diff --git a/configure.in b/configure.in
index a5a434d..1d3801e 100644
--- a/configure.in
+++ b/configure.in
@@ -572,6 +572,24 @@ AC_SUBST(GCOV)
 AC_SUBST(GENHTML)
 
 # ----------------------------------------------------------------------
+# selinux
+
+LIBSELINUX=""
+selinux_status="no"
+AC_ARG_ENABLE([selinux],
+        AC_HELP_STRING([--disable-selinux],[do not use SELinux]))
+if test "x$enable_selinux" != "xno"; then
+    AC_CHECK_LIB([selinux],[getfilecon],
+        [AC_CHECK_LIB([selinux],[setexeccon],
+            [AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in])
+             LIBSELINUX="-lselinux"
+             selinux_status="yes"])
+        ])
+fi
+AC_SUBST(LIBSELINUX)
+AM_CONDITIONAL([HAVE_LIBSELINUX], [test ! -z "$LIBSELINUX"])
+
+# ----------------------------------------------------------------------
 # Valgrind
 
 AC_ARG_ENABLE(valgrind,
@@ -742,6 +760,7 @@ echo
 echo "OPTIONAL DEPENDENCIES"
 echo "  PAM:                  $pam_status"
 echo "  Linux capabilities:   $libcapng_status"
+echo "  SELinux:              $selinux_status"
 echo
 echo "CONFIGURATION"
 echo "  SSH Agent:            $ssh_status"
diff --git a/pam/Makefile.am b/pam/Makefile.am
index 81bda13..2e6362d 100644
--- a/pam/Makefile.am
+++ b/pam/Makefile.am
@@ -16,6 +16,7 @@ pam_gnome_keyring_la_LIBADD = \
 	$(top_builddir)/egg/libegg-buffer.la \
 	$(top_builddir)/egg/libegg-creds.la \
 	$(top_builddir)/egg/libegg-secure.la \
+	$(LIBSELINUX) \
 	-lpam
 	
 pam_gnome_keyring_la_LDFLAGS = \
diff --git a/pam/gkr-pam-module.c b/pam/gkr-pam-module.c
index e63c917..8ad814c 100644
--- a/pam/gkr-pam-module.c
+++ b/pam/gkr-pam-module.c
@@ -317,6 +317,36 @@ cleanup_free_password (pam_handle_t *ph, void *data, int pam_end_status)
 	free_password (data);
 }
 
+#ifdef WITH_SELINUX
+#include  <selinux/flask.h>
+#include  <selinux/selinux.h>
+/* Attempt to set SELinux Context. We are ignoring failure and just going
+   with default behaviour default behaviour
+*/
+static void setup_selinux_context(const char *command) {
+	security_context_t fcon = NULL, newcon = NULL, execcon = NULL;
+
+	if (is_selinux_enabled() != 1) return;
+
+	int ret = getexeccon(&execcon);
+	if ((ret < 0) || (! execcon)) goto err;
+
+	ret = getfilecon(command, &fcon);
+	if (ret < 0) goto err;
+
+	ret = security_compute_create(execcon, fcon, SECCLASS_PROCESS, &newcon);
+	if (ret < 0) goto err;
+
+	setexeccon(newcon);
+
+err:
+	freecon(newcon);
+	freecon(fcon);
+	freecon(execcon);
+	return;
+}
+#endif
+
 static void
 setup_child (int inp[2], int outp[2], int errp[2], pam_handle_t *ph, struct passwd *pwd)
 {
@@ -329,6 +359,10 @@ setup_child (int inp[2], int outp[2], int errp[2], pam_handle_t *ph, struct pass
 	char *args[] = { GNOME_KEYRING_DAEMON, "--daemonize", "--login", NULL};
 #endif
 	
+#ifdef WITH_SELINUX
+	setup_selinux_context(GNOME_KEYRING_DAEMON);
+#endif
+
 	assert (pwd);
 	assert (pwd->pw_dir);