diff --git a/manifests/sudoers.pp b/manifests/sudoers.pp
index 8dddab8..91715e3 100644
--- a/manifests/sudoers.pp
+++ b/manifests/sudoers.pp
@@ -27,6 +27,9 @@
 # [*runas*]
 #   The user that the command may be run as.
 #
+# [*context*]
+#   The SELinux domain and role the command will be run as by default.
+#
 # [*cmnds*]
 #   The commands which the user is allowed to run.
 #
@@ -45,6 +48,7 @@
 #   comment  => 'World domination.',
 #   users    => ['pinky', 'brain'],
 #   runas    => ['root'],
+#   context  => 'TYPE=unconfined_t ROLE=unconfined_r',
 #   cmnds    => ['/bin/bash'],
 #   tags     => ['NOPASSWD'],
 #   defaults => [ 'env_keep += "SSH_AUTH_SOCK"' ]
@@ -66,6 +70,7 @@
   $comment  = undef,
   $ensure   = 'present',
   $runas    = ['root'],
+  $context  = undef,
   $tags     = [],
   $defaults = [],
 ) {
diff --git a/templates/sudoers.erb b/templates/sudoers.erb
index 1e225cc..e01a585 100644
--- a/templates/sudoers.erb
+++ b/templates/sudoers.erb
@@ -21,7 +21,7 @@ Defaults!<%= @sane_name.upcase %>_CMNDS <%= @defaults.class == Array ? @defaults
 <% end -%>
 
 <% if @users then -%>
-<%= @sane_name.upcase %>_USERS <%= @sane_name.upcase %>_HOSTS = (<%= @sane_name.upcase %>_RUNAS) <%= tags %> <%= @sane_name.upcase %>_CMNDS
+<%= @sane_name.upcase %>_USERS <%= @sane_name.upcase %>_HOSTS = (<%= @sane_name.upcase %>_RUNAS) <%= @context.class == String ? @context %> <%= tags %> <%= @sane_name.upcase %>_CMNDS
 <% else -%>
-%<%= @group %> <%= @sane_name.upcase %>_HOSTS = (<%= @sane_name.upcase %>_RUNAS) <%= tags %> <%= @sane_name.upcase %>_CMNDS
+%<%= @group %> <%= @sane_name.upcase %>_HOSTS = (<%= @sane_name.upcase %>_RUNAS) <%= @context.class == String ? @context %> <%= tags %> <%= @sane_name.upcase %>_CMNDS
 <% end -%>