From 119f307391811d408d2cbed82632b46814376769 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Thu, 16 Feb 2023 13:04:48 +0100
Subject: [PATCH] Allow system_cronjob_t transition to rpm_script_t

This permission is required for rpm-like programs (rpm, dnf)
executed from system cronjobs, e. g. /etc/crontab.

Resolves: rhbz#2173255
---
 policy/modules/contrib/cron.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
index a269cfcc50..8bc806ab9c 100644
--- a/policy/modules/contrib/cron.te
+++ b/policy/modules/contrib/cron.te
@@ -545,6 +545,7 @@ ifdef(`distro_redhat',`
 	# via redirection of standard out.
 	optional_policy(`
 		rpm_manage_log(system_cronjob_t)
+		rpm_transition_script(system_cronjob_t, system_r)
 	')
 ')