From: russell@coker.com.au (Russell Coker) Date: Thu, 14 Jun 2018 23:01:58 +1000 Subject: [refpolicy] cron_system_entry(gpg_t, gpg_exec_t) Message-ID: <2008669.eO35s5s6tf@liv> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com cron_system_entry(gpg_t, gpg_exec_t) Why do we have this? gpg is run by cron jobs that write to /var/log, so if we use gpg_t for gpg when it's run from those cron jobs we need to allow it access to var_log_t which means that user_t can use gpg to access var_log_t. What benefit do we get from a domain transition when running gpg from a system cron job? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/