Hi,
The RHEL Teams package teams-1.4.00.26453-1.x86_64.rpm doesn't work on RHEL8.5 when fapolicyd is installed and active which should work when teams is installed as an RPM.
The fapolicyd is configured with the RPM backend by default
rule=7 dec=deny_audit perm=open auid=17200001 pid=211613 exe=/usr/share/teams/teams : path=/usr/share/teams/libffmpeg.so ftype=application/x-sharedlib
fapolicyd is a security policy whitelist tool.
Hi @Ian-9281
Does anyone else have the same problem in your organization?
According to your description, it seems this phenomenon is occured in RPM, what about if using DEB package?
It has been a while, how is everything going?
If you have any update about this issue, please feel free to post back.
According to the fapolicyd documentation found here: https://github.com/linux-application-whitelisting/fapolicyd
Starting with the 0.9.4 release, the rpm backend filters most files in the
/usr/sharedirectory. It keeps anything with a with a python extension or a libexec directory. It also keeps/usr/src/kernelso that Akmod can still build drivers on a kernel update.
You would have to add a rule to /etc/fapolicyd/fapolicyd.rules to allow open/execute from the /usr/share/teams directory. I am trying to do the same with VS Code.
Also, /usr/share is not a great place for applications to be installed. For reference:
https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#PURPOSE26
5 people are following this question.
