Currently, using sudo as a means to delegate privileges is not fully functional with SELinux. For instance:
(1.) directly executing sudo commands ("sudo command") where the command would invoke a role transition as well (like "sudo /etc/init.d/local status") fails, the command runs in sysadm_sudo_t instead of sysadm_t
(2.) asking for a sudo shell ("sudo -i") fails, currently the way to get a shell is to use "sudo bash"
(1.) will be resolved, (2.) is not supported upstream.
In hardened-dev overlay
Pushed to main tree, ~arch
Marked as stable in tree