Re: shellinabox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 11 Jun 2018 18:25:08 +0100
lejeczek <peljasz@xxxxxxxxxxx> wrote:

> hi guys,
> 
> cannot get it to work - shellinabox - not being programmer nor
> selinux sorcerer.
> 
> shellinabox via apache, when I ausearch it all I get is:
> 
> #============= unconfined_service_t ==============
> 
> #!!!! The file '/usr/bin/bash' is mislabeled on your system.
> #!!!! Fix with $ restorecon -R -v /usr/bin/bash
> allow unconfined_service_t unconfined_t:process transition;
> 
> I have shellinabox in Apache's:
> 
> <Location /cmd>
>    AuthType Basic
>    AuthName "some more"
>    AuthBasicProvider PAM
>    AuthPAMService rstudio
>    Require valid-user
>    #Require    all granted
>    ProxyPass  http://localhost:4200/
> </Location>
> 
> using:
> 
> LoadModule authnz_pam_module modules/mod_authnz_pam.so
> 
> So all seems to work there between apache & shellinabox. Last bit
> when you login to shell you get denied.
> 
> Would there be a reasonable selinux module for it or is shellinabox
> just too poor design?

Strange. shellinabox is working for me on Fedora 27.

What's the context of /usr/bin/bash on your system?

$ ls -lZ /usr/bin/bash
-rwxr-xr-x. 1 root root system_u:object_r:shell_exec_t:s0 1132656 Feb
13 14:08 /usr/bin/bash

If it's not shell_exec_t, the advice given in the error message you saw
should fix it.

Paul.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/7TX33FBCNN27OZT4D4NHS6PXSPNNKM27/




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux