Closed davior closed 2 weeks ago
Are vscode or flatpak's vscode doing the same? Are you tried to disable the 3rd party extensions and try to replicate the behaviour? When you create an issue report, it is also a good practice to include distro and flatpak version as minimum.
I search for similar problems from vscode, and I found this https://www.reddit.com/r/Fedora/comments/1ac5ibg/selinux_is_preventing_code_from_using_the/
Are vscode or flatpak's vscode doing the same? Are you tried to disable the 3rd party extensions and try to replicate the behaviour? When you create an issue report, it is also a good practice to include distro and flatpak version as minimum.
I search for similar problems from vscode, and I found this https://www.reddit.com/r/Fedora/comments/1ac5ibg/selinux_is_preventing_code_from_using_the/
I apologize for the lack of details..
I have not tried disabling plugins.. It does look like the issue you listed..
I do not run vscode so I am unsure if it is happening there also.
My distro is: Linux fedora 6.8.11-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Mon May 27 14:53:33 UTC 2024 x86_64 GNU/Linux
With Flatpak 1.15.8
I will attempt to replicate the issue without plugins to see if it makes any difference.
Thanks
I'm running F39 with kernel Linux ranko 6.8.10-200.fc39.x86_64
and don't report any problem.
But I created a vm with F40 kernel Linux fedora 6.8.11-300.fc40.x86_64
and report the same problem that you mention.
Seems a SELinux bug to me
The only workaround until the fix comes to upstream will run as root this:
# Create the exception rule and build a compiled module
ausearch -c codium -m AVC | audit2allow -a -M custom_flatpak_vscodium
# apply the rule
semodule -i custom_flatpak_vscodium.pp
# if you want to remove the rule run this
semodule -r custom_flatpak_vscodium
Seems a SELinux bug to me
From the reddit, it seems like a bug. VSCode has also the same issue. Also, since those are IDEs, they usually ask for more secure rights/privileges than typical applications, it's where the new SELinux is throwing his hat.
Thanks for your help @noonsleeper. I think I'll continue to run without the exception as I would prefer to be informed when this exception occurs (in-case it's for real at some stage) and it doesn't appear to be happening that often.
Thanks again for your help šš½
I will close this, since is already addressed and is an external bug, If you have another problem don't hesitate and open a new issue =)
It's funny that this appears to be happening with wine and MOSTLY Chromium related products.. VS Code uses Chromium, VSCodium uses Chromium. Discord uses Chromium, Valve Software and Proton all use Chromium and Wine, well it's MS. It appears to be a common thread....
I really doubt it is the redhat or fedora base... Unless it's a policy based issue...
More Info defined here ---> https://discussion.fedoraproject.org/t/selinux-execheap-denials/120638/24 AND here ---> https://github.com/ValveSoftware/Proton/issues/7285
Unless it's a policy based issue...
It is a policy issue, indeed
Hi y'all.
As @davior said, I've also experienced this same issue across some other Chromium/Electron based apps; like Zettlr or Discord which sometimes crashes but otherwise opens, although other Chromium apps such as Brave don't have this issue for some reason. I am using Fedora 40 KDE at the moment with the apps mentioned running as Flatpaks, though I doubt the apps being Flatpaks are the issue.
Somebody has also reported this issue to the Red Hat Bugzilla recently (https://bugzilla.redhat.com/show_bug.cgi?id=2294708), however they have marked it as "not a bug". So perhaps it's an issue with Chromium after all?
I've also noticed that I've been having more of these issues ever since I've upgraded my kernel to 6.9.4. Updating to the most recent selinux-policy didn't help either.
Why would would Codium be attempting to access the heap on my machine?
DETAILS: