SELinux confined users: sysadmin privileges necessary to do sudo operations? Why? How to mitigate?

A post was split to a new topic: Problems when using SELinux confined user accounts with staff_u on Fedora