SELinux не разрешает команду ps в PHP

Я использую этот фрагмент кода для проверки того, запущен ли myservice в php. exec("ps -A | grep -i myservicename | grep -v grep 2>&1", $output);. $output всегда пуст. Но после выполнения setenforce 0 все работает нормально. Значит, SELinux не позволяет httpd выполнить эту команду. Также audit2why выдает мне следующее сообщение.

type=AVC msg=audit(1503739681.450:2905): avc:  denied  { search } for  pid=11273 comm="ps" name="11017" dev="proc" ino=97841 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir
    Was caused by:
            Missing type enforcement (TE) allow rule.

            You can use audit2allow to generate a loadable module to allow this access.

Как я могу сказать SELinux разрешить httpd выполнять мою команду?

UPDATE

Результат audit2allow -a:

#============= httpd_sys_script_t ==============
allow httpd_sys_script_t NetworkManager_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t NetworkManager_t:dir getattr;
allow httpd_sys_script_t abrt_watch_log_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t abrt_watch_log_t:dir getattr;
allow httpd_sys_script_t auditd_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t auditd_t:dir getattr;
allow httpd_sys_script_t crond_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t crond_t:dir getattr;
allow httpd_sys_script_t firewalld_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t firewalld_t:dir getattr;
allow httpd_sys_script_t fsdaemon_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t fsdaemon_t:dir getattr;
allow httpd_sys_script_t getty_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t getty_t:dir getattr;
allow httpd_sys_script_t httpd_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t httpd_t:dir getattr;
allow httpd_sys_script_t init_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t init_t:dir getattr;
allow httpd_sys_script_t initrc_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t initrc_t:dir getattr;
allow httpd_sys_script_t irqbalance_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t irqbalance_t:dir getattr;
allow httpd_sys_script_t kernel_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t kernel_t:dir getattr;
allow httpd_sys_script_t lsmd_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t lsmd_t:dir getattr;
allow httpd_sys_script_t lvm_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t lvm_t:dir getattr;
allow httpd_sys_script_t mysqld_safe_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t mysqld_safe_t:dir getattr;
allow httpd_sys_script_t mysqld_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t mysqld_t:dir getattr;
allow httpd_sys_script_t policykit_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t policykit_t:dir getattr;
allow httpd_sys_script_t postfix_master_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t postfix_master_t:dir getattr;
allow httpd_sys_script_t postfix_pickup_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t postfix_pickup_t:dir getattr;
allow httpd_sys_script_t postfix_qmgr_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t postfix_qmgr_t:dir getattr;
allow httpd_sys_script_t sshd_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t sshd_t:dir getattr;
allow httpd_sys_script_t syslogd_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t syslogd_t:dir getattr;
allow httpd_sys_script_t system_dbusd_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t system_dbusd_t:dir getattr;
allow httpd_sys_script_t systemd_logind_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t systemd_logind_t:dir getattr;
allow httpd_sys_script_t tuned_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t tuned_t:dir getattr;
allow httpd_sys_script_t udev_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t udev_t:dir getattr;
allow httpd_sys_script_t unconfined_service_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t unconfined_service_t:dir getattr;
allow httpd_sys_script_t unconfined_t:dir search;

#!!!! This avc is allowed in the current policy
allow httpd_sys_script_t unconfined_t:dir getattr;

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t etc_runtime_t:sock_file write;

#!!!! This avc is allowed in the current policy
allow httpd_t mysqld_port_t:tcp_socket name_connect;

#!!!! This avc is allowed in the current policy
allow httpd_t self:rawip_socket create;

#============= mysqld_safe_t ==============

#!!!! This avc is allowed in the current policy
allow mysqld_safe_t var_lib_t:lnk_file read;

#============= mysqld_t ==============

#!!!! This avc is allowed in the current policy
allow mysqld_t etc_runtime_t:dir { add_name remove_name write };

#!!!! This avc is allowed in the current policy
allow mysqld_t etc_runtime_t:file { create rename unlink write };

#!!!! This avc is allowed in the current policy
allow mysqld_t etc_runtime_t:sock_file { create unlink };

#!!!! This avc is allowed in the current policy
allow mysqld_t var_lib_t:lnk_file { getattr read };

РЕШЕНИЕ

Эта команда решила мою проблему.

semanage permissive -a httpd_sys_script_t

ИЛИ

semanage permissive -a httpd_t

Теперь httpd может выполнять любые команды.