如何永久启用SELinux策略模块？

我有一个RHEL我开发时使用的8.1系统，系统自带SELinux默认处于强制模式。

在该系统上，我编写并运行 Python 脚本视觉工作室代码，出于某种原因，我经常在 SELinux 警报浏览器中收到警报，其中显示：

SELinux 正在阻止 /usr/libexec/platform-python3.6 对文件 gpgsm 执行访问。

我不明白这意味着什么，因为我的简单 Python 脚本不会调用gpgsm（我不知道gpgsm是什么）。

详细信息对话框显示：

You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'rhsmcertd-worke' --raw | audit2allow -M my-rhsmcertdworke
# semodule -X 300 -i my-rhsmcertdworke.pp

详细信息的完整输出是

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that platform-python3.6 should be allowed execute access on the gpgsm file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'rhsmcertd-worke' --raw | audit2allow -M my-rhsmcertdworke
# semodule -X 300 -i my-rhsmcertdworke.pp

Additional Information:
Source Context                system_u:system_r:rhsmcertd_t:s0
Target Context                system_u:object_r:gpg_exec_t:s0
Target Objects                gpgsm [ file ]
Source                        rhsmcertd-worke
Source Path                   /usr/libexec/platform-python3.6
Port                          <Unknown>
Host                          [my hostname]
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.14.3-20.el8.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     [my hostname]
Platform                      Linux [my hostname] 4.18.0-147.8.1.el8_1.x86_64 #1
                              SMP Wed Feb 26 03:08:15 UTC 2020 x86_64 x86_64
Alert Count                   2
First Seen                    2020-04-22 16:48:22 BST
Last Seen                     2020-04-22 16:48:22 BST
Local ID                      2114dd0f-4b36-420d-9ad4-617017e8b43d

Raw Audit Messages
type=AVC msg=audit(1587570502.586:134): avc:  denied  { execute } for  pid=4916 comm="rhsmcertd-worke" name="gpgsm" dev="dm-0" ino=765660 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:gpg_exec_t:s0 tclass=file permissive=0


Hash: rhsmcertd-worke,rhsmcertd_t,gpg_exec_t,file,execute

所以我运行了两个命令，通过sudo它生成了两个文件：my-rhsmcertdworke.te和my-rhsmcertdworke.pp。该semodule -X 300 -i my-rhsmcertdworke.pp命令运行时没有任何错误，当我使用 列出启用的模块时sudo semodule -lstandard，它确实列出了my-rhsmcertdworke其他启用的模块。

但是，我仍然不断收到相同的警报，就好像我没有导入并启用该模块一样。

my-rhsmcertdworke.te顺便说一下，这是通过命令生成的内容ausearch -c 'rhsmcertd-worke' --raw | audit2allow -M my-rhsmcertdworke：

module my-rhsmcertdworke 1.0;

require {
    type gpg_exec_t;
    type root_t;
    type rhsmcertd_t;
    class file { execute open read };
}

#============= rhsmcertd_t ==============
allow rhsmcertd_t gpg_exec_t:file execute;

#!!!! This avc is allowed in the current policy
allow rhsmcertd_t root_t:file read;

#!!!! This avc can be allowed using the boolean 'daemons_dump_core'
allow rhsmcertd_t root_t:file open;

我做错了什么，导致相同的警报仍然发生？如何真正启用此策略模块以使其持续存在？谢谢你！

聚苯乙烯我不认为my-rhsmcertdworke必须是策略模块的名称，将其更改为其他名称是否安全？SELinux 策略模块有命名约定吗？