From: russell@coker.com.au (Russell Coker)
Date: Thu, 14 Jun 2018 23:01:58 +1000
Subject: [refpolicy] cron_system_entry(gpg_t, gpg_exec_t)
Message-ID: <2008669.eO35s5s6tf@liv>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

cron_system_entry(gpg_t, gpg_exec_t)

Why do we have this?

gpg is run by cron jobs that write to /var/log, so if we use gpg_t for gpg 
when it's run from those cron jobs we need to allow it access to var_log_t 
which means that user_t can use gpg to access var_log_t.

What benefit do we get from a domain transition when running gpg from a system 
cron job?

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/