I am running Scientific Linux 6.0, fully updated using the targeted policy.

Is there a method to execute the SELinux admin GUI tool system-config-selinux while in enforcing mode of the targeted policy?

My assumption is that root linux user combined with sysadm_r role would work. However, after creating a shell with sudo -i -r sysadm_r (from the staff_r role), the tool fails to start. I then tried to create a user that would login via the GUI login and receive the sysadm_r role by default. In this case I was unsuccessful in even getting the sysadm_r role to have the sysadm_t upon login. It receives a context of sysadm_u:sysadm_r:oddjob_mkhomedir_t. This despite having the following /etc/selinux/targeted/contexts/users/sysadm_u file:

system_r:local_login_t:s0    sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0    sysadm_r:sysadm_t:s0
system_r:sshd_t:s0        sysadm_r:sysadm_t:s0
system_r:crond_t:s0        sysadm_r:sysadm_t:s0
system_r:xdm_t:s0        sysadm_r:sysadm_t:s0
sysadm_r:sysadm_su_t:s0        sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0    sysadm_r:sysadm_t:s0
system_r:initrc_su_t:s0        sysadm_r:sysadm_t:s0
sysadm_r:sysadm_t:s0        sysadm_r:sysadm_t:s0
sysadm_r:sysadm_su_t:s0        sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0    sysadm_r:sysadm_t:s0

Thanks,

Andy