@@ 72,6 72,9 @@ Fix:
   restorecon -r /var/www/qwertywar
 
 todo: make this system_u:object_r:httpd_exec_t?
+todo: ``yum update`` one time changed ``/var/www/qwertywar/venv/lib64/python3.9/site-packages/psycopg2/_psycopg.cpython-39-x86_64-linux-gnu.so`` type back to ``httpd_sys_content_t``, breaking the app. I guess part of the httpd package upgrade? Perhaps this virtualenv should move out of /var/www
+
+When selinux denies the .so, nothing appears in audit log. Maybe tune rules? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-possible_causes_of_silent_denials
 
 
 Deploy: