# HG changeset patch
# User Joe Ulfers <ju@josiahulfers.com>
# Date 1697207246 14400
#      Fri Oct 13 10:27:26 2023 -0400
# Node ID a7589838054c0996d5a09ecb2b29069cd4f21a89
# Parent  a50727c6b305cbb6ee26dd67262fc94a7047ca6a
Note that pip install might set wrong context

diff --git a/readme.md b/readme.md
--- a/readme.md
+++ b/readme.md
@@ -72,7 +72,7 @@
   restorecon -r /var/www/qwertywar
 
 todo: make this system_u:object_r:httpd_exec_t?
-todo: ``yum update`` one time changed ``/var/www/qwertywar/venv/lib64/python3.9/site-packages/psycopg2/_psycopg.cpython-39-x86_64-linux-gnu.so`` type back to ``httpd_sys_content_t``, breaking the app. I guess part of the httpd package upgrade? Perhaps this virtualenv should move out of /var/www
+todo: ``yum update`` one time changed ``/var/www/qwertywar/venv/lib64/python3.9/site-packages/psycopg2/_psycopg.cpython-39-x86_64-linux-gnu.so`` type back to ``httpd_sys_content_t``, breaking the app. I guess part of the httpd package upgrade? Perhaps this virtualenv should move out of /var/www. pip install might also do this?
 
 When selinux denies the .so, nothing appears in audit log. Maybe tune rules? https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-possible_causes_of_silent_denials