fix privsep patch

the selinux-policy removed rules which allow SELinux users to use setuid()
so we can't do setcon() before setuid()

openssh-6.1p1-privsep-selinux.patch

@@ -39,20 +39,32 @@ diff -up openssh-6.1p1/openbsd-compat/port-linux.h.privsep-selinux openssh-6.1p1
  #endif
  
 diff -up openssh-6.1p1/session.c.privsep-selinux openssh-6.1p1/session.c
---- openssh-6.1p1/session.c.privsep-selinux	2012-11-05 14:46:39.314809081 +0100
+--- openssh-6.1p1/session.c.privsep-selinux	2012-12-03 09:43:11.727505761 +0100
-+++ openssh-6.1p1/session.c	2012-11-05 14:46:39.340809241 +0100
++++ openssh-6.1p1/session.c	2012-12-03 09:54:50.455688902 +0100
-@@ -1513,6 +1513,10 @@ do_setusercontext(struct passwd *pw)
+@@ -1519,6 +1519,9 @@ do_setusercontext(struct passwd *pw)
- 
+ 			    pw->pw_uid);
- 		platform_setusercontext_post_groups(pw);
+ 			chroot_path = percent_expand(tmp, "h", pw->pw_dir,
- 
+ 			    "u", pw->pw_name, (char *)NULL);
-+
 +#ifdef WITH_SELINUX
 +			ssh_selinux_copy_context();
 +#endif
- 		if (options.chroot_directory != NULL &&
+ 			safely_chroot(chroot_path, pw->pw_uid);
- 		    strcasecmp(options.chroot_directory, "none") != 0) {
+ 			free(tmp);
-                         tmp = tilde_expand_filename(options.chroot_directory,
+ 			free(chroot_path);
-@@ -1787,9 +1791,6 @@ do_child(Session *s, const char *command
+@@ -1533,6 +1536,12 @@ do_setusercontext(struct passwd *pw)
+ 		/* Permanently switch to the desired uid. */
+ 		permanently_set_uid(pw);
+ #endif
++
++#ifdef WITH_SELINUX
++		if (options.chroot_directory == NULL ||
++		    strcasecmp(options.chroot_directory, "none") == 0)
++			ssh_selinux_copy_context();
++#endif
+ 	}
+ 
+ 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+@@ -1787,9 +1796,6 @@ do_child(Session *s, const char *command
  		argv[i] = NULL;
  		optind = optreset = 1;
  		__progname = argv[0];