fabianjarrett-ncc
commented
9 months ago Same for me. It will freeze the whole time it's enabled but will work as soon as I disable the blur again.
Open hadim opened 10 months ago
fabianjarrett-ncc
commented
9 months ago Same for me. It will freeze the whole time it's enabled but will work as soon as I disable the blur again.
manuschneider
commented
8 months ago Same problem here. Since this is very important for working from home, I would appreciate it if this could be fixed. I had the problem before, and installing zoom by hand (downloaded from the zoom website, not via this snap) was the only solution. This still works, but then I cannot share my desktop, which is also very important for me. I would prefer to use the snap therefore.
Some technical information (in case it matters): Ubuntu: 22.04.3 LTS Windowing system: X11 Zoom: 5.16.6 (382) CPU: 12th Gen Intel Core i7-1260P GPU: NVIDIA Corporation / Mesa Intel Graphics (ADL GT2)
dfranklin-at-bg
commented
4 months ago Still an issue.
rolandd
commented
3 months ago I managed to get this working on my system, but I'm not sure what the snap-approved solution is given what I found. I needed to do two things (found based on looking at audit logs while trying to turn on background blur; it seems zoom spawns an external helper to do the blur, and snap confinement breaks the way the main zoom thread communicates with this helper):
First, based on audit lines like:
[187707.108641] audit: type=1400 audit(1710440232.206:1252): apparmor="DENIED" operation="mknod" class="file" profile="snap.zoom-client.zoom-client" name="/dev/shm/aomshm.337bce.0" pid=3374030 comm="vda_thread" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000I updated the apparmor profile to add:
/{dev,run}/shm/aomshm.* rw,
/{dev,run}/shm/sem.* rwl,That still wasn't enough; I saw audit messages for POSIX mq system calls (240, 241, etc on x86-64) being blocked, so I updated the seccomp bpf file with:
mq_open
mq_unlink
mq_getsetattr
mq_timedsend
mq_timedreceiveWith those two changes I now have background blur working again on my Zoom snap. However my understanding is that there is still no apparmor safe way to enable POSIX mqs for snaps so I'm not sure how to fix this "properly." Maybe @ogra1 can comment.
Anyway hope this helps other people.
wimex
commented
22 hours ago On Fedora 40, it was enough to just do the second part (I think it doesn't have AppArmor).
I had to investigate how to modify seccomp rules, so here it is:
As root, edit /var/lib/snapd/seccomp/bpf/snap.zoom-client.zoom-client.src, add
mq_open
mq_unlink
mq_getsetattr
mq_timedsend
mq_timedreceiveRegenerate the rules:
sudo /snap/snapd/current/usr/lib/snapd/snap-seccomp compile /var/lib/snapd/seccomp/bpf/snap.zoom-client.zoom-client.src /var/lib/snapd/seccomp/bpf/snap.zoom-client.zoom-client.bin2
It seems to happen only with the snap package.