diff --git a/sed-selinux.patch b/sed-selinux.patch
new file mode 100644
index 0000000..2dca5ab
--- /dev/null
+++ b/sed-selinux.patch
@@ -0,0 +1,29 @@
+diff --git a/NEWS b/NEWS
+index e9335f0..e762b2d 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,4 +1,9 @@ GNU sed NEWS                                    -*- outline -*-
+ GNU sed NEWS                                    -*- outline -*-
++ 
++  sed -i now creates selinux context based on the context of the symlink
++  instead of the symlink target. [Bug present since at least sed-4.2]
++  sed -i --follow-symlinks remains unchanged.
++
+ 
+ * Noteworthy changes in release 4.4 (2017-02-03) [stable]
+ 
+diff --git a/sed/execute.c b/sed/execute.c
+index 1843392..453886e 100644
+--- a/sed/execute.c
++++ b/sed/execute.c
+@@ -607,7 +607,7 @@ open_next_file(const char *name, struct input *input)
+       if (is_selinux_enabled () > 0)
+         {
+           security_context_t con;
+-          if (getfilecon (input->in_file_name, &con) != -1)
++          if (lgetfilecon (input->in_file_name, &con) != -1)
+             {
+               /* Save and restore the old context for the sake of w and W
+                  commands.  */
+2.9.5
+
diff --git a/sed.spec b/sed.spec
index 8a1ae52..8eb2a57 100644
--- a/sed.spec
+++ b/sed.spec
@@ -3,15 +3,16 @@
 Summary: A GNU stream text editor
 Name: sed
 Version: 4.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv3+
 Group: Applications/Text
 URL: http://sed.sourceforge.net/
 Source0: ftp://ftp.gnu.org/pub/gnu/sed/sed-%{version}.tar.xz
 Source1: http://sed.sourceforge.net/sedfaq.txt
 Patch0: sed-4.2.2-binary_copy_args.patch
+Patch1: sed-selinux.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: glibc-devel, libselinux-devel, libacl-devel
+BuildRequires: glibc-devel, libselinux-devel, libacl-devel, automake, autoconf
 BuildRequires: perl-Getopt-Long
 Requires(post): /sbin/install-info
 Requires(preun): /sbin/install-info
@@ -31,6 +32,7 @@ specified in a script file or from the command line.
 %prep
 %setup -q
 %patch0 -p1 -b .copy
+%patch1 -p1 -b .selinux
 
 %build
 %configure --without-included-regex
@@ -73,6 +75,12 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man*/*
 
 %changelog
+* Thu Jan 11 2018  Jakub Martisko <jamartis@redhat.com> - 4.4-4
+- When editing file inplace, the SELinux context should
+  be based on the link instead of the target file itself.
+  --follow-symlinks option remains unchanged
+- Resolves: #1401442
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.4-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild