You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm on Fedora 40 and I get the following selinux errors:
SELinux is preventing zulip from using the execheap access on a process.
***** Plugin allow_execheap (53.1 confidence) suggests ********************
If you do not think zulip should need to map heap memory that is both writable and executable.
Then you need to report a bug. This is a potentially dangerous access.
Do
contact your security administrator and report this issue.
***** Plugin catchall_boolean (42.6 confidence) suggests ******************
If you want to allow selinuxuser to execheap
Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean.
Do
setsebool -P selinuxuser_execheap 1
***** Plugin catchall (5.76 confidence) suggests **************************
If you believe that zulip should be allowed execheap access on processes labeled unconfined_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'zulip' --raw | audit2allow -M my-zulip
# semodule -X 300 -i my-zulip.pp
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-
s0:c0.c1023
Target Context unconfined_u:unconfined_r:unconfined_t:s0-
s0:c0.c1023
Target Objects Unknown [ process ]
Source zulip
Source Path zulip
Port <Unknown>
Host cfelm-pcx33660
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-40.23-1.fc40.noarch
Local Policy RPM selinux-policy-targeted-40.23-1.fc40.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name cfelm-pcx33660
Platform Linux cfelm-pcx33660 6.9.8-200.fc40.x86_64 #1 SMP
PREEMPT_DYNAMIC Fri Jul 5 16:20:11 UTC 2024
x86_64
Alert Count 15
First Seen 2024-07-12 11:32:08 CEST
Last Seen 2024-07-12 11:34:27 CEST
Local ID a8580292-d985-4e54-9e18-fb5cab54c960
Raw Audit Messages
type=AVC msg=audit(1720776867.593:420): avc: denied { execheap } for pid=3195 comm="zulip" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Hash: zulip,unconfined_t,unconfined_t,process,execheap
Any ideas if this is an upstream issue or a flatpak packaging issue?
The text was updated successfully, but these errors were encountered:
I'm on Fedora 40 and I get the following selinux errors:
Any ideas if this is an upstream issue or a flatpak packaging issue?
The text was updated successfully, but these errors were encountered: