cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

On Red Hat Enterprise Linux 9.2, Zoom persistently generates SELinux warnings

zoliky
Listener

‎2023-05-17 06:44 AM - edited ‎2023-05-17 06:54 AM

I have been using the most recent version of Zoom, specifically version 5.14.5.2430, on Red Hat Enterprise Linux 9.2. However, upon launching the software, I encounter a persistent issue with SELinux Warnings. Surprisingly, this problem persists on AlmaLinux 9.2 as well, which is also a RHEL-based system. It's important to note that this issue does not manifest on Fedora 37 Workstation. 

 

 

SELinux is preventing /app/extra/zoom/zoom.real from execmod access on the file /memfd:JIT>
                                                             
*****  Plugin catchall_boolean (89.3 confidence) suggests   ******************
If you want to allow selinuxuser to execmod
Then you must tell SELinux about this by enabling the 'selinuxuser_execmod' boolean.
                                                             
Do
setsebool -P selinuxuser_execmod 1
                                                             
*****  Plugin catchall (11.6 confidence) suggests   **************************
                                                             
If you believe that zoom.real should be allowed execmod access on the memfd:JITCode:QtQml >
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do allow this access for now by executing:
# ausearch -c 'zoom.real' --raw | audit2allow -M my-zoomreal
# semodule -X 300 -i my-zoomreal.pp

 

 

 

 

No matter whether I install Zoom via Flatpak or the RPM package available on the official Zoom website, I consistently encounter the same warning.

 

After reaching out to Red Hat regarding the SELinux warnings issue on Zoom, they informed me that it is not their responsibility and suggested that I should contact Zoom for further assistance.

1 REPLY 1

crispee
Listener

‎2023-09-18 07:38 AM

You could get around this for now by using the suggested course of action (the catchall), may not be the best options but it beats disabling selinux:

sudo /usr/sbin/setsebool -P selinuxuser_execmod 1

It looks like RHEL 9.x sets this boolean to 0 by deafult. I just checked and RHEL 8.x has this set to 1 by default, so this is likely the reason you/we are seeing the flood of denial messages. If you are still hesitant you could avoid the -P and set the boolean temporarily while running zoom, then set it back to 0 after you're done, or script it into the startup of zoom 🙂

Cheers!

0 Likes