You join a meeting and the microphone is grayed out
You open your terminal to join a critical standup, type zoom, and get a permission denied error. Or worse, Zoom launches but your microphone shows as grayed out while everyone else hears the hum of your fan. You installed the RPM from the website, but Fedora's security model is pushing back. The application is fighting the OS, and you need to decide whether to bend the OS to the app or use the sandbox that plays nice.
Zoom is proprietary software. Fedora does not include proprietary binaries in its default repositories. You have to bring Zoom in yourself. The installation method you choose determines how Fedora treats the application. The native RPM drops files into system directories and relies on SELinux policies to govern access. The Flatpak version runs in a sandbox and requests permissions through the portal system. Both methods work, but they require different troubleshooting steps when hardware access fails.
What's actually happening
Fedora ships with SELinux enabled in enforcing mode by default. SELinux is a Mandatory Access Control system. It does not just check if a user has read or write permissions. It checks if the process has the right label to perform the action on the target object. When you install the native Zoom RPM, the binary lands in /usr/bin. SELinux expects binaries in /usr/bin to follow strict policies. If the Zoom binary attempts to access /dev/snd for audio, SELinux evaluates the transition. If the policy does not allow the zoom_t domain to access the alsa_device_t object, the kernel denies the request. The denial is often silent to the application, resulting in a grayed-out microphone or camera.
Flatpak works differently. Flatpak applications run in a sandbox defined by Bubblewrap. The sandbox policy explicitly grants or denies access to devices. When you run Zoom via Flatpak, the application requests access to the microphone through the XDG Desktop Portal. The portal prompts you for permission. Once granted, the sandbox allows the access. The sandbox handles the isolation, so SELinux does not block the request because the sandbox policy is already trusted by the system. The Flatpak method is generally preferred on Fedora because it aligns with the security model and reduces the need for manual SELinux adjustments.
Install Zoom via Flatpak
The Flatpak installation is the recommended path. It isolates Zoom from the rest of your system, reduces potential security risks, and handles permissions via the portal system. You need the Flathub repository enabled to install Zoom. Flathub is the central repository for Flatpak applications.
Run the following commands to add Flathub and install Zoom. The --if-not-exists flag ensures you do not get an error if Flathub is already configured.
# Add Flathub if it's missing. The --if-not-exists flag prevents errors if you already have it.
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
# Install Zoom from Flathub. Flatpak handles dependencies and sandbox permissions automatically.
flatpak install flathub us.zoom.Zoom
# Launch the application. The first run will prompt for microphone and camera permissions.
flatpak run us.zoom.Zoom
When Zoom launches for the first time, a dialog appears asking for permission to access the microphone and camera. Grant the permission. The sandbox stores the decision. If you deny the permission and change your mind, you can adjust it later using the Flatpak permissions tool or by running flatpak override --user --device=all us.zoom.Zoom to grant full device access temporarily for testing.
Reboot before you debug. Half the time the symptom is gone.
Install Zoom via native RPM
If you prefer the native RPM installation, download the package directly from Zoom's website. Use dnf to install the RPM. Do not use rpm -i. The dnf command resolves dependencies and handles the transaction safely. The rpm command does not resolve dependencies and can leave the system in a broken state if libraries are missing.
Download the RPM and install it with dnf. The ./ prefix tells dnf to install the local file rather than searching the repositories.
# Download the latest RPM. Replace the URL if Zoom changes their structure.
wget https://zoom.us/client/latest/zoom_x86_64.rpm
# Install the RPM using dnf. Dnf resolves dependencies and handles the transaction safely.
sudo dnf install ./zoom_x86_64.rpm
After installation, launch Zoom from your application menu or by running zoom in the terminal. If Zoom fails to launch or cannot access audio and video, SELinux is likely blocking the request. Fedora enforces strict SELinux policies by default. The Zoom RPM may not have the correct file contexts set for the binaries and shared resources.
Check the SELinux audit log for denials. The setroubleshoot service analyzes denials and provides a one-line summary. Read the summary before making changes.
# Check for denials in the audit log. The -t setroubleshoot flag filters for SELinux analysis messages.
sudo journalctl -t setroubleshoot | tail -n 20
If you see denials related to zoom, restore the default file contexts. The restorecon command reads the file context database and applies the correct labels. This fixes the issue without modifying the SELinux policy.
# Restore default contexts for Zoom binaries and resources. This fixes labels without changing policy.
sudo restorecon -Rv /usr/bin/zoom /usr/share/zoom
Never use chcon to fix SELinux issues. The chcon command changes the label directly and bypasses the file context database. Changes made with chcon are lost on package upgrade and can cause context drift. Always use restorecon to fix context issues. restorecon relies on the database, which is updated by SELinux policy packages.
Run journalctl -xe first. Read the actual error before guessing.
Verify the installation
After installation, verify that Zoom is working correctly. For Flatpak, check the permissions to ensure the application has access to the microphone and camera. The --show-permissions flag lists what the app can access.
# Verify Flatpak installation and check permissions. The --show-permissions flag lists what the app can access.
flatpak info --show-permissions us.zoom.Zoom
Look for devices: all or specific device access in the output. If the microphone is denied, the sandbox will not let you speak. Grant the permission in the portal dialog or adjust the override.
For the native RPM, verify that SELinux is not blocking access. Run the journalctl command again after launching Zoom and attempting to use the microphone. If you see no new denials, the context fix worked.
Grant the microphone permission in the dialog. The sandbox won't let you in until you do.
Common pitfalls and error messages
Zoom can fail in subtle ways. The error message you see depends on the installation method and the component that is failing.
If you see Error: Transaction test error when installing the RPM, a dependency conflict exists. Run sudo dnf upgrade --refresh to update your system packages before installing Zoom. The --refresh flag forces dnf to check for updates even if the metadata is fresh. This resolves conflicts caused by outdated packages.
If Zoom launches but screen sharing fails, check your display server. Fedora uses Wayland by default. Zoom has had issues with screen sharing on Wayland in older versions. Ensure you are running the latest version of Zoom. Flatpak updates automatically via flatpak update. For the RPM, check the Zoom website for updates.
If you encounter connection issues, verify that your firewall allows Zoom traffic. Zoom typically handles its own network configuration, but if you are running Zoom in a specific network zone, ensure the ports are open. Zoom uses TCP and UDP ports for communication.
# Check the active zones and services. The --list-all flag shows all rules for the default zone.
sudo firewall-cmd --list-all
# If you need to allow specific ports manually, add them to the permanent configuration.
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --permanent --add-port=8801-8810/udp
# Reload the firewall after any rule change. The runtime config diverges from persistent config without this.
sudo firewall-cmd --reload
The firewall-cmd --reload command is essential. Without it, the runtime configuration and the persistent configuration diverge. Changes made with --permanent do not take effect until you reload the firewall.
Trust the package manager. Manual file edits drift, snapshots stay.
When to use Flatpak vs native RPM
Choose the installation method based on your security requirements and system configuration.
Use Flatpak when you want a sandboxed environment that isolates Zoom from your system files and handles permissions via the portal system. Use Flatpak when you want automatic updates without manual intervention. Use Flatpak when you are on a shared system where users should not have write access to /usr.
Use the native RPM when you prefer direct installation and are comfortable managing SELinux contexts if hardware access fails. Use the native RPM when you need Zoom to integrate with system-wide notifications or file managers without sandbox restrictions. Use the native RPM when your hardware requires direct driver access that the sandbox cannot provide.
Stay on the upstream Workstation if you only deviate from the defaults occasionally.