From b8a0f7a5ea8a9ae766a2765102c0dac772ede0b5 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 30 Mar 2015 10:54:24 +0200
Subject: [PATCH] Fix handling SELinux context in MLS systems

---
 openssh-6.6p1-role-mls.patch | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/openssh-6.6p1-role-mls.patch b/openssh-6.6p1-role-mls.patch
index e058f1e..da164d3 100644
--- a/openssh-6.6p1-role-mls.patch
+++ b/openssh-6.6p1-role-mls.patch
@@ -875,3 +875,20 @@ diff -up openssh-6.8p1/sshd.c.role-mls openssh-6.8p1/sshd.c
  #ifdef USE_PAM
  	if (options.use_pam) {
  		do_pam_setcred(1);
+diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
+index 22ea8ef..2660085 100644
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -116,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
+ 
+ 	debug3("%s: setting TTY context on %s", __func__, tty);
+ 
+-	user_ctx = ssh_selinux_getctxbyname(pwname);
++	if (getexeccon(&user_ctx) != 0) {
++		error("%s: getexeccon: %s", __func__, strerror(errno));
++		goto out;
++	}
++
+ 
+ 	/* XXX: should these calls fatal() upon failure in enforcing mode? */
+