The recent redhat-rpm-config change and you

[Tomas Mraz]

> More (much more?) work for little gain, but likely the correct solution
> would be to configure SELinux policy to recognize a python program
> trying to write a pyo file and allow that to pass.  (Coupled with %
> ghosting.)

No, that wouldn't be secure. The written .pyo file could be arbitrary
code which if run again for example from a different security context
could exploit your system even more.

-- 
Tomas Mraz <tmraz at redhat.com>