> More (much more?) work for little gain, but likely the correct solution > would be to configure SELinux policy to recognize a python program > trying to write a pyo file and allow that to pass. (Coupled with % > ghosting.) No, that wouldn't be secure. The written .pyo file could be arbitrary code which if run again for example from a different security context could exploit your system even more. -- Tomas Mraz <tmraz@xxxxxxxxxx>
