diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
--- openssh-5.2p1/session.c.sesftp	2009-08-09 10:21:11.586827446 +0200
+++ openssh-5.2p1/session.c	2009-08-09 10:39:30.475622699 +0200
@@ -58,6 +58,9 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
 
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
@@ -101,6 +104,9 @@
 	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
 	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
 
+#ifdef WITH_SELINUX
+#define SFTPD_T		"sftpd_t"
+#endif
 /* func */
 
 Session *session_new(void);
@@ -1789,6 +1795,10 @@ do_child(Session *s, const char *command
 		extern int optind, optreset;
 		int i;
 		char *p, *args;
+#ifdef WITH_SELINUX
+		int L1, L2;
+		char *c1, *c2, *cx;
+#endif
 
 		setproctitle("%s@internal-sftp-server", s->pw->pw_name);
 		args = xstrdup(command ? command : "sftp-server");
@@ -1798,6 +1808,32 @@ do_child(Session *s, const char *command
 		argv[i] = NULL;
 		optind = optreset = 1;
 		__progname = argv[0];
+#ifdef WITH_SELINUX
+		if (getcon ((security_context_t *) &c1) < 0) {
+			logit("do_child: getcon failed with %s", strerror (errno));
+		} else {
+			L1 = strlen (c1) + sizeof (SFTPD_T);
+			c2 = xmalloc (L1);
+			if (!(cx = index (c1, ':')))
+				goto badcontext;
+			if (!(cx = index (cx + 1, ':'))) {
+badcontext:
+				logit ("do_child: unparseable context %s", c1);
+			} else {
+				L2 = cx - c1 + 1;
+				memcpy (c2, c1, L2);
+				strlcpy (c2 + L2, SFTPD_T, L1);
+				if ((cx = index (cx + 1, ':')))
+					strlcat (c2, cx, L1);
+				if (setcon (c2) < 0) 
+					logit("do_child: setcon failed with %s", strerror (errno));
+			
+			}
+			xfree (c1);
+			xfree (c2);
+		}		
+#endif
+			
 		exit(sftp_server_main(i, argv, s->pw));
 	}