confidence) suggests *********************
If this issue occurred during normal system operation.
Then this alert could be a serious issue and your system could be compromised. Setroubleshoot examined '/memfd:JITCode:/app/extra/zoom/libQt5Qml.so.5.(deleted)' to make sure it was built correctly, but can not determine if this application has been compromised.
Do
contact your security administrator and report this issue
***** Plugin catchall_boolean (42.6 confidence) suggests ******************
If you want to allow selinuxuser to execmod
Then you must tell SELinux about this by enabling the 'selinuxuser_execmod' boolean.
Do
setsebool -P selinuxuser_execmod 1
***** Plugin catchall (5.76 confidence) suggests **************************
If you believe that zoom.real should be allowed execmod access on the libQt5Qml.so.5 (deleted) file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'zoom.real' --raw | audit2allow -M my-zoomreal
# semodule -X 300 -i my-zoomreal.pp
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Context unconfined_u:object_r:user_tmp_t:s0
Target Objects /memfd:JITCode:/app/extra/zoom/libQt5Qml.so.5
(deleted) [ file ]
Source zoom.real
Source Path /app/extra/zoom/zoom.real
Port <Unknown>
Host calixto
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-34.1.29-1.el9_0.2.noarch
Local Policy RPM selinux-policy-targeted-34.1.29-1.el9_0.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name calixto
Platform Linux calixto 5.14.0-70.26.1.el9_0.x86_64 #1 SMP
PREEMPT Tue Sep 20 17:53:31 UTC 2022 x86_64 x86_64
Alert Count 9
First Seen 2022-10-30 13:55:14 CDT
Last Seen 2022-10-30 14:26:43 CDT
Local ID f742a8a3-9b8d-46ce-9ed7-41d87976cd4d
Raw Audit Messages
type=AVC msg=audit(1667158003.411:406): avc: denied { execmod } for pid=20671 comm="zoom.real" path=2F6D656D66643A4A4954436F64653A2F6170702F65787472612F7A6F6F6D2F6C6962517435516D6C2E736F2E35202864656C6574656429 dev="tmpfs" ino=7455 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1667158003.411:406): arch=x86_64 syscall=mprotect success=no exit=EACCES a0=7fde4c0b8000 a1=2c4 a2=5 a3=0 items=0 ppid=20670 pid=20671 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=6 comm=zoom.real exe=/app/extra/zoom/zoom.real subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Hash: zoom.real,unconfined_t,user_tmp_t,file,execmod