Onde colocar a política do SElinux gerada pelo audit2allow?

Estou usando o mínimo do CentOS7. Eu instalei acpid e o daemon está sendo executado.

Quando eu aperto o botão liga / desliga, obtenho o seguinte em /var/log/messages

May  2 18:52:53 localhost systemd-logind: Power key pressed.
May  2 18:52:53 localhost systemd: SELinux policy denies access.

e em /var/log/audit/audit.log :

type=USER_AVC msg=audit(1430589539.562:468): pid=815 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus.Properties member=Get dest=org.freedesktop.systemd1 spid=4177 tpid=1 scontext=system_u:system_r:apmd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1430589539.571:469): pid=815 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus.Properties member=Get dest=org.freedesktop.systemd1 spid=4182 tpid=1 scontext=system_u:system_r:apmd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1430589539.586:470): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:apmd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

Tubulação que, por meio de audit2why , fornece a seguinte saída:

type=USER_AVC msg=audit(1430589539.562:468): pid=815 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus.Properties member=Get dest=org.freedesktop.systemd1 spid=4177 tpid=1 scontext=system_u:system_r:apmd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

        Was caused by:
                Missing type enforcement (TE) allow rule.

                You can use audit2allow to generate a loadable module to allow this access.

type=USER_AVC msg=audit(1430589539.571:469): pid=815 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus.Properties member=Get dest=org.freedesktop.systemd1 spid=4182 tpid=1 scontext=system_u:system_r:apmd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

        Was caused by:
                Missing type enforcement (TE) allow rule.

                You can use audit2allow to generate a loadable module to allow this access.

type=USER_AVC msg=audit(1430589539.586:470): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" scontext=system_u:system_r:apmd_t:s0 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

        Was caused by:
                Missing type enforcement (TE) allow rule.

                You can use audit2allow to generate a loadable module to allow this access.

E, finalmente, canalizar o log para audit2allow -lar me dá:

require {
        type power_unit_file_t;
        type init_t;
        type apmd_t;
        class dbus send_msg;
        class service start;
}

#============= apmd_t ==============
allow apmd_t init_t:dbus send_msg;
allow apmd_t power_unit_file_t:service start;

Não sei o que fazer a seguir. Como posso obter da saída acima para uma política ativa do SELinux?