]>
Commit | Line | Data |
---|---|---|
09c5d6e3 MG |
1 | When running in SELinux mode on Fedora, some operations don't work out of the |
2 | box. | |
3 | ||
4 | Until somebody contributes a complete SELinux policy for ShellInABox, here are | |
5 | some tips on getting things working: | |
6 | ||
7 | - avoid using the default "LOGIN" service. Calling /bin/login does not do | |
8 | the right thing. | |
9 | The "LOGIN" service is the default service when running "shellinaboxd" as | |
10 | "root". This means, you will most likely see all logins failing, whenever | |
11 | you start the daemon as "root". | |
12 | To fix this problem, consider explicitly specifying a service definition. | |
13 | One of these two should work: | |
14 | --service /:AUTH:HOME:/bin/bash | |
15 | or | |
16 | --service /:SSH | |
17 | The latter requires that you have a locally running "sshd" daemon. | |
18 | ||
19 | - On Fedora, PAM authentication does not work for shellinabox until you | |
20 | explicitly configure it. This means, using "AUTH" in the service definition | |
21 | will not allow you to log in. | |
22 | You can fix this by defining a proper "/etc/pam.d/shellinabox" file. Take a | |
23 | look at "etc-pam.d-shellinabox-example" for a working example. | |
24 | Make sure you assign the correct SELinux labels to this file when copying | |
25 | it into "/etc/pam.d": | |
26 | cp -Z system_u:object_r:etc_t:s0 etc-pam.d-shellinabox-example /etc/pam.d/ | |
27 |