Zoom application 9.0

I am not able to use zoom, either via flatpak or rpm. Both have ‘installed successfully’ - but neither opens.

I had a hunch that this would be related to selinux, and it appears to be - problem resolved - in case it helps anyone else.

SELinux is preventing /app/extra/zoom/zoom.real from execmod access on the file /memfd:JITCode:/app/extra/zoom/libQt5Qml.so.5 (deleted).

*****  Plugin allow_execmod (53.1 confidence) suggests   *********************

If this issue occurred during normal system operation.
Then this alert could be a serious issue and your system could be compromised. Setroubleshoot examined '/memfd:JITCode:/app/extra/zoom/libQt5Qml.so.5.(deleted)' to make sure it was built correctly, but can not determine if this application has been compromised.
Do
contact your security administrator and report this issue

*****  Plugin catchall_boolean (42.6 confidence) suggests   ******************

If you want to allow selinuxuser to execmod
Then you must tell SELinux about this by enabling the 'selinuxuser_execmod' boolean.

Do
setsebool -P selinuxuser_execmod 1

*****  Plugin catchall (5.76 confidence) suggests   **************************

If you believe that zoom.real should be allowed execmod access on the libQt5Qml.so.5 (deleted) file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'zoom.real' --raw | audit2allow -M my-zoomreal
# semodule -X 300 -i my-zoomreal.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context                unconfined_u:object_r:user_tmp_t:s0
Target Objects                /memfd:JITCode:/app/extra/zoom/libQt5Qml.so.5
                              (deleted) [ file ]
Source                        zoom.real
Source Path                   /app/extra/zoom/zoom.real
Port                          <Unknown>
Host                          calixto
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-34.1.29-1.el9_0.2.noarch
Local Policy RPM              selinux-policy-targeted-34.1.29-1.el9_0.2.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     calixto
Platform                      Linux calixto 5.14.0-70.26.1.el9_0.x86_64 #1 SMP
                              PREEMPT Tue Sep 20 17:53:31 UTC 2022 x86_64 x86_64
Alert Count                   9
First Seen                    2022-10-30 13:55:14 CDT
Last Seen                     2022-10-30 14:26:43 CDT
Local ID                      f742a8a3-9b8d-46ce-9ed7-41d87976cd4d

Raw Audit Messages
type=AVC msg=audit(1667158003.411:406): avc:  denied  { execmod } for  pid=20671 comm="zoom.real" path=2F6D656D66643A4A4954436F64653A2F6170702F65787472612F7A6F6F6D2F6C6962517435516D6C2E736F2E35202864656C6574656429 dev="tmpfs" ino=7455 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file permissive=0


type=SYSCALL msg=audit(1667158003.411:406): arch=x86_64 syscall=mprotect success=no exit=EACCES a0=7fde4c0b8000 a1=2c4 a2=5 a3=0 items=0 ppid=20670 pid=20671 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=6 comm=zoom.real exe=/app/extra/zoom/zoom.real subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: zoom.real,unconfined_t,user_tmp_t,file,execmod

2 Likes