shellinabox via proxy(apache)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



hi guys,

cannot get it to work - shellinabox - not being programmer nor
selinux sorcerer.

shellinabox via apache, when I ausearch it all I get is:

#============= unconfined_service_t ==============

#!!!! The file '/usr/bin/bash' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /usr/bin/bash
allow unconfined_service_t unconfined_t:process transition;

I have shellinabox in Apache's:

<Location /cmd>
   AuthType Basic
   AuthName "some more"
   AuthBasicProvider PAM
   AuthPAMService rstudio
   Require valid-user
   #Require    all granted
   ProxyPasshttp://localhost:4200/
</Location>

using:

LoadModule authnz_pam_module modules/mod_authnz_pam.so

So all seems to work there between apache & shellinabox. Last bit
when you login to shell you get denied.

I also see:
$ ps -FZp 2909167 --cols 999
LABEL                           UID          PID    PPID  C    SZ   RSS PSR STIME TTY          TIME CMD
system_u:system_r:unconfined_service_t:s0 shellin+ 2909167 1  0 10785 2740 7 Jun11 ?       00:00:00 /usr/sbin/shellinaboxd -u shellinabox -g shellinabox --cert=/var/lib/shellinabox --port=4200 --localhost-only --disable-ssl


So it seems that shellinabox runs unconfined and the centos' policy forbids transitions between unconfined domains.
Would that be right?
Many thanks, L.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux