diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
--- openssh-5.6p1/contrib/ssh-copy-id.selabel	2010-08-10 05:36:09.000000000 +0200
+++ openssh-5.6p1/contrib/ssh-copy-id	2010-08-23 12:50:20.000000000 +0200
@@ -41,7 +41,7 @@ fi
 # strip any trailing colon
 host=`echo $1 | sed 's/:$//'`
 
-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1
 
 cat <<EOF
 Now try logging into the machine, with "ssh '$host'", and check in:
diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
--- openssh-5.6p1/Makefile.in.selabel	2010-08-23 12:47:39.000000000 +0200
+++ openssh-5.6p1/Makefile.in	2010-08-23 12:47:39.000000000 +0200
@@ -141,7 +141,7 @@ libssh.a: $(LIBSSH_OBJS)
 	$(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
--- openssh-5.6p1/ssh.c.selabel	2010-08-23 12:47:39.000000000 +0200
+++ openssh-5.6p1/ssh.c	2010-08-23 12:47:39.000000000 +0200
@@ -74,6 +74,7 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
 #include <fipscheck.h>
+#include <selinux/selinux.h>
 #include "openbsd-compat/openssl-compat.h"
 #include "openbsd-compat/sys-queue.h"
 
@@ -848,10 +849,17 @@ main(int ac, char **av)
 	 */
 	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
+	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+		char *scon;
+
+		if (matchpathcon(buf, 0700, &scon) != -1) {
+			setfscreatecon(scon);
+			matchpathcon_fini();
+		}
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
-
+		setfscreatecon(NULL);
+	}
 	/* load options.identity_files */
 	load_public_identity_files();