From b6d4dc0a6f500a31ee6f0a0fe21e2754d4865d41 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 4 Nov 2015 10:17:32 +0100
Subject: [PATCH] Do not set user context too many times for root logins
 (#1269072)

---
 openssh-6.6p1-privsep-selinux.patch | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/openssh-6.6p1-privsep-selinux.patch b/openssh-6.6p1-privsep-selinux.patch
index 9bf762b..87f53df 100644
--- a/openssh-6.6p1-privsep-selinux.patch
+++ b/openssh-6.6p1-privsep-selinux.patch
@@ -132,3 +132,16 @@ index 07f9926..a97f8b7 100644
  #else
  	if (authctxt->pw->pw_uid == 0 || options.use_login) {
  #endif
+diff --git a/session.c b/session.c
+index 684f867..09048bc 100644
+--- a/session.c
++++ b/session.c
+@@ -1538,7 +1538,7 @@ do_setusercontext(struct passwd *pw)
+ 
+ 	platform_setusercontext(pw);
+ 
+-	if (platform_privileged_uidswap()) {
++	if (platform_privileged_uidswap() && !is_child) {
+ #ifdef HAVE_LOGIN_CAP
+ 		if (setusercontext(lc, pw, pw->pw_uid,
+ 		    (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {