- Fixes for abrt calls

2009-12-16 23:01:00 +00:00 · 2009-12-16 23:01:00 +00:00 · e54cc7c3e4
commit e54cc7c3e4
parent 9c90ba7e8e
2 changed files with 114 additions and 36 deletions
--- a/policy-F13.patch
+++ b/policy-F13.patch
@ -2767,7 +2767,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.7.4/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.4/policy/modules/apps/gnome.te	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/apps/gnome.te	2009-12-16 16:57:25.000000000 -0500
@@ -7,18 +7,30 @@
 #
@ -2801,8 +2801,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 files_tmp_file(gconf_tmp_t)
 ubac_constrained(gconf_tmp_t)
-@@ -32,8 +44,17 @@
+@@ -29,11 +41,20 @@
- type gnome_home_t;
+ application_domain(gconfd_t, gconfd_exec_t)
 ubac_constrained(gconfd_t)
 -type gnome_home_t;
 +type gnome_home_t, gnome_home_type;
 typealias gnome_home_t alias { user_gnome_home_t staff_gnome_home_t sysadm_gnome_home_t };
 typealias gnome_home_t alias { auditadm_gnome_home_t secadm_gnome_home_t };
 +typealias gnome_home_t alias unconfined_gnome_home_t;
@ -4969,8 +4973,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +# No types are sandbox_exec_t
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.4/policy/modules/apps/sandbox.if
 --- nsaserefpolicy/policy/modules/apps/sandbox.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.4/policy/modules/apps/sandbox.if	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/apps/sandbox.if	2009-12-16 16:50:01.000000000 -0500
-@@ -0,0 +1,188 @@
+@@ -0,0 +1,190 @@
 +
 +## <summary>policy for sandbox</summary>
 +
@ -5018,9 +5022,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	allow sandbox_x_domain $1:process { sigchld signal };
 +	allow sandbox_x_domain sandbox_x_domain:process signal;
 +	# Dontaudit leaked file descriptors
-+	dontaudit sandbox_x_domain $1:fifo_file rw_fifo_file_perms;
+	dontaudit sandbox_x_domain $1:fifo_file { read write };
 +	dontaudit sandbox_x_domain $1:tcp_socket rw_socket_perms;
 +	dontaudit sandbox_x_domain $1:udp_socket rw_socket_perms;
 +	dontaudit sandbox_x_domain $1:unix_stream_socket { read write };
 +	
 +	manage_files_pattern($1, sandbox_file_type, sandbox_file_type);
 +	manage_dirs_pattern($1, sandbox_file_type, sandbox_file_type);
@ -5104,6 +5109,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	type $1_client_tmpfs_t;
 +	files_tmpfs_file($1_client_tmpfs_t)
 +
 +	term_search_ptys($1_t)
 +	allow $1_client_t sandbox_devpts_t:chr_file { rw_term_perms setattr };
 +	term_create_pty($1_client_t,sandbox_devpts_t)
 +
@ -5161,8 +5167,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.4/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.4/policy/modules/apps/sandbox.te	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/apps/sandbox.te	2009-12-16 17:45:36.000000000 -0500
-@@ -0,0 +1,331 @@
+@@ -0,0 +1,336 @@
 +policy_module(sandbox,1.0.0)
 +dbus_stub()
 +attribute sandbox_domain;
@ -5195,6 +5201,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +# sandbox xserver policy
 +#
 +allow sandbox_xserver_t self:process execmem;
 +allow sandbox_xserver_t self:fifo_file manage_fifo_file_perms;
 +allow sandbox_xserver_t self:shm create_shm_perms;
 +allow sandbox_xserver_t self:tcp_socket create_stream_socket_perms;
@ -5222,6 +5229,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +corenet_sendrecv_xserver_server_packets(sandbox_xserver_t)
 +corenet_sendrecv_all_client_packets(sandbox_xserver_t)
 +
 +dev_rwx_zero(sandbox_xserver_t)
 +
 +files_read_etc_files(sandbox_xserver_t)
 +files_read_usr_files(sandbox_xserver_t)
 +files_search_home(sandbox_xserver_t)
@ -5242,6 +5251,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +logging_send_syslog_msg(sandbox_xserver_t)
 +logging_send_audit_msgs(sandbox_xserver_t)
 +
 +userdom_read_user_home_content_symlinks(sandbox_xserver_t)
 +userdom_use_user_terminals(sandbox_xserver_t)
 +
 +xserver_entry_type(sandbox_xserver_t)
@ -5322,7 +5332,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +auth_dontaudit_read_login_records(sandbox_x_domain)
 +auth_dontaudit_write_login_records(sandbox_x_domain)
-+auth_use_nsswitch(sandbox_x_domain)
+#auth_use_nsswitch(sandbox_x_domain)
 +auth_search_pam_console_data(sandbox_x_domain)
 +
 +init_read_utmp(sandbox_x_domain)
@ -5349,6 +5359,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +userdom_dontaudit_use_user_terminals(sandbox_x_domain)
 +userdom_read_user_home_content_symlinks(sandbox_x_domain)
 +
 +#============= sandbox_x_t ==============
 +files_search_home(sandbox_x_t)
@ -5367,7 +5378,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +corenet_tcp_connect_ipp_port(sandbox_x_client_t)
 +
-+auth_use_nsswitch(sandbox_x_client_t)
+#auth_use_nsswitch(sandbox_x_client_t)
 +
 +dbus_system_bus_client(sandbox_x_client_t)
 +dbus_read_config(sandbox_x_client_t)
@ -5425,7 +5436,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +corenet_dontaudit_tcp_bind_generic_port(sandbox_web_client_t)
 +corenet_tcp_connect_speech_port(sandbox_web_client_t)
 +
-+auth_use_nsswitch(sandbox_web_client_t)
+#auth_use_nsswitch(sandbox_web_client_t)
 +
 +dbus_system_bus_client(sandbox_web_client_t)
 +dbus_read_config(sandbox_web_client_t)
@ -5468,7 +5479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +corenet_tcp_connect_all_ports(sandbox_net_client_t)
 +corenet_sendrecv_all_client_packets(sandbox_net_client_t)
 +
-+auth_use_nsswitch(sandbox_net_client_t)
+#auth_use_nsswitch(sandbox_net_client_t)
 +
 +dbus_system_bus_client(sandbox_net_client_t)
 +dbus_read_config(sandbox_net_client_t)
@ -6496,7 +6507,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.4/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.4/policy/modules/kernel/domain.te	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/kernel/domain.te	2009-12-16 16:43:03.000000000 -0500
@@ -5,6 +5,13 @@
 #
 # Declarations
@ -6567,7 +6578,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 # Act upon any other process.
 allow unconfined_domain_type domain:process ~{ transition dyntransition execmem execstack execheap };
-@@ -153,3 +174,71 @@
+@@ -153,3 +174,73 @@
 # receive from all domains over labeled networking
 domain_all_recvfrom_all_domains(unconfined_domain_type)
@ -6592,8 +6603,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +# these seem questionable:
 +
 +optional_policy(`
 +	abrt_signull(domain)
 +	abrt_domtrans_helper(domain)
 +	abrt_read_pid_files(domain)
 +	abrt_read_state(domain)
 +	abrt_signull(domain)
 +')
 +
 +optional_policy(`
@ -7518,7 +7531,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.4/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.4/policy/modules/kernel/terminal.if	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/kernel/terminal.if	2009-12-16 11:17:07.000000000 -0500
@@ -273,9 +273,11 @@
 interface(`term_dontaudit_use_console',`
 	gen_require(`
@ -9530,7 +9543,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/run/abrt(/.*)?			gen_context(system_u:object_r:abrt_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.4/policy/modules/services/abrt.if
 --- nsaserefpolicy/policy/modules/services/abrt.if	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.7.4/policy/modules/services/abrt.if	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/services/abrt.if	2009-12-16 16:47:43.000000000 -0500
@@ -19,6 +19,24 @@
 	domtrans_pattern($1, abrt_exec_t, abrt_t)
 ')
@ -9589,10 +9602,47 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ######################################
 ## <summary>
 ##	Read abrt logs.
-@@ -75,6 +119,64 @@
+@@ -75,6 +119,101 @@
 	read_files_pattern($1, abrt_var_log_t, abrt_var_log_t)
 ')
 +######################################
 +## <summary>
 +##	Read abrt PID files.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
 +##	Domain allowed access.
 +##	</summary>
 +## </param>
 +#
 +interface(`abrt_read_pid_files',`
 +	gen_require(`
 +		type abrt_var_run_t;
 +	')
 +
 +	files_search_pids($1)
 +	read_files_pattern($1, abrt_var_run_t, abrt_var_run_t)
 +')
 +
 +########################################
 +## <summary>
 +##	Allow the domain to read abrt state files in /proc.
 +## </summary>
 +## <param name="domain">
 +##	<summary>
 +##	Domain to allow access.
 +##	</summary>
 +## </param>
 +#
 +interface(`abrt_read_state',`
 +	gen_require(`
 +		type abrt_t;
 +	')
 +
 +	ps_process_pattern($1, abrt_t)
 +')
 +
 +########################################
 +## <summary>
 +##	Send and receive messages from
@ -11910,7 +11960,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.7.4/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.4/policy/modules/services/avahi.te	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/services/avahi.te	2009-12-16 13:33:02.000000000 -0500
@@ -24,7 +24,7 @@
 # Local policy
 #
@ -11928,8 +11978,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 manage_dirs_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
 manage_files_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
-@@ -47,6 +48,9 @@
+@@ -42,11 +43,13 @@
- kernel_read_proc_symlinks(avahi_t)
+ allow avahi_t avahi_var_run_t:dir setattr;
 files_pid_filetrans(avahi_t, avahi_var_run_t, file)
 +kernel_read_system_state(avahi_t)
 kernel_read_kernel_sysctls(avahi_t)
 -kernel_list_proc(avahi_t)
 -kernel_read_proc_symlinks(avahi_t)
 kernel_read_network_state(avahi_t)
 +corecmd_exec_bin(avahi_t)
@ -11938,7 +11994,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 corenet_all_recvfrom_unlabeled(avahi_t)
 corenet_all_recvfrom_netlabel(avahi_t)
 corenet_tcp_sendrecv_generic_if(avahi_t)
-@@ -85,6 +89,10 @@
+@@ -85,6 +88,10 @@
 miscfiles_read_localization(avahi_t)
 miscfiles_read_certs(avahi_t)
@ -12058,7 +12114,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.7.4/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.4/policy/modules/services/bluetooth.te	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/services/bluetooth.te	2009-12-16 17:05:48.000000000 -0500
@@ -54,9 +54,9 @@
 # Bluetooth services local policy
 #
@ -12079,15 +12135,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
-@@ -94,6 +95,7 @@
+@@ -94,6 +95,8 @@
 kernel_read_kernel_sysctls(bluetooth_t)
 kernel_read_system_state(bluetooth_t)
 kernel_read_network_state(bluetooth_t)
 +kernel_request_load_module(bluetooth_t)
 +kernel_search_debugfs(bluetooth_t)
 corenet_all_recvfrom_unlabeled(bluetooth_t)
 corenet_all_recvfrom_netlabel(bluetooth_t)
-@@ -111,6 +113,7 @@
+@@ -111,6 +114,7 @@
 dev_rw_generic_usb_dev(bluetooth_t)
 dev_read_urand(bluetooth_t)
 dev_rw_input_dev(bluetooth_t)
@ -12095,7 +12152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 fs_getattr_all_fs(bluetooth_t)
 fs_search_auto_mountpoints(bluetooth_t)
-@@ -154,6 +157,10 @@
+@@ -154,6 +158,10 @@
 	')
 	optional_policy(`
@ -13291,8 +13348,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.7.4/policy/modules/services/corosync.te
 --- nsaserefpolicy/policy/modules/services/corosync.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.7.4/policy/modules/services/corosync.te	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/services/corosync.te	2009-12-16 13:52:21.000000000 -0500
-@@ -0,0 +1,109 @@
+@@ -0,0 +1,110 @@
 +
 +policy_module(corosync,1.0.0)
 +
@ -13380,6 +13437,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +miscfiles_read_localization(corosync_t)
 +
 +init_read_script_state(corosync_t)
 +init_rw_script_tmp_files(corosync_t)
 +
 +logging_send_syslog_msg(corosync_t)
@ -16444,7 +16502,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.4/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.4/policy/modules/services/mysql.te	2009-12-15 16:12:11.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/services/mysql.te	2009-12-16 14:02:23.000000000 -0500
@@ -1,6 +1,13 @@
 policy_module(mysql, 1.11.0)
@ -16471,7 +16529,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ifdef(`distro_redhat',`
 	# because Fedora has the sock_file in the database directory
 	type_transition mysqld_t mysqld_db_t:sock_file mysqld_var_run_t;
-@@ -136,10 +148,17 @@
+@@ -131,15 +143,22 @@
 # Local mysqld_safe policy
 #
 -allow mysqld_safe_t self:capability { dac_override fowner chown };
 +allow mysqld_safe_t self:capability { kill dac_override fowner chown };
 allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
 domtrans_pattern(mysqld_safe_t, mysqld_exec_t, mysqld_t)
@ -18309,7 +18373,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.4/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.4/policy/modules/services/openvpn.te	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/services/openvpn.te	2009-12-16 14:04:12.000000000 -0500
@@ -41,7 +41,7 @@
 # openvpn local policy
 #
@ -18328,6 +18392,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 logging_send_syslog_msg(openvpn_t)
 miscfiles_read_localization(openvpn_t)
@@ -107,7 +109,7 @@
 sysnet_dns_name_resolve(openvpn_t)
 sysnet_exec_ifconfig(openvpn_t)
 -sysnet_write_config(openvpn_t)
 +sysnet_manage_config(openvpn_t)
 sysnet_etc_filetrans_config(openvpn_t)
 userdom_use_user_terminals(openvpn_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.7.4/policy/modules/services/pcscd.if
 --- nsaserefpolicy/policy/modules/services/pcscd.if	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.7.4/policy/modules/services/pcscd.if	2009-12-15 14:56:49.000000000 -0500
@ -24225,7 +24298,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.4/policy/modules/services/sssd.te
 --- nsaserefpolicy/policy/modules/services/sssd.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.4/policy/modules/services/sssd.te	2009-12-15 14:56:49.000000000 -0500
+++ serefpolicy-3.7.4/policy/modules/services/sssd.te	2009-12-16 11:14:38.000000000 -0500
@@ -16,6 +16,9 @@
 type sssd_var_lib_t;
 files_type(sssd_var_lib_t)
@ -24236,15 +24309,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 type sssd_var_run_t;
 files_pid_file(sssd_var_run_t)
-@@ -23,7 +26,7 @@
+@@ -23,8 +26,8 @@
 #
 # sssd local policy
 #
 -allow sssd_t self:capability { sys_nice setuid };
-+allow sssd_t self:capability { sys_nice setgid setuid };
+-allow sssd_t self:process { setsched signal getsched };
- allow sssd_t self:process { setsched signal getsched };
+allow sssd_t self:capability { kill sys_nice setgid setuid };
 +allow sssd_t self:process { setsched sigkill signal getsched };
 allow sssd_t self:fifo_file rw_file_perms;
 allow sssd_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -33,16 +36,24 @@
 manage_sock_files_pattern(sssd_t, sssd_var_lib_t, sssd_var_lib_t)
 files_var_lib_filetrans(sssd_t, sssd_var_lib_t, { file dir } )
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -449,6 +449,9 @@ exit 0
 %endif
 %changelog
 * Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> 3.7.4-3
 - Fixes for abrt calls
 * Fri Dec 11 2009 Dan Walsh <dwalsh@redhat.com> 3.7.4-2
 - Add tgtd policy