diff --git a/ansible_mitogen/connection.py b/ansible_mitogen/connection.py
index 140c901b..b566b541 100644
--- a/ansible_mitogen/connection.py
+++ b/ansible_mitogen/connection.py
@@ -579,7 +579,7 @@ class Connection(ansible.plugins.connection.ConnectionBase):
         self.host_vars = task_vars['hostvars']
         self.delegate_to_hostname = delegate_to_hostname
         self.loader_basedir = loader_basedir
-        self._reset(mode='put')
+        self._mitogen_reset(mode='put')
 
     def get_task_var(self, key, default=None):
         if self._task_vars and key in self._task_vars:
@@ -740,10 +740,10 @@ class Connection(ansible.plugins.connection.ConnectionBase):
 
     def _reset_tmp_path(self):
         """
-        Called by _reset(); ask the remote context to delete any temporary
-        directory created for the action. CallChain is not used here to ensure
-        exception is logged by the context on failure, since the CallChain
-        itself is about to be destructed.
+        Called by _mitogen_reset(); ask the remote context to delete any
+        temporary directory created for the action. CallChain is not used here
+        to ensure exception is logged by the context on failure, since the
+        CallChain itself is about to be destructed.
         """
         if getattr(self._shell, 'tmpdir', None) is not None:
             self.context.call_no_reply(
@@ -770,9 +770,11 @@ class Connection(ansible.plugins.connection.ConnectionBase):
         stack = self._build_stack()
         self._connect_stack(stack)
 
-    def _reset(self, mode):
+    def _mitogen_reset(self, mode):
         """
-        Forget everything we know about the connected context.
+        Forget everything we know about the connected context. This function
+        cannot be called _reset() since that name is used as a public API by
+        Ansible 2.4 wait_for_connection plug-in.
 
         :param str mode:
             Name of ContextService method to use to discard the context, either
@@ -800,7 +802,7 @@ class Connection(ansible.plugins.connection.ConnectionBase):
         gracefully shut down, and wait for shutdown to complete. Safe to call
         multiple times.
         """
-        self._reset(mode='put')
+        self._mitogen_reset(mode='put')
         if self.broker:
             self.broker.shutdown()
             self.broker.join()
@@ -815,7 +817,10 @@ class Connection(ansible.plugins.connection.ConnectionBase):
         bad somehow, and should be shut down and discarded.
         """
         self._connect()
-        self._reset(mode='reset')
+        self._mitogen_reset(mode='reset')
+
+    # Compatibility with Ansible 2.4 wait_for_connection plug-in.
+    _reset = reset
 
     def get_chain(self, use_login=False, use_fork=False):
         """
diff --git a/ansible_mitogen/services.py b/ansible_mitogen/services.py
index dde44c89..0ce87e09 100644
--- a/ansible_mitogen/services.py
+++ b/ansible_mitogen/services.py
@@ -244,6 +244,8 @@ class ContextService(mitogen.service.Service):
         by `kwargs`, destroying the most recently created context if the list
         is full. Finally add `new_context` to the list.
         """
+        self._via_by_context[new_context] = via
+
         lru = self._lru_by_via.setdefault(via, [])
         if len(lru) < self.max_interpreters:
             lru.append(new_context)
@@ -257,7 +259,6 @@ class ContextService(mitogen.service.Service):
                         'but they are all marked as in-use.', via)
             return
 
-        self._via_by_context[new_context] = via
         self._shutdown_unlocked(context, lru=lru, new_context=new_context)
 
     def _update_lru(self, new_context, spec, via):
diff --git a/docs/changelog.rst b/docs/changelog.rst
index 8e1be53f..7c7609de 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -58,6 +58,9 @@ Fixes
   support ``mitogen_lxc_path`` and ``mitogen_lxc_attach`` variables to control
   the location of third pary utilities.
 
+* `#410 <https://github.com/dw/mitogen/issues/410>`_: the sudo method supports
+  the SELinux ``--type`` and ``--role`` options.
+
 
 Core Library
 ~~~~~~~~~~~~
@@ -96,8 +99,9 @@ Thanks!
 Mitogen would not be possible without the support of users. A huge thanks for
 bug reports, features and fixes in this release contributed by
 `Brian Candler <https://github.com/candlerb>`_,
-`Guy Knights <https://github.com/knightsg>`_, and
-`Jonathan Rosser <https://github.com/jrosser>`_.
+`Guy Knights <https://github.com/knightsg>`_,
+`Jonathan Rosser <https://github.com/jrosser>`_, and
+`Mehdi <https://github.com/mehdisat7>`_.
 
 
 v0.2.3 (2018-10-23)
diff --git a/tests/ansible/integration/context_service/reconnection.yml b/tests/ansible/integration/context_service/reconnection.yml
index f56719d8..eed1dfdb 100644
--- a/tests/ansible/integration/context_service/reconnection.yml
+++ b/tests/ansible/integration/context_service/reconnection.yml
@@ -5,15 +5,18 @@
   hosts: test-targets
   any_errors_fatal: true
   tasks:
+    - mitogen_shutdown_all:
+
+    - custom_python_detect_environment:
+      register: ssh_account_env
 
     - become: true
       custom_python_detect_environment:
       register: old_become_env
 
     - become: true
-      # This must be >1 for vanilla Ansible.
       shell: |
-        bash -c "( sleep 3; pkill -f sshd:; ) & disown"
+        bash -c "( sleep 3; kill -9 {{ssh_account_env.pid}}; ) & disown"
 
     - connection: local
       shell: sleep 3
diff --git a/tests/ansible/integration/stub_connections/all.yml b/tests/ansible/integration/stub_connections/all.yml
index c845d872..5a3f37cf 100644
--- a/tests/ansible/integration/stub_connections/all.yml
+++ b/tests/ansible/integration/stub_connections/all.yml
@@ -3,3 +3,4 @@
 - import_playbook: lxd.yml
 - import_playbook: setns_lxc.yml
 - import_playbook: setns_lxd.yml
+- import_playbook: sudo.yml
diff --git a/tests/ansible/integration/stub_connections/sudo.yml b/tests/ansible/integration/stub_connections/sudo.yml
new file mode 100644
index 00000000..b5e6f263
--- /dev/null
+++ b/tests/ansible/integration/stub_connections/sudo.yml
@@ -0,0 +1,20 @@
+
+- name: integration/stub_connections/sudo.yml
+  hosts: test-targets
+  gather_facts: false
+  any_errors_fatal: true
+  tasks:
+  - meta: end_play
+    when: not is_mitogen
+
+  - custom_python_detect_environment:
+    vars:
+      ansible_connection: mitogen_sudo
+      ansible_become_exe: stub-sudo.py
+      ansible_become_flags: --type=sometype --role=somerole
+    register: out
+
+  - assert:
+      that:
+      - out.env.THIS_IS_STUB_SUDO == '1'
+      - (out.env.ORIGINAL_ARGV|from_json)[1:9] == ['-u', 'root', '-H', '-r', 'somerole', '-t', 'sometype', '--']
diff --git a/tests/data/stubs/stub-sudo.py b/tests/data/stubs/stub-sudo.py
new file mode 100755
index 00000000..ff88cd8e
--- /dev/null
+++ b/tests/data/stubs/stub-sudo.py
@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+import json
+import os
+import sys
+
+os.environ['ORIGINAL_ARGV'] = json.dumps(sys.argv)
+os.environ['THIS_IS_STUB_SUDO'] = '1'
+os.execv(sys.executable, sys.argv[sys.argv.index('--') + 1:])