On Mon, 11 Jun 2018 18:25:08 +0100 lejeczek <peljasz@xxxxxxxxxxx> wrote: > hi guys, > > cannot get it to work - shellinabox - not being programmer nor > selinux sorcerer. > > shellinabox via apache, when I ausearch it all I get is: > > #============= unconfined_service_t ============== > > #!!!! The file '/usr/bin/bash' is mislabeled on your system. > #!!!! Fix with $ restorecon -R -v /usr/bin/bash > allow unconfined_service_t unconfined_t:process transition; > > I have shellinabox in Apache's: > > <Location /cmd> > AuthType Basic > AuthName "some more" > AuthBasicProvider PAM > AuthPAMService rstudio > Require valid-user > #Require all granted > ProxyPass http://localhost:4200/ > </Location> > > using: > > LoadModule authnz_pam_module modules/mod_authnz_pam.so > > So all seems to work there between apache & shellinabox. Last bit > when you login to shell you get denied. > > Would there be a reasonable selinux module for it or is shellinabox > just too poor design? Strange. shellinabox is working for me on Fedora 27. What's the context of /usr/bin/bash on your system? $ ls -lZ /usr/bin/bash -rwxr-xr-x. 1 root root system_u:object_r:shell_exec_t:s0 1132656 Feb 13 14:08 /usr/bin/bash If it's not shell_exec_t, the advice given in the error message you saw should fix it. Paul. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/7TX33FBCNN27OZT4D4NHS6PXSPNNKM27/