diff -up openssh-5.6p1/configure.ac.selabel openssh-5.6p1/configure.ac

--- openssh-5.6p1/configure.ac.selabel	2010-09-13 11:20:47.000000000 +0200

+++ openssh-5.6p1/configure.ac	2010-09-13 11:20:50.000000000 +0200

@@ -700,7 +700,6 @@ mips-sony-bsd|mips-sony-newsos4)

 			[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,

 				[Define if you have Solaris process contracts])

 			  SSHDLIBS="$SSHDLIBS -lcontract"

-			  AC_SUBST(SSHDLIBS)

 			  SPC_MSG="yes" ], )

 		],

 	)

@@ -3500,6 +3499,7 @@ AC_ARG_WITH(selinux,

 			],

 			AC_MSG_ERROR(SELinux support requires libselinux library))

 		SSHDLIBS="$SSHDLIBS $LIBSELINUX"

+		SSHLIBS="$SSHLIBS $LIBSELINUX"

 		LIBS="$LIBS $LIBSELINUX"

 		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)

 		AC_CHECK_FUNCS(setkeycreatecon)

@@ -4269,6 +4269,8 @@ else

 fi

 AC_CHECK_DECL(BROKEN_GETADDRINFO,  TEST_SSH_IPV6=no)

 AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)

+AC_SUBST(SSHLIBS)

+AC_SUBST(SSHDLIBS)

 AC_EXEEXT

 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \

@@ -4345,6 +4347,9 @@ echo "         Libraries: ${LIBS}"

 if test ! -z "${SSHDLIBS}"; then

 echo "         +for sshd: ${SSHDLIBS}"

 fi

+if test ! -z "${SSHLIBS}"; then

+echo "         +for ssh: ${SSHLIBS}"

+fi

 echo ""

diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id

--- openssh-5.6p1/contrib/ssh-copy-id.selabel	2010-08-10 05:36:09.000000000 +0200

+++ openssh-5.6p1/contrib/ssh-copy-id	2010-09-13 11:20:50.000000000 +0200

@@ -41,7 +41,7 @@ fi

 # strip any trailing colon

 host=`echo $1 | sed 's/:$//'`

-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1

+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1

 cat <

 Now try logging into the machine, with "ssh '$host'", and check in:

diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in

--- openssh-5.6p1/Makefile.in.selabel	2010-09-13 11:20:49.000000000 +0200

+++ openssh-5.6p1/Makefile.in	2010-09-13 11:20:50.000000000 +0200

@@ -47,6 +47,7 @@ LD=@LD@

 CFLAGS=@CFLAGS@

 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@

 LIBS=@LIBS@

+SSHLIBS=@SSHLIBS@

 SSHDLIBS=@SSHDLIBS@

 LIBEDIT=@LIBEDIT@

 AR=@AR@

@@ -141,7 +142,7 @@ libssh.a: $(LIBSSH_OBJS)

 	$(RANLIB) $@

 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)

-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)

+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS)

 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)

 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)

diff -up openssh-5.6p1/openbsd-compat/port-linux.h.selabel openssh-5.6p1/openbsd-compat/port-linux.h

--- openssh-5.6p1/openbsd-compat/port-linux.h.selabel	2009-12-08 03:39:48.000000000 +0100

+++ openssh-5.6p1/openbsd-compat/port-linux.h	2010-09-13 11:20:50.000000000 +0200

@@ -20,6 +20,7 @@

 #define _PORT_LINUX_H

 #ifdef WITH_SELINUX

+#include <selinux/selinux.h>

 int ssh_selinux_enabled(void);

 void ssh_selinux_setup_pty(char *, const char *);

 void ssh_selinux_setup_exec_context(char *);

diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c

--- openssh-5.6p1/ssh.c.selabel	2010-09-13 11:20:50.000000000 +0200

+++ openssh-5.6p1/ssh.c	2010-09-13 11:23:02.000000000 +0200

@@ -848,10 +848,21 @@ main(int ac, char **av)

 	 */

 	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,

 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);

-	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)

+	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {

+#ifdef WITH_SELINUX

+		char *scon;

+

+		if (matchpathcon(buf, 0700, &scon) != -1) {

+			setfscreatecon(scon);

+			matchpathcon_fini();

+		}

+#endif

 		if (mkdir(buf, 0700) < 0)

 			error("Could not create directory '%.200s'.", buf);

-

+#ifdef WITH_SELINUX

+		setfscreatecon(NULL);

+#endif

+	}

 	/* load options.identity_files */

 	load_public_identity_files();