a7589838054c — Joe Ulfers 1 year, 7 months ago 
Note that pip install might set wrong context
patch browse 
1 files changed, 1 insertions(+), 1 deletions(-)

M readme.md

M readme.md +1 -1
@@ 72,7 72,7 @@ Fix:
   restorecon -r /var/www/qwertywar
 
 todo: make this system_u:object_r:httpd_exec_t?
-todo: ``yum update`` one time changed ``/var/www/qwertywar/venv/lib64/python3.9/site-packages/psycopg2/_psycopg.cpython-39-x86_64-linux-gnu.so`` type back to ``httpd_sys_content_t``, breaking the app. I guess part of the httpd package upgrade? Perhaps this virtualenv should move out of /var/www
+todo: ``yum update`` one time changed ``/var/www/qwertywar/venv/lib64/python3.9/site-packages/psycopg2/_psycopg.cpython-39-x86_64-linux-gnu.so`` type back to ``httpd_sys_content_t``, breaking the app. I guess part of the httpd package upgrade? Perhaps this virtualenv should move out of /var/www. pip install might also do this?
 
 When selinux denies the .so, nothing appears in audit log. Maybe tune rules? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-possible_causes_of_silent_denials