--- src/Makefile
+++ src/Makefile
@@ -57,7 +57,7 @@
 all:		$(BIN) $(SBIN) $(USRBIN)
 
 init:		init.o init_utmp.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux -lsepol
 
 halt:		halt.o ifdown.o hddown.o utmp.o reboot.h
 		$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
@@ -78,7 +78,7 @@
 		$(CC) $(LDFLAGS) -o $@ runlevel.o
 
 sulogin:	sulogin.o
-		$(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
+		$(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT) -lselinux
 
 wall:		dowall.o wall.o
 		$(CC) $(LDFLAGS) -o $@ dowall.o wall.o
--- src/init.c
+++ src/init.c
@@ -50,6 +50,8 @@
 #include <stdarg.h>
 #include <sys/syslog.h>
 #include <sys/time.h>
+#include <selinux/selinux.h>
+#include <sepol/sepol.h>
 
 #ifdef __i386__
 #  if (__GLIBC__ >= 2)
@@ -2643,6 +2645,7 @@
 	char			*p;
 	int			f;
 	int			isinit;
+	int			enforce = 0;
 
 	/* Get my own name */
 	if ((p = strrchr(argv[0], '/')) != NULL)
@@ -2706,6 +2709,20 @@
 		maxproclen += strlen(argv[f]) + 1;
 	}
 
+	if (getenv("SELINUX_INIT") == NULL && !is_selinux_enabled()) {
+		putenv("SELINUX_INIT=YES");
+		if (selinux_init_load_policy(&enforce) == 0 ) {
+			execv(myname, argv);
+		} else {
+			if (enforce > 0) {
+				/* SELinux in enforcing mode but load_policy failed */
+				/* At this point, we probably can't open /dev/console, so log() won't work */
+				printf("Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
+				exit(1);
+			}
+		}
+	}
+
 	/* Start booting. */
 	argv0 = argv[0];
 	argv[1] = NULL;
--- src/sulogin.c
+++ src/sulogin.c
@@ -29,6 +29,8 @@
 #if defined(__GLIBC__)
 #  include <crypt.h>
 #endif
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
 
 #define CHECK_DES	1
 #define CHECK_MD5	1
@@ -374,6 +376,21 @@
 	signal(SIGINT,  saved_sigint);
 	signal(SIGTSTP, saved_sigtstp);
 	signal(SIGQUIT, saved_sigquit);
+
+	if (is_selinux_enabled > 0) {
+		security_context_t scon=NULL;
+		char *seuser=NULL;
+		char *level=NULL;
+		if (getseuserbyname("root", &seuser, &level) == 0)
+			if (get_default_context_with_level(seuser, level, 0, &scon) > 0) {
+				if (setexeccon(scon) != 0)
+					fprintf(stderr, "setexeccon faile\n");
+				freecon(scon);
+			}
+		free(seuser);
+		free(level);
+	}
+
 	execl(sushell, shell, NULL);
 	perror(sushell);