shellinabox

List overview All Threads
Download

newer

older

Solarflare SFC9000 direct...

CentOS 7 + MATE : no sound in...

lejeczek

5 Jul 2018 5 Jul '18

4:08 p.m.

hi guys,

shellinabox, do you use it?

I in pretty vanilla setup get selinux denials and cannot login.

Selinux says:

#============= unconfined_service_t ==============

#!!!! The file '/usr/bin/bash' is mislabeled on your system. #!!!! Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition;

but that does not seem right to me, to allow such a transition, right?

many thanks, L.

Show replies by date

Oleg Cherkasov

6 Jul 6 Jul

1:32 p.m.

On 05. juli 2018 16:08, lejeczek via CentOS wrote:

...

hi guys,

shellinabox, do you use it?

I in pretty vanilla setup get selinux denials and cannot login.

Selinux says:

#============= unconfined_service_t ==============

#!!!! The file '/usr/bin/bash' is mislabeled on your system. #!!!! Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition;

audit2allow suggests to make a new module or restore /usr/bin/bash type context. Try to restore context first, in many cases it helps on "vanilla" setup.

lejeczek

10 Jul 10 Jul

3:06 p.m.

Anybody else? Anybody has gotten shellinabox working witout modification to SE policies?

...

On 05. juli 2018 16:08, lejeczek via CentOS wrote:

...
hi guys,

shellinabox, do you use it?

I in pretty vanilla setup get selinux denials and cannot login.

Selinux says:

#============= unconfined_service_t ==============

#!!!! The file '/usr/bin/bash' is mislabeled on your system. #!!!! Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition;

audit2allow suggests to make a new module or restore /usr/bin/bash type context. Try to restore context first, in many cases it helps on "vanilla" setup. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Jonathan Billings

8:23 p.m.

On Tue, Jul 10, 2018 at 02:06:10PM +0100, lejeczek via CentOS wrote:

...

Anybody else? Anybody has gotten shellinabox working witout modification to SE policies?

I haven't (it looks like a horribly insecure thing) but the source includes selinux policies:

https://github.com/shellinabox/shellinabox/tree/master/misc/selinux/shellina...

-- Jonathan Billings billings@negate.org

2348

Age (days ago)

2353

Last active (days ago)

discuss@lists.centos.org

3 comments

3 participants

tags (0)

participants (3)

Jonathan Billings
lejeczek
Oleg Cherkasov