diff --git a/selinux/restraint.te b/selinux/restraint.te
index 1d09fc46..7972399f 100644
--- a/selinux/restraint.te
+++ b/selinux/restraint.te
@@ -1,5 +1,6 @@
 policy_module(restraint, 1.0)
 
+optional_policy(`
 gen_require(`
     type unconfined_t;
     type unconfined_service_t;
@@ -8,3 +9,4 @@ gen_require(`
 allow unconfined_service_t unconfined_exec_t:file entrypoint;
 allow unconfined_service_t unconfined_t:process transition;
 type_transition unconfined_service_t unconfined_exec_t:process unconfined_t;
+')