What is the intended purpose of sysadm_t? If the root user logs in the console, the context is unconfined_u:unconfined_r:unconfined_t. If some user sudo to root, that might be allowed or not, but if allowed, shouldn't the session have the same rights as a root session? Otherwise, what is expected from sudo is broken.
The same reasoning for su: doing su to root may be allowed or not, depending on the user. But if allowed, shouldn't the session have the same unrestricted permissions as a root session? I believed that the purpose of sysadm_u was to determinate what users can su/sudo to root+unconfined_t.
