What values should be used for SELinux (pam_selinux) "context" and "level"?

TheIceyWolf / shellinabox

Automatically exported from code.google.com/p/shellinabox

Other

0 stars 0 forks source link

What values should be used for SELinux (pam_selinux) "context" and "level"? #15

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. Configure/make/make install shellinabox-2.8 on a Fedora 9 box.
2. Run shellinaboxd -t (from root session)
3. Connect to "http://localhost:4200" on a local browser.

What is the expected output? What do you see instead?

- Expected "login:", "password:" and bash prompt.

- Instead, after entering the correct login information for the login and
password prompts, a prompt for "context" and then "level" were displayed.

- All attempts with various values for "context" and "level" gleaned from
the system's "SELinux Administration" tool, yielded "Authentication failed"
messages from shellinabox.

What version of the product are you using? On what operating system?

shellinabox-2.8

Fedora 9 (default SELinux configuration)

Please provide any additional information below.

Original issue reported on code.google.com by kaffet...@gmail.com on 2 Jun 2009 at 2:48

GoogleCodeExporter commented 8 years ago

ShellInABox does not have support for SELinux, and I cannot find any good
documentation on how to add it.

So, your best bet would be to ask RedHat to officially include ShellInABox in 
Fedora.
Presumably, they know how to configure programs for use with SELinux. I'd 
certainly
accept any patches that they would like to submit.

In the meantime, avoiding calls to /bin/login will work around the problem that 
you
are seeing. You could launch ShellInABox as:

  shellinaboxd -t -s '/:AUTH:HOME:/bin/bash'

This won't give you exactly the same environment that /bin/login would set up, 
but
maybe it is close enough for your purposes.

For now, I changed the status of the issue to "WontFix". If any new information 
on
how to configure SELinux does become available, I can reopen the issue.

Original comment by zod...@gmail.com on 17 Jun 2009 at 1:11

Changed state: WontFix

GoogleCodeExporter commented 8 years ago

While I still don't know what RedHat specific magic is necessary to make 
shellinaboxd 
work on Fedora, there now is a viable work-around available, if you check out 
the most 
recent code from SVN.

Instead of calling /bin/login, which seems to cause problems on Fedora, you can 
tell 
shellinaboxd to connect to your local SSH server. Just pass it the command line 
"--
service /:SSH" and things should start working.

Original comment by zod...@gmail.com on 30 Jul 2009 at 7:01

GoogleCodeExporter commented 8 years ago

I now added a README.Fedora file to the subversion tree. It gives some more 
hints on 
how to configure ShellInABox for use on Fedora.

Original comment by zod...@gmail.com on 23 Nov 2009 at 4:59

GoogleCodeExporter commented 8 years ago

why running `shellinaboxd -t -s '/:AUTH:HOME:/bin/bash'` gives me
Cannot look up user id "AUTH"?

Original comment by libre.lb...@gmail.com on 25 May 2015 at 6:27