I'm on Fedora 40 and I get the following selinux errors:
```
SELinux is preventing zulip from using the execheap access on a process.
***** Plugin allow_execheap (53.1 confidence) suggests ********************
If you do not think zulip should need to map heap memory that is both writable and executable.
Then you need to report a bug. This is a potentially dangerous access.
Do
contact your security administrator and report this issue.
***** Plugin catchall_boolean (42.6 confidence) suggests ******************
If you want to allow selinuxuser to execheap
Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean.
Do
setsebool -P selinuxuser_execheap 1
***** Plugin catchall (5.76 confidence) suggests **************************
If you believe that zulip should be allowed execheap access on processes labeled unconfined_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'zulip' --raw | audit2allow -M my-zulip
# semodule -X 300 -i my-zulip.pp
Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-
s0:c0.c1023
Target Context unconfined_u:unconfined_r:unconfined_t:s0-
s0:c0.c1023
Target Objects Unknown [ process ]
Source zulip
Source Path zulip
Port
Host cfelm-pcx33660
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-40.23-1.fc40.noarch
Local Policy RPM selinux-policy-targeted-40.23-1.fc40.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name cfelm-pcx33660
Platform Linux cfelm-pcx33660 6.9.8-200.fc40.x86_64 #1 SMP
PREEMPT_DYNAMIC Fri Jul 5 16:20:11 UTC 2024
x86_64
Alert Count 15
First Seen 2024-07-12 11:32:08 CEST
Last Seen 2024-07-12 11:34:27 CEST
Local ID a8580292-d985-4e54-9e18-fb5cab54c960
Raw Audit Messages
type=AVC msg=audit(1720776867.593:420): avc: denied { execheap } for pid=3195 comm="zulip" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Hash: zulip,unconfined_t,unconfined_t,process,execheap
```
Any ideas if this is an upstream issue or a flatpak packaging issue?
I'm on Fedora 40 and I get the following selinux errors:
Any ideas if this is an upstream issue or a flatpak packaging issue?