On Mon, 11 Jun 2018 18:25:08 +0100 lejeczek peljasz@yahoo.co.uk wrote:
hi guys,
cannot get it to work - shellinabox - not being programmer nor selinux sorcerer.
shellinabox via apache, when I ausearch it all I get is:
#============= unconfined_service_t ==============
#!!!! The file '/usr/bin/bash' is mislabeled on your system. #!!!! Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition;
I have shellinabox in Apache's:
<Location /cmd> AuthType Basic AuthName "some more" AuthBasicProvider PAM AuthPAMService rstudio Require valid-user #Require all granted ProxyPass http://localhost:4200/
</Location>
using:
LoadModule authnz_pam_module modules/mod_authnz_pam.so
So all seems to work there between apache & shellinabox. Last bit when you login to shell you get denied.
Would there be a reasonable selinux module for it or is shellinabox just too poor design?
Strange. shellinabox is working for me on Fedora 27.
What's the context of /usr/bin/bash on your system?
$ ls -lZ /usr/bin/bash -rwxr-xr-x. 1 root root system_u:object_r:shell_exec_t:s0 1132656 Feb 13 14:08 /usr/bin/bash
If it's not shell_exec_t, the advice given in the error message you saw should fix it.
Paul.