diff -up ./init/fapolicyd.rules.fix ./init/fapolicyd.rules

--- ./init/fapolicyd.rules.fix	2020-02-11 20:53:48.151150561 +0100

+++ ./init/fapolicyd.rules	2020-02-11 20:55:02.451575384 +0100

@@ -39,6 +39,10 @@ allow exe=/usr/bin/python2.7 : ftype=app

 deny_audit perm=any all : ftype=text/x-python

 #deny_audit perm=any all : ftype=application/octet-stream path=*.pyc

+# Allow shell script but block all other languages

+allow perm=execute all : ftype=text/x-shellscript

+allow perm=any all : ftype=text/plain

+

 #

 # In this next optional languages section, choose either to

 # block (default) or allow by commenting or uncommenting the

@@ -66,10 +70,6 @@ deny_audit perm=any exe=/usr/bin/ruby :

 #allow perm=open all : ftype=text/x-ruby trust=1

 #deny_audit perm=any all : ftype=text/x-ruby

-# Allow shell script but block all other languages

-allow perm=execute all : ftype=text/x-shellscript trust=1

-allow perm=execute all : ftype=text/plain trust=1

-

 # This is a workaround for kernel thinking this is being executed. We

 # catch actual execution in rule 3.

 allow perm=execute all : path=/usr/lib64/ld-2.30.so trust=1