App crashing while it is starting (sometimes)

[xplosionmind]

I got this error once while starting the app, then, I opened it again and it worked ok.

Render process is gone

Error: Reason: crashed, Exit Code: 133
    at App.<anonymous> ([REDACTED]/app/global_errors.js:88:7)
    at App.emit (node:events:525:35)
    at WebContents.<anonymous> (node:electron/js2c/browser_init:2:90245)
    at WebContents.emit (node:events:525:35)

[etvt]

I got the same once, and at the same time, 140 additional SELinux denials:

Raw Audit Messages
type=AVC msg=audit(1703796376.721:320): avc:  denied  { execheap } for  pid=3703 comm="signal-desktop" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1012 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1012 tclass=process permissive=0

[epsilontheta]

Same problem and also SELinux denials on Fedora 40 Workstation.
Installed via flatpak.

$ journalctl -t setroubleshoot -b
Jul 19 20:00:32 hyperion setroubleshoot[71936]: SELinux is preventing signal-desktop from using the execheap access on a process. For complete SELinux messages run: sealert -l 8e863fe8-dec1-4d8a-bb9a-8af9cac93c00
Jul 19 20:00:34 hyperion setroubleshoot[71936]: SELinux is preventing signal-desktop from using the execheap access on a process.
                                                
                                                *****  Plugin allow_execheap (53.1 confidence) suggests   ********************
                                                
                                                If you do not think signal-desktop should need to map heap memory that is both writable and executable.
                                                Then you need to report a bug. This is a potentially dangerous access.
                                                Do
                                                contact your security administrator and report this issue.
                                                
                                                *****  Plugin catchall_boolean (42.6 confidence) suggests   ******************
                                                
                                                If you want to allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, b>
                                                Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean.
                                                
                                                Do
                                                setsebool -P selinuxuser_execheap 1
                                                
                                                *****  Plugin catchall (5.76 confidence) suggests   **************************
                                                
                                                If you believe that signal-desktop should be allowed execheap access on processes labeled unconfined_t by default.
                                                Then you should report this as a bug.
                                                You can generate a local policy module to allow this access.
                                                Do
                                                allow this access for now by executing:
                                                # ausearch -c 'signal-desktop' --raw | audit2allow -M my-signaldesktop
                                                # semodule -X 300 -i my-signaldesktop.pp

$ sealert -l 8e863fe8-dec1-4d8a-bb9a-8af9cac93c00
SELinux is preventing signal-desktop from using the execheap access on a process.

*****  Plugin allow_execheap (53.1 confidence) suggests   ********************

If you do not think signal-desktop should need to map heap memory that is both writable and executable.
Then you need to report a bug. This is a potentially dangerous access.
Do
contact your security administrator and report this issue.

*****  Plugin catchall_boolean (42.6 confidence) suggests   ******************

If you want to allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean.

Do
setsebool -P selinuxuser_execheap 1

*****  Plugin catchall (5.76 confidence) suggests   **************************

If you believe that signal-desktop should be allowed execheap access on processes labeled unconfined_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'signal-desktop' --raw | audit2allow -M my-signaldesktop
# semodule -X 300 -i my-signaldesktop.pp


Additional Information:
Source Context                unconfined_u:unconfined_r:unconfined_t:s0-
                              s0:c0.c1023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-
                              s0:c0.c1023
Target Objects                Unknown [ process ]
Source                        signal-desktop
Source Path                   signal-desktop
Port                          <Unknown>
Host                          hyperion
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-40.24-1.fc40.noarch
Local Policy RPM              selinux-policy-targeted-40.24-1.fc40.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     hyperion
Platform                      Linux hyperion 6.9.9-200.fc40.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Thu Jul 11 19:29:01 UTC 2024
                              x86_64
Alert Count                   302
First Seen                    2024-07-19 20:00:28 CEST
Last Seen                     2024-07-28 18:15:44 CEST
Local ID                      8e863fe8-dec1-4d8a-bb9a-8af9cac93c00

Raw Audit Messages
type=AVC msg=audit(1722183344.570:4885): avc:  denied  { execheap } for  pid=379991 comm="signal-desktop" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0


Hash: signal-desktop,unconfined_t,unconfined_t,process,execheap

$ flatpak info org.signal.Signal 

Signal Desktop - Private messenger

          ID: org.signal.Signal
         Ref: app/org.signal.Signal/x86_64/stable
        Arch: x86_64
      Branch: stable
     Version: 7.17.0
     License: AGPL-3.0-only
      Origin: flathub
  Collection: org.flathub.Stable
Installation: system
   Installed: 459,4 MB
     Runtime: org.freedesktop.Platform/x86_64/23.08
         Sdk: org.freedesktop.Sdk/x86_64/23.08

      Commit: 37ca459ed5abfe38664af279ccdaa17f9c8d683559ca75cc06e1624efa8b5c82
      Parent: b9ea620717e19eb210042af066f3b1cc1113f1e7c23151afac70764f7e3bc5a0
     Subject: signal-desktop: Update signal-desktop.deb to 7.17.0 (#692) (e1d74fd1)
        Date: 2024-07-25 17:48:17 +0000