diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c

--- openssh-5.2p1/session.c.sesftp	2009-08-09 10:21:11.586827446 +0200

+++ openssh-5.2p1/session.c	2009-08-09 10:39:30.475622699 +0200

@@ -58,6 +58,9 @@

 #include <stdlib.h>

 #include <string.h>

 #include <unistd.h>

+#ifdef WITH_SELINUX

+#include <selinux/selinux.h>

+#endif

 #include "openbsd-compat/sys-queue.h"

 #include "xmalloc.h"

@@ -101,6 +104,9 @@

 	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \

 	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))

+#ifdef WITH_SELINUX

+#define SFTPD_T		"sftpd_t"

+#endif

 /* func */

 Session *session_new(void);

@@ -1789,6 +1795,10 @@ do_child(Session *s, const char *command

 		extern int optind, optreset;

 		int i;

 		char *p, *args;

+#ifdef WITH_SELINUX

+		int L1, L2;

+		char *c1, *c2, *cx;

+#endif

 		setproctitle("%s@internal-sftp-server", s->pw->pw_name);

 		args = xstrdup(command ? command : "sftp-server");

@@ -1798,6 +1808,32 @@ do_child(Session *s, const char *command

 		argv[i] = NULL;

 		optind = optreset = 1;

 		__progname = argv[0];

+#ifdef WITH_SELINUX

+		if (getcon ((security_context_t *) &c1) < 0) {

+			logit("do_child: getcon failed with %s", strerror (errno));

+		} else {

+			L1 = strlen (c1) + sizeof (SFTPD_T);

+			c2 = xmalloc (L1);

+			if (!(cx = index (c1, ':')))

+				goto badcontext;

+			if (!(cx = index (cx + 1, ':'))) {

+badcontext:

+				logit ("do_child: unparseable context %s", c1);

+			} else {

+				L2 = cx - c1 + 1;

+				memcpy (c2, c1, L2);

+				strlcpy (c2 + L2, SFTPD_T, L1);

+				if ((cx = index (cx + 1, ':')))

+					strlcat (c2, cx, L1);

+				if (setcon (c2) < 0) 

+					logit("do_child: setcon failed with %s", strerror (errno));

+			

+			}

+			xfree (c1);

+			xfree (c2);

+		}		

+#endif

+			

 		exit(sftp_server_main(i, argv, s->pw));

 	}