On Mon, 11 Jun 2018 18:25:08 +0100
lejeczek <peljasz(a)yahoo.co.uk> wrote:
hi guys,
cannot get it to work - shellinabox - not being programmer nor
selinux sorcerer.
shellinabox via apache, when I ausearch it all I get is:
#============= unconfined_service_t ==============
#!!!! The file '/usr/bin/bash' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /usr/bin/bash
allow unconfined_service_t unconfined_t:process transition;
I have shellinabox in Apache's:
<Location /cmd>
AuthType Basic
AuthName "some more"
AuthBasicProvider PAM
AuthPAMService rstudio
Require valid-user
#Require all granted
ProxyPass
http://localhost:4200/
</Location>
using:
LoadModule authnz_pam_module modules/mod_authnz_pam.so
So all seems to work there between apache & shellinabox. Last bit
when you login to shell you get denied.
Would there be a reasonable selinux module for it or is shellinabox
just too poor design?
Strange. shellinabox is working for me on Fedora 27.
What's the context of /usr/bin/bash on your system?
$ ls -lZ /usr/bin/bash
-rwxr-xr-x. 1 root root system_u:object_r:shell_exec_t:s0 1132656 Feb
13 14:08 /usr/bin/bash
If it's not shell_exec_t, the advice given in the error message you saw
should fix it.
Paul.