hi guys,
cannot get it to work - shellinabox - not being programmer nor
selinux sorcerer.
shellinabox via apache, when I ausearch it all I get is:
#============= unconfined_service_t =============
#!!!! The file '/usr/bin/bash' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /usr/bin/bash
allow unconfined_service_t unconfined_t:process transition;
I have shellinabox in Apache's:
<Location /cmd>
AuthType Basic
AuthName "some more"
AuthBasicProvider PAM
AuthPAMService rstudio
Require valid-user
#Require all granted
ProxyPasshttp://localhost:4200/
</Location>
using:
LoadModule authnz_pam_module modules/mod_authnz_pam.so
So all seems to work there between apache & shellinabox. Last bit
when you login to shell you get denied.
I also see:
$ ps -FZp 2909167 --cols 999
LABEL UID PID PPID C SZ RSS PSR
STIME TTY TIME CMD
system_u:system_r:unconfined_service_t:s0 shellin+ 2909167 1 0 10785 2740 7
Jun11 ? 00:00:00 /usr/sbin/shellinaboxd -u shellinabox -g shellinabox
--cert=/var/lib/shellinabox --port=4200 --localhost-only --disable-ssl
So it seems that shellinabox runs unconfined and the centos' policy forbids
transitions between unconfined domains.
Would that be right?
Many thanks, L.
