diff --git a/openssh-6.6.1p1-selinux-contexts.patch b/openssh-6.6.1p1-selinux-contexts.patch
index 425ffda..052843f 100644
--- a/openssh-6.6.1p1-selinux-contexts.patch
+++ b/openssh-6.6.1p1-selinux-contexts.patch
@@ -116,3 +116,38 @@ index 2871fe9..39b9c08 100644
  #endif
  
  	/* Change our root directory */
+diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
+index 12c014e..c5ef2ff 100644
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -35,7 +35,6 @@
+ 
+ #ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
+-#include <selinux/flask.h>
+ #include <selinux/get_context_list.h>
+ 
+ #ifndef SSH_SELINUX_UNCONFINED_TYPE
+@@ -110,6 +109,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
+ 	security_context_t new_tty_ctx = NULL;
+ 	security_context_t user_ctx = NULL;
+ 	security_context_t old_tty_ctx = NULL;
++	security_class_t class;
+ 
+ 	if (!ssh_selinux_enabled())
+ 		return;
+@@ -129,8 +129,13 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
+ 		goto out;
+ 	}
+ 
++	class = string_to_security_class("chr_file");
++	if (!class) {
++		error("string_to_security_class failed to translate security class context");
++		goto out;
++	}
+ 	if (security_compute_relabel(user_ctx, old_tty_ctx,
+-	    SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
++	    class, &new_tty_ctx) != 0) {
+ 		error("%s: security_compute_relabel: %s",
+ 		    __func__, strerror(errno));
+ 		goto out;
diff --git a/openssh-6.6p1-role-mls.patch b/openssh-6.6p1-role-mls.patch
index da164d3..0c9d422 100644
--- a/openssh-6.6p1-role-mls.patch
+++ b/openssh-6.6p1-role-mls.patch
@@ -378,7 +378,7 @@ diff -up openssh-6.8p1/openbsd-compat/Makefile.in.role-mls openssh-6.8p1/openbsd
 diff -up openssh-6.8p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-6.8p1/openbsd-compat/port-linux-sshd.c
 --- openssh-6.8p1/openbsd-compat/port-linux-sshd.c.role-mls	2015-03-18 11:04:21.048817114 +0100
 +++ openssh-6.8p1/openbsd-compat/port-linux-sshd.c	2015-03-18 11:04:21.048817114 +0100
-@@ -0,0 +1,415 @@
+@@ -0,0 +1,424 @@
 +/*
 + * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
 + * Copyright (c) 2014 Petr Lautrbach <plautrba@redhat.com>
@@ -419,11 +419,9 @@ diff -up openssh-6.8p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-6.8p1/o
 +
 +#ifdef WITH_SELINUX
 +#include <selinux/selinux.h>
-+#include <selinux/flask.h>
 +#include <selinux/context.h>
 +#include <selinux/get_context_list.h>
 +#include <selinux/get_default_type.h>
-+#include <selinux/av_permissions.h>
 +
 +#ifdef HAVE_LINUX_AUDIT
 +#include <libaudit.h>
@@ -488,10 +486,21 @@ diff -up openssh-6.8p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-6.8p1/o
 +{
 +	struct av_decision avd;
 +	int retval;
-+	unsigned int bit = CONTEXT__CONTAINS;
++	access_vector_t bit;
++	security_class_t class;
 +
 +	debug("%s: src:%s dst:%s", __func__, src, dst);
-+	retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd);
++	class = string_to_security_class("context");
++	if (!class) {
++		error("string_to_security_class failed to translate security class context");
++		return 1;
++	}
++	bit = string_to_av_perm(class, "contains");
++	if (!bit) {
++		error("string_to_av_perm failed to translate av perm contains");
++		return 1;
++	}
++	retval = security_compute_av(src, dst, class, bit, &avd);
 +	if (retval || ((bit & avd.allowed) != bit))
 +		return 0;
 +