On Arch Linux, logrotate is a service launched by systemd:
avc: denied { execute_no_trans } for pid=216 comm="(ogrotate)"
path="/usr/bin/logrotate" dev="vda1" ino=396833
scontext=system_u:system_r:init_t
tcontext=system_u:object_r:logrotate_exec_t tclass=file
permissive=1
---
logrotate.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/logrotate.te b/logrotate.te
index 9e40550df70a..feaf5a6ae71b 100644
--- a/logrotate.te
+++ b/logrotate.te
@@ -14,6 +14,7 @@ domain_type(logrotate_t)
domain_obj_id_change_exemption(logrotate_t)
domain_system_change_exemption(logrotate_t)
domain_entry_file(logrotate_t, logrotate_exec_t)
+init_system_domain(logrotate_t, logrotate_exec_t)
role logrotate_roles types logrotate_t;
type logrotate_lock_t;
--
2.14.1