Currently, using sudo as a means to delegate privileges is not fully functional with SELinux. For instance: (1.) directly executing sudo commands ("sudo command") where the command would invoke a role transition as well (like "sudo /etc/init.d/local status") fails, the command runs in sysadm_sudo_t instead of sysadm_t (2.) asking for a sudo shell ("sudo -i") fails, currently the way to get a shell is to use "sudo bash" Reproducible: Always
(1.) will be resolved, (2.) is not supported upstream.
In hardened-dev overlay
Pushed to main tree, ~arch
Marked as stable in tree