From c3bb4552cf6452a4cdd3dde0535f075114670ad9 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 17 Feb 2012 11:35:49 +0100
Subject: [PATCH] adjust openssh-5.9p1-privsep-selinux.patch also for internal
 sftp subsystem

---
 openssh-5.9p1-privsep-selinux.patch | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/openssh-5.9p1-privsep-selinux.patch b/openssh-5.9p1-privsep-selinux.patch
index 96143ed..7819a46 100644
--- a/openssh-5.9p1-privsep-selinux.patch
+++ b/openssh-5.9p1-privsep-selinux.patch
@@ -16,7 +16,7 @@ index 436ea48..49c9321 100644
  	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
  		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
  }
-@@ -1693,7 +1700,9 @@ do_child(Session *s, const char *command)
+@@ -1670,7 +1677,9 @@ do_child(Session *s, const char *command
  		/* When PAM is enabled we rely on it to do the nologin check */
  		if (!options.use_pam)
  			do_nologin(pw);
@@ -27,3 +27,14 @@ index 436ea48..49c9321 100644
  		/*
  		 * PAM session modules in do_setusercontext may have
  		 * generated messages, so if this in an interactive
+@@ -1791,8 +1800,8 @@ do_child(Session *s, const char *command
+ 		optind = optreset = 1;
+ 		__progname = argv[0];
+ #ifdef WITH_SELINUX
+-		if (options.chroot_directory == NULL ||
+-		    strcasecmp(options.chroot_directory, "none") == 0) {
++		if (!use_privsep &&
++		    (options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0)) {
+ 			ssh_selinux_copy_context();
+ 		}
+ #endif