hi guys,

cannot get it to work – shellinabox – not being programmer nor selinux sorcerer.

shellinabox via apache, when I ausearch it all I get is:

#============= unconfined_service_t =============
#!!!! The file ‘/usr/bin/bash’ is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition;

I have shellinabox in Apache’s:

AuthType Basic
AuthName “some more”
AuthBasicProvider PAM
AuthPAMService rstudio
Require valid-user
#Require all granted
ProxyPasshttp://localhost:4200/

using:

LoadModule authnz_pam_module modules/mod_authnz_pam.so

So all seems to work there between apache & shellinabox. Last bit when you login to shell you get denied.

I also see:
$ ps -FZp 2909167 –cols 999
LABEL UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
system_u:system_r:unconfined_service_t:s0 shellin+ 2909167 1 0 10785 2740 7 Jun11 ? 00:00:00 /usr/sbin/shellinaboxd -u shellinabox -g shellinabox –cert=/var/lib/shellinabox –portB00 –localhost-only –disable-ssl

So it seems that shellinabox runs unconfined and the CentOS‘ policy forbids transitions between unconfined domains. Would that be right?
Many thanks, L.