I want to set up a cron job to sync some stuff with rclone. Cron isn’t installed, and it’;s not on flathub or anything. I am instead trying to use systemd services, but those are having trouble because brew doesn’t install programs into /usr/local/bin.
What is the Aurora way to approach this? I suspect containers are involved somehow, but I don’t really understand how to use them in Aurora, or how I would use them for this.
My recommendation is to use systemd timers instead. I have some information about how to do this here ManfredLotz/from_crond_to_systemd_timer: Shows how to use systemd timer as a replacement for cron daemon - Codeberg.org
If you decide to go this way don’t hesitate to ask if something is unclear…
That’s what I am doing, but as I described, I am getting a lot of permission denied errors because brew doesn’t install things in the usr/local/bin directory, which from what I read, is where programs need to go for systemd to read them.
Sorry, I hadn’t read carefully.
Not an ideal solution but what you can do is
rclone binary to /usr/local/sbinrestorecon -v /usr/local/sbin/rclonesystemctl daemon-reloadUpdate: Just see that rclone is preinstalled. I did above actions with another binary where i had set up a systemd timer.
A better solution might be to define an exception for SELinux. But in case of brew an exception has to deal with the fact that binaries in brew have a somehow dynamic path (version number…).
As I am new to Aurora (coming from non immutable) I currently have to deal with other issues. But I plan to investigate this…
My thinking is: If possible define a policy for all bin directories in /home/linuxbrew/.linuxbrew to have a context, something like this:
Context: system_u:object_r:bin_t:s0
Then run restorecon over /home/linuxbrew/.linuxbrew to get things adjusted.
I hope this is possible. But I have to read more about SELinux….
To get rid of those permission denied errors:
sudo ausearch -ts recent | sudo audit2allow
The above command will show what was denied and the SELinux configuration needed to allow them. To create an SELinux policy for those:
sudo ausearch -ts recent | sudo audit2allow -M my-custom-policy
Then run:
sudo semodule -i my-custom-policy.pp
You can safely remove the my-custom-policy.pp and my-custom-policy.te files from the working directory when you are done.
If it requires you to set an SELinux boolean, you can do that with the sudo setsebool -P command.
@hyperreal Thanks a lot. 
Something like this was what I thought should help.
Your description saves me a lot of time to read about these things in order to learn how to do it.
You’re welcome. But I do encourage you to read about them when you have the time. You don’t have to understand all of it at once – there’s a whole bunch of SELinux stuff that I don’t know yet – but every little bit along the way helps. 
I definitely will read about it as I don’t issue commands I don’t really understand. 
But your information gives me a head start for this.