diff -up ./init/fapolicyd.rules.fix ./init/fapolicyd.rules
--- ./init/fapolicyd.rules.fix	2020-02-11 20:53:48.151150561 +0100
+++ ./init/fapolicyd.rules	2020-02-11 20:55:02.451575384 +0100
@@ -39,6 +39,10 @@ allow exe=/usr/bin/python2.7 : ftype=app
 deny_audit perm=any all : ftype=text/x-python
 #deny_audit perm=any all : ftype=application/octet-stream path=*.pyc
 
+# Allow shell script but block all other languages
+allow perm=execute all : ftype=text/x-shellscript
+allow perm=any all : ftype=text/plain
+
 #
 # In this next optional languages section, choose either to
 # block (default) or allow by commenting or uncommenting the
@@ -66,10 +70,6 @@ deny_audit perm=any exe=/usr/bin/ruby :
 #allow perm=open all : ftype=text/x-ruby trust=1
 #deny_audit perm=any all : ftype=text/x-ruby
 
-# Allow shell script but block all other languages
-allow perm=execute all : ftype=text/x-shellscript trust=1
-allow perm=execute all : ftype=text/plain trust=1
-
 # This is a workaround for kernel thinking this is being executed. We
 # catch actual execution in rule 3.
 allow perm=execute all : path=/usr/lib64/ld-2.30.so trust=1