diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 017050f..bc2ea65 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,64 +1,223 @@
-Binary files nsalibselinux/utils/matchpathcon and libselinux-1.33.2/utils/matchpathcon differ
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-1.33.2/utils/matchpathcon.c
---- nsalibselinux/utils/matchpathcon.c	2006-11-16 17:15:17.000000000 -0500
-+++ libselinux-1.33.2/utils/matchpathcon.c	2006-12-06 14:11:29.000000000 -0500
-@@ -4,20 +4,23 @@
- #include <getopt.h>
- #include <errno.h>
- #include <string.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <sys/errno.h>
- #include <selinux/selinux.h>
+diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.33.3/include/selinux/selinux.h
+--- nsalibselinux/include/selinux/selinux.h	2006-11-16 17:15:18.000000000 -0500
++++ libselinux-1.33.3/include/selinux/selinux.h	2007-01-05 11:57:44.000000000 -0500
+@@ -406,6 +406,7 @@
+ 	extern const char *selinux_homedir_context_path(void);
+ 	extern const char *selinux_media_context_path(void);
+ 	extern const char *selinux_contexts_path(void);
++	extern const char *selinux_securetty_context_path(void);
+ 	extern const char *selinux_booleans_path(void);
+ 	extern const char *selinux_customizable_types_path(void);
+ 	extern const char *selinux_users_path(void);
+@@ -413,12 +414,14 @@
+ 	extern const char *selinux_translations_path(void);
+ 	extern const char *selinux_netfilter_context_path(void);
+ 	extern const char *selinux_path(void);
+-
+ /* Check a permission in the passwd class.
+    Return 0 if granted or -1 otherwise. */
+ 	extern int selinux_check_passwd_access(access_vector_t requested);
+ 	extern int checkPasswdAccess(access_vector_t requested);
  
- void usage(const char *progname)
- {
- 	fprintf(stderr,
--		"usage:  %s [-n] [-f file_contexts] [-p prefix] path...\n",
-+		"usage:  %s [-N] [-n] [-f file_contexts] [-p prefix] [-V] path...\n",
- 		progname);
- 	exit(1);
- }
++/* Check if the tty_context is defined as a securetty
++   Return 1 if secure, 0 if not, or -1 if otherwise. */
++	extern int selinux_check_securetty_context(security_context_t tty_context);
+ /* Set the path to the selinuxfs mount point explicitly.
+    Normally, this is determined automatically during libselinux 
+    initialization, but this is not always possible, e.g. for /sbin/init
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.3/man/man3/selinux_binary_policy_path.3
+--- nsalibselinux/man/man3/selinux_binary_policy_path.3	2006-11-16 17:15:30.000000000 -0500
++++ libselinux-1.33.3/man/man3/selinux_binary_policy_path.3	2007-01-05 11:57:44.000000000 -0500
+@@ -27,6 +27,8 @@
+ .br
+ extern const char *selinux_media_context_path(void);
+ .br
++extern const char *selinux_securetty_context_path(void);
++.br
+ extern const char *selinux_contexts_path(void);
+ .br
+ extern const char *selinux_booleans_path(void);
+@@ -56,6 +58,8 @@
+ .sp
+ selinux_contexts_path() - directory containing all of the context configuration files
+ .sp
++selinux_securetty_context_path() - defines terminal contexts for securetty
++.sp
+ selinux_booleans_path() - initial policy boolean settings
+ 
+ .SH AUTHOR	
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.3/man/man3/selinux_check_securetty_context.3
+--- nsalibselinux/man/man3/selinux_check_securetty_context.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-1.33.3/man/man3/selinux_check_securetty_context.3	2007-01-05 11:57:44.000000000 -0500
+@@ -0,0 +1,13 @@
++.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SE Linux API documentation"
++.SH "NAME"
++selinux_check_securetty_context \- check whether a tty security context is defined as a securetty context
++.SH "SYNOPSIS"
++.B #include <selinux/selinux.h>
++.sp
++.BI "int selinux_check_securetty_context(security_context_t "tty_context );
++
++.SH "DESCRIPTION"
++.B selinux_check_securetty_context
++returns 1 if tty_context is a securetty context
++returns 0 if tty_context is a not a securetty context
++returns -1 on error.
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_securetty_context_path.3 libselinux-1.33.3/man/man3/selinux_securetty_context_path.3
+--- nsalibselinux/man/man3/selinux_securetty_context_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-1.33.3/man/man3/selinux_securetty_context_path.3	2007-01-05 11:57:44.000000000 -0500
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/file_path_suffixes.h libselinux-1.33.3/src/file_path_suffixes.h
+--- nsalibselinux/src/file_path_suffixes.h	2006-11-16 17:15:25.000000000 -0500
++++ libselinux-1.33.3/src/file_path_suffixes.h	2007-01-05 11:57:44.000000000 -0500
+@@ -7,6 +7,7 @@
+     S_(USER_CONTEXTS, "/contexts/users/")
+     S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
+     S_(DEFAULT_TYPE, "/contexts/default_type")
++    S_(SECURETTY_CONTEXTS, "/contexts/securetty_contexts")
+     S_(BOOLEANS, "/booleans")
+     S_(MEDIA_CONTEXTS, "/contexts/files/media")
+     S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_check_securetty_context.c libselinux-1.33.3/src/selinux_check_securetty_context.c
+--- nsalibselinux/src/selinux_check_securetty_context.c	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-1.33.3/src/selinux_check_securetty_context.c	2007-01-05 11:57:44.000000000 -0500
+@@ -0,0 +1,49 @@
++#include <unistd.h>
++#include <stdlib.h>
++#include <string.h>
++#include <stdio.h>
++#include <ctype.h>
++#include "selinux_internal.h"
++#include "context_internal.h"
++
++int selinux_check_securetty_context(security_context_t tty_context)
++{
++	char buf[250];
++	char *ptr = "", *end;
++	size_t len;
++	int found = -1;
++	FILE *fp;
++	fp = fopen(selinux_securetty_context_path(), "r");
++	if (fp) {
++		context_t con =context_new(tty_context);
++		if (con) {
++			char *type=context_type_get(con);
++			found = 0;
++			len = strlen(type);
++			while (!feof_unlocked(fp)) {
++				if (!fgets_unlocked(buf, sizeof buf, fp))
++					break;
++
++				if (buf[strlen(buf) - 1])
++					buf[strlen(buf) - 1] = 0;
++
++				ptr = buf;
++				while (*ptr && isspace(*ptr))
++					ptr++;
++				if (!(*ptr))
++					continue;
++
++				if (!strncmp(type, ptr, len)) {
++					found = 1;
++					break;
++				}
++			}
++			context_free(con);
++		}
++		fclose(fp);
++	}
++
++	return found;
++}
++
++hidden_def(selinux_check_securetty_context)
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.33.3/src/selinux_config.c
+--- nsalibselinux/src/selinux_config.c	2006-11-16 17:15:25.000000000 -0500
++++ libselinux-1.33.3/src/selinux_config.c	2007-01-05 11:57:44.000000000 -0500
+@@ -38,7 +38,8 @@
+ #define NETFILTER_CONTEXTS    15
+ #define FILE_CONTEXTS_HOMEDIR 16
+ #define FILE_CONTEXTS_LOCAL 17
+-#define NEL               18
++#define SECURETTY_CONTEXTS  18
++#define NEL               19
+ 
+ /* New layout is relative to SELINUXDIR/policytype. */
+ static char *file_paths[NEL];
+@@ -299,6 +300,12 @@
  
--int printmatchpathcon(char *path, int header)
-+int printmatchpathcon(char *path, int header, int mode)
+ hidden_def(selinux_default_context_path)
+ 
++const char *selinux_securetty_context_path()
++{
++	return get_path(SECURETTY_CONTEXTS);
++}
++hidden_def(selinux_securetty_context_path)
++
+ const char *selinux_failsafe_context_path()
  {
- 	char *buf;
--	int rc = matchpathcon(path, 0, &buf);
-+	int rc = matchpathcon(path, mode, &buf);
- 	if (rc < 0) {
- 		fprintf(stderr, "matchpathcon(%s) failed: %s\n", path,
- 			strerror(errno));
-@@ -92,6 +95,11 @@
- 		}
- 	}
- 	for (i = optind; i < argc; i++) {
-+		int mode=0;
-+		struct stat buf;
-+		if (lstat(argv[i], &buf) == 0)
-+			mode = buf.st_mode;
+ 	return get_path(FAILSAFE_CONTEXT);
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.33.3/src/selinux_internal.h
+--- nsalibselinux/src/selinux_internal.h	2006-11-16 17:15:25.000000000 -0500
++++ libselinux-1.33.3/src/selinux_internal.h	2007-01-05 11:57:44.000000000 -0500
+@@ -53,6 +53,7 @@
+     hidden_proto(security_setenforce)
+     hidden_proto(selinux_binary_policy_path)
+     hidden_proto(selinux_default_context_path)
++    hidden_proto(selinux_securetty_context_path)
+     hidden_proto(selinux_failsafe_context_path)
+     hidden_proto(selinux_removable_context_path)
+     hidden_proto(selinux_file_context_path)
+@@ -66,6 +67,7 @@
+     hidden_proto(selinux_media_context_path)
+     hidden_proto(selinux_path)
+     hidden_proto(selinux_check_passwd_access)
++    hidden_proto(selinux_check_securetty_context)
+     hidden_proto(matchpathcon_init_prefix)
+     hidden_proto(selinux_users_path)
+     hidden_proto(selinux_usersconf_path);
+diff --exclude-from=exclude -N -u -r nsalibselinux/utils/selinux_check_securetty_context.c libselinux-1.33.3/utils/selinux_check_securetty_context.c
+--- nsalibselinux/utils/selinux_check_securetty_context.c	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-1.33.3/utils/selinux_check_securetty_context.c	2007-01-05 11:57:44.000000000 -0500
+@@ -0,0 +1,40 @@
++#include <unistd.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <getopt.h>
++#include <errno.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/errno.h>
++#include <selinux/selinux.h>
++
++void usage(const char *progname)
++{
++	fprintf(stderr,
++		"usage:  %s tty_context...\n",
++		progname);
++	exit(1);
++}
++
++int main(int argc, char **argv)
++{
++	int i;
++	if (argc < 2)
++		usage(argv[0]);
 +
- 		if (verify) {
- 			if (selinux_file_context_verify(argv[i], 0)) {
- 				printf("%s verified.\n", argv[i]);
-@@ -106,17 +114,17 @@
- 				if (rc >= 0) {
- 					printf("%s has context %s, should be ",
- 					       argv[i], con);
--					error += printmatchpathcon(argv[i], 0);
-+					error += printmatchpathcon(argv[i], 0, mode);
- 					freecon(con);
- 				} else {
- 					printf
- 					    ("actual context unknown: %s, should be ",
- 					     strerror(errno));
--					error += printmatchpathcon(argv[i], 0);
-+					error += printmatchpathcon(argv[i], 0,mode);
- 				}
- 			}
- 		} else {
--			error += printmatchpathcon(argv[i], header);
-+			error += printmatchpathcon(argv[i], header, mode);
- 		}
- 	}
- 	matchpathcon_fini();
++	for (i = 1; i < argc; i++) {
++		switch (selinux_check_securetty_context(argv[i])) {
++		case 1:
++			printf("%s securetty.\n", argv[i]);
++			break;
++		case 0:
++			printf("%s not securetty.\n", argv[i]);
++			break;
++		case -1:
++			perror("Failed on check if securetty");
++			return -1;
++		}
++	}
++	return 0;
++}
diff --git a/libselinux.spec b/libselinux.spec
index 061a319..26fd603 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -2,10 +2,11 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 1.33.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: libselinux-rhat.patch
 
 BuildRequires: libsepol-devel >= %{libsepolver} swig
 Requires: libsepol >= %{libsepolver} setransd
@@ -48,6 +49,7 @@ needed for developing SELinux applications.
 
 %prep
 %setup -q
+%patch -p1 -b .rhat
 
 %build
 make clean
@@ -78,6 +80,7 @@ rm -f %{buildroot}%{_sbindir}/setfilecon
 rm -f %{buildroot}%{_sbindir}/selinuxconfig
 rm -f %{buildroot}%{_sbindir}/selinuxdisable
 rm -f %{buildroot}%{_sbindir}/getseuser
+rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
 
 %clean
 rm -rf %{buildroot}
@@ -117,6 +120,10 @@ exit 0
 %{_libdir}/python*/site-packages/selinux.py*
 
 %changelog
+* Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-2
+- Add securetty handling
+Resolves: #200110
+
 * Thu Jan 4 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-1
 - Upgrade to upstream
 	* Merged patch for matchpathcon utility to use file mode information