policy_module(unconfined_additional, 0.0.2)

require {
  type unconfined_t;
  type portage_sandbox_t;
  type sysadm_t;
}

allow unconfined_t portage_sandbox_t:process transition;
allow unconfined_t self:process execmem;

allow unconfined_t sysadm_t:process transition;