--- openssh-3.7.1p2.org/session.c	2003-12-26 20:14:53.000000000 +0100
+++ openssh-3.7.1p2/session.c	2003-12-26 20:15:50.000000000 +0100
@@ -62,6 +62,11 @@
 #include "ssh-gss.h"
 #endif
 
+#ifdef WITH_SELINUX
+#include <selinux/get_context_list.h>
+#include <selinux/selinux.h>
+#endif
+
 /* func */
 
 Session *session_new(void);
@@ -1295,6 +1300,18 @@
 #endif
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
+#ifdef WITH_SELINUX
+	if (is_selinux_enabled()>0)
+	  {
+	    security_context_t scontext;
+	    if (get_default_context(pw->pw_name,NULL,&scontext))
+	      fatal("Failed to get default security context for %s.", pw->pw_name);
+	    if (setexeccon(scontext)) {
+	      fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
+	    }
+	    freecon(scontext);
+	  }
+#endif
 }
 
 static void
--- openssh-3.8p1/sshpty.c.orig	2004-01-21 07:07:17.000000000 +0100
+++ openssh-3.8p1/sshpty.c	2004-02-25 21:19:57.000000000 +0100
@@ -22,6 +22,12 @@
 #include "log.h"
 #include "misc.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/flask.h>
+#include <selinux/get_context_list.h>
+#include <selinux/selinux.h>
+#endif
+
 #ifdef HAVE_PTY_H
 # include <pty.h>
 #endif
@@ -196,6 +202,37 @@
 	 * Warn but continue if filesystem is read-only and the uids match/
 	 * tty is owned by root.
 	 */
+#ifdef WITH_SELINUX
+	if (is_selinux_enabled()>0) {
+	  security_context_t 	  new_tty_context=NULL,
+	    user_context=NULL, old_tty_context=NULL; 
+
+	  if (get_default_context(pw->pw_name,NULL,&user_context))
+	      fatal("Failed to get default security context for %s.", pw->pw_name);
+
+	  if (getfilecon(ttyname, &old_tty_context)<0) {
+	    error("getfilecon(%.100s) failed: %.100s", ttyname,
+		  strerror(errno));
+	  }
+	  else 
+	    {
+	      if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
+		error("security_compute_relabel(%.100s) failed: %.100s", ttyname,
+		      strerror(errno));
+	      } 
+	      else 
+		{
+		  if (setfilecon (ttyname, new_tty_context) != 0) {
+		    error("setfilecon(%.100s, %s) failed: %.100s",
+			  ttyname, new_tty_context, strerror(errno));
+		  }
+		  freecon(new_tty_context);
+		}
+	      freecon(old_tty_context);
+	    }
+	  freecon(user_context);
+	}
+#endif
 	if (stat(ttyname, &st))
 		fatal("stat(%.100s) failed: %.100s", ttyname,
 		    strerror(errno));
@@ -225,4 +262,5 @@
 				    ttyname, (u_int)mode, strerror(errno));
 		}
 	}
+
 }
--- openssh-3.7.1p2.org/Makefile.in	2003-12-26 20:14:52.000000000 +0100
+++ openssh-3.7.1p2/Makefile.in	2003-12-26 20:15:15.000000000 +0100
@@ -40,7 +40,7 @@
 
 CC=@CC@
 LD=@LD@
-CFLAGS=@CFLAGS@
+CFLAGS=@CFLAGS@ -DWITH_SELINUX
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
 LIBPAM=@LIBPAM@
@@ -134,7 +134,7 @@
 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) -lselinux
 
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
 	$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)