Easy. Allow users to install packages without root-password. That means that you can install trojans with root-privileges. Meanwhile add very well tested (NOT!) selinux-rules that make life terribly hard. And update the management commands so that they are not backward compatible with previous syntax.
For example let's say that you try to install Komodo-edit to do some php-work? It will not work. Let's say that you have donwloaded ZendFramework and installed it to your own-directory. It will not work and even after the instructions given by the selinux to fix the problem you will finally run into a situation where selinux is preventing you to use the fix command given by selinux.
What is the result? You have a system that will have selinux disabled and root access for package installation without password. FAILURE!