diff -up shadow-4.1.5/lib/commonio.c.selinux shadow-4.1.5/lib/commonio.c
--- shadow-4.1.5/lib/commonio.c.selinux	2011-12-09 23:23:16.000000000 +0100
+++ shadow-4.1.5/lib/commonio.c	2012-03-22 16:42:00.952464092 +0100
@@ -977,6 +977,12 @@ int commonio_close (struct commonio_db *
 
 	snprintf (buf, sizeof buf, "%s+", db->filename);
 
+#ifdef WITH_SELINUX
+	if (set_selinux_file_context (buf) != 0) {
+		errors++;
+	}
+#endif
+
 	db->fp = fopen_set_perms (buf, "w", &sb);
 	if (NULL == db->fp) {
 		goto fail;
@@ -1011,6 +1017,12 @@ int commonio_close (struct commonio_db *
 		goto fail;
 	}
 
+#ifdef WITH_SELINUX
+	if (reset_selinux_file_context () != 0) {
+		goto fail;
+	}
+#endif
+
 	nscd_need_reload = true;
 	goto success;
       fail:
diff -up shadow-4.1.5/src/useradd.c.selinux shadow-4.1.5/src/useradd.c
--- shadow-4.1.5/src/useradd.c.selinux	2012-03-22 16:46:11.007377548 +0100
+++ shadow-4.1.5/src/useradd.c	2012-03-22 16:46:35.037251897 +0100
@@ -2040,7 +2040,7 @@ int main (int argc, char **argv)
 	if (mflg) {
 		create_home ();
 		if (home_added) {
-			copy_tree (def_template, user_home, false, false,
+			copy_tree (def_template, user_home, false, true,
 			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
 		} else {
 			fprintf (stderr,