Hi,

I created my own basic policy:

Code:
module mypolicy 1.0.0;

require {
    type user_t;
    role user_r;
    class file { getattr execute read open ioctl entrypoint };
    class process { transition sigkill sigstop signull signal getattr };
}

type mytype_t;
type mytype_exec_t;

allow mytype_t mytype_exec_t:file { entrypoint };

allow user_t mytype_t:process { transition sigkill sigstop signull signal getattr };
allow user_t mytype_t:file { getattr execute read open ioctl };

type_transition user_t mytype_exec_t:process mytype_t;

role user_r types mytype_t;

When I install it with semodule -i I get an error:

Code:
libsepol.check_assertion_helper: neverallow violated by allow user_t mytype_t:process { transition sigkill sigstop signull signal getattr };
libsemanage.semanage_expand_sandbox: Expand module failed
semodule:  Failed!
What am I doing wrong ? Which rule is preventing me from installing the above policy ?