This libsepol patch is needed if you see these unit test failures:

======================================================================
FAIL: test_306_level_lookup_cat_not_assoc (tests.policyrep.mls.LevelFactoryTest)
Level lookup with category not associated with sensitivity.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/pebenito/projects/setools/tests/policyrep/mls.py", line 121, in test_306_level_lookup_cat_not_assoc
    self.assertRaises(InvalidLevel, level_factory, self.p.policy, "s0:c0,c4")
AssertionError: InvalidLevel not raised by level_factory

======================================================================
FAIL: test_406_range_lookup_invalid_range_low (tests.policyrep.mls.RangeFactoryTest)
Range lookup with an invalid range (low).
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/pebenito/projects/setools/tests/policyrep/mls.py", line 168, in test_406_range_lookup_invalid_range_low
    self.assertRaises(InvalidRange, range_factory, self.p.policy, "s0:c13-s2:c13")
AssertionError: InvalidRange not raised by range_factory

======================================================================
FAIL: test_407_range_lookup_invalid_range_high (tests.policyrep.mls.RangeFactoryTest)
Range lookup with an invalid range (high).
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/pebenito/projects/setools/tests/policyrep/mls.py", line 173, in test_407_range_lookup_invalid_range_high
    self.assertRaises(InvalidRange, range_factory, self.p.policy, "s0-s0:c13")
AssertionError: InvalidRange not raised by range_factory

----------------------------------------------------------------------

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 467f7a7..3193ef5 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -914,10 +914,11 @@ int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
 		}
 		for (i = cat->low - 1; i < cat->high; i++) {
 			if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
-				ERR(h, "Category %s can not be associate with "
+				ERR(h, "Category %s can not be associated with "
 				    "level %s",
 				    p->p_cat_val_to_name[i],
 				    p->p_sens_val_to_name[l->sens - 1]);
+				return -1;
 			}
 			if (ebitmap_set_bit(&l->cat, i, 1)) {
 				ERR(h, "Out of memory!");
-- 
2.3.0