From 7c27bac991aa6c793fbd35d4b58ab5d37d177937 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Feb 23 2010 13:30:55 +0000
Subject: - Allow sshd to setattr on pseudo terms


---

diff --git a/.cvsignore b/.cvsignore
index 6972be4..ef4def8 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -201,4 +201,3 @@ serefpolicy-3.7.7.tgz
 serefpolicy-3.7.8.tgz
 setroubleshoot-2.2.58.tar.gz
 serefpolicy-3.7.9.tgz
-serefpolicy-3.7.10.tgz
diff --git a/modules-minimum.conf b/modules-minimum.conf
index b192a3c..fa24579 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -1454,7 +1454,7 @@ seunshare = module
 # 
 shorewall = base
 
-# Layer: apps
+# Layer: admin
 # Module: sectoolm
 #
 # Policy for sectool-mechanism
diff --git a/modules-targeted.conf b/modules-targeted.conf
index b192a3c..fa24579 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1454,7 +1454,7 @@ seunshare = module
 # 
 shorewall = base
 
-# Layer: apps
+# Layer: admin
 # Module: sectoolm
 #
 # Policy for sectool-mechanism
diff --git a/nsadiff b/nsadiff
index 6cc0190..8a38a9d 100755
--- a/nsadiff
+++ b/nsadiff
@@ -1 +1 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.9 > /tmp/diff
+diff --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.10 > /tmp/diff
diff --git a/policy-F13.patch b/policy-F13.patch
index c85bb53..8c91688 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -258,7 +258,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.7.10/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/admin/logrotate.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/admin/logrotate.te	2010-02-22 15:26:07.000000000 -0500
 @@ -32,7 +32,7 @@
  # Change ownership on log files.
  allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
@@ -348,6 +348,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
  	slrnpull_manage_spool(logrotate_t)
  ')
  
+@@ -191,5 +220,9 @@
+ ')
+ 
+ optional_policy(`
++	su_exec(logrotate_t)
++')
++
++optional_policy(`
+ 	varnishd_manage_log(logrotate_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.7.10/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2009-08-14 16:14:31.000000000 -0400
 +++ serefpolicy-3.7.10/policy/modules/admin/logwatch.te	2010-02-22 09:09:07.000000000 -0500
@@ -2987,16 +2997,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.10/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2010-02-22 08:30:53.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/apps/java.te	2010-02-22 10:10:13.000000000 -0500
-@@ -149,4 +149,12 @@
++++ serefpolicy-3.7.10/policy/modules/apps/java.te	2010-02-22 10:10:31.000000000 -0500
+@@ -147,6 +147,14 @@
+ 
+ 	init_dbus_chat_script(unconfined_java_t)
  
- 	unconfined_domain_noaudit(unconfined_java_t)
- 	unconfined_dbus_chat(unconfined_java_t)
-+
 +	files_execmod_all_files(unconfined_java_t)
 +
 +	init_dbus_chat_script(unconfined_java_t)
 +
+ 	unconfined_domain_noaudit(unconfined_java_t)
+ 	unconfined_dbus_chat(unconfined_java_t)
++
 +	optional_policy(`
 +		rpm_domtrans(unconfined_java_t)
 +	')
@@ -6445,7 +6457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.10/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/kernel/domain.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/domain.te	2010-02-22 16:34:55.000000000 -0500
 @@ -5,6 +5,21 @@
  #
  # Declarations
@@ -6486,6 +6498,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  # Every domain gets the key ring, so we should default
  # to no one allowed to look at it; afs kernel support creates
  # a keyring
+@@ -87,7 +106,7 @@
+ kernel_dontaudit_link_key(domain)
+ 
+ # create child processes in the domain
+-allow domain self:process { fork sigchld };
++allow domain self:process { fork getsched sigchld };
+ 
+ # Use trusted objects in /dev
+ dev_rw_null(domain)
 @@ -97,6 +116,13 @@
  # list the root directory
  files_list_root(domain)
@@ -8140,7 +8161,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.10/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/kernel/terminal.if	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/kernel/terminal.if	2010-02-22 15:15:22.000000000 -0500
 @@ -241,25 +241,6 @@
  
  ########################################
@@ -15121,6 +15142,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +	xserver_rw_xdm_pipes(session_bus_type)
 +	xserver_append_xdm_home_files(session_bus_type)
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.7.10/policy/modules/services/dcc.te
+--- nsaserefpolicy/policy/modules/services/dcc.te	2010-01-07 14:53:53.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/dcc.te	2010-02-22 12:42:23.000000000 -0500
+@@ -81,7 +81,7 @@
+ # dcc daemon controller local policy
+ #
+ 
+-allow cdcc_t self:capability setuid;
++allow cdcc_t self:capability { setuid setgid };
+ allow cdcc_t self:unix_dgram_socket create_socket_perms;
+ allow cdcc_t self:udp_socket create_socket_perms;
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.fc serefpolicy-3.7.10/policy/modules/services/denyhosts.fc
 --- nsaserefpolicy/policy/modules/services/denyhosts.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.7.10/policy/modules/services/denyhosts.fc	2010-02-22 09:09:07.000000000 -0500
@@ -20558,7 +20591,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.10/policy/modules/services/policykit.te
 --- nsaserefpolicy/policy/modules/services/policykit.te	2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/services/policykit.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/policykit.te	2010-02-22 16:23:10.000000000 -0500
 @@ -36,11 +36,12 @@
  # policykit local policy
  #
@@ -20566,7 +20599,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
 -allow policykit_t self:capability { setgid setuid };
 -allow policykit_t self:process getattr;
 -allow policykit_t self:fifo_file rw_file_perms;
-+allow policykit_t self:capability { setgid setuid sys_ptrace };
++allow policykit_t self:capability { dac_override dac_read_search setgid setuid sys_ptrace };
 +allow policykit_t self:process { getsched getattr signal };
 +allow policykit_t self:fifo_file rw_fifo_file_perms;
 +
@@ -23221,7 +23254,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  ##	Read NFS exported content.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.10/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/rpc.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/rpc.te	2010-02-22 15:33:53.000000000 -0500
 @@ -8,7 +8,7 @@
  
  ## <desc>
@@ -23271,11 +23304,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  files_manage_mounttab(rpcd_t)
  files_getattr_all_dirs(rpcd_t)
  
-@@ -91,14 +100,21 @@
+@@ -91,14 +100,22 @@
  
  seutil_dontaudit_search_config(rpcd_t)
  
 +userdom_signal_unpriv_users(rpcd_t)
++userdom_read_user_home_content_files(rpcd_t)
 +
  optional_policy(`
  	automount_signal(rpcd_t)
@@ -23293,7 +23327,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  ########################################
  #
  # NFSD local policy
-@@ -127,6 +143,7 @@
+@@ -127,6 +144,7 @@
  files_getattr_tmp_dirs(nfsd_t) 
  # cjp: this should really have its own type
  files_manage_mounttab(nfsd_t)
@@ -23301,7 +23335,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  fs_mount_nfsd_fs(nfsd_t) 
  fs_search_nfsd_fs(nfsd_t) 
-@@ -135,6 +152,7 @@
+@@ -135,6 +153,7 @@
  fs_rw_nfsd_fs(nfsd_t) 
  
  storage_dontaudit_read_fixed_disk(nfsd_t)
@@ -23309,7 +23343,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  # Read access to public_content_t and public_content_rw_t
  miscfiles_read_public_files(nfsd_t)
-@@ -151,6 +169,7 @@
+@@ -151,6 +170,7 @@
  	fs_read_noxattr_fs_files(nfsd_t) 
  	auth_manage_all_files_except_shadow(nfsd_t)
  ')
@@ -23317,7 +23351,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  tunable_policy(`nfs_export_all_ro',`
  	dev_getattr_all_blk_files(nfsd_t)
-@@ -182,6 +201,7 @@
+@@ -182,6 +202,7 @@
  kernel_read_network_state(gssd_t)
  kernel_read_network_state_symlinks(gssd_t)	
  kernel_search_network_sysctl(gssd_t)	
@@ -23325,7 +23359,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  corecmd_exec_bin(gssd_t)
  
-@@ -189,8 +209,10 @@
+@@ -189,8 +210,10 @@
  fs_rw_rpc_sockets(gssd_t) 
  fs_read_rpc_files(gssd_t) 
  
@@ -23336,7 +23370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  
  auth_use_nsswitch(gssd_t)
  auth_manage_cache(gssd_t) 
-@@ -199,10 +221,14 @@
+@@ -199,10 +222,14 @@
  
  mount_signal(gssd_t)
  
@@ -23705,7 +23739,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.7.10/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.10/policy/modules/services/samba.te	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/services/samba.te	2010-02-22 17:36:14.000000000 -0500
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -23748,7 +23782,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  kernel_getattr_core_if(smbd_t)
  kernel_getattr_message_if(smbd_t)
  kernel_read_network_state(smbd_t)
-@@ -316,6 +327,7 @@
+@@ -306,6 +317,8 @@
+ dev_read_urand(smbd_t)
+ dev_getattr_mtrr_dev(smbd_t)
+ dev_dontaudit_getattr_usbfs_dirs(smbd_t)
++dev_getattr_all_blk_files(smbd_t)
++dev_getattr_all_chr_files(smbd_t)
+ 
+ fs_getattr_all_fs(smbd_t)
+ fs_get_xattr_fs_quotas(smbd_t)
+@@ -316,6 +329,7 @@
  auth_use_nsswitch(smbd_t)
  auth_domtrans_chk_passwd(smbd_t)
  auth_domtrans_upd_passwd(smbd_t)
@@ -23756,7 +23799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  domain_use_interactive_fds(smbd_t)
  domain_dontaudit_list_all_domains_state(smbd_t)
-@@ -325,6 +337,8 @@
+@@ -325,6 +339,8 @@
  files_read_etc_runtime_files(smbd_t)
  files_read_usr_files(smbd_t)
  files_search_spool(smbd_t)
@@ -23765,7 +23808,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  # Allow samba to list mnt_t for potential mounted dirs
  files_list_mnt(smbd_t)
  
-@@ -337,10 +351,13 @@
+@@ -337,10 +353,13 @@
  miscfiles_read_public_files(smbd_t)
  
  userdom_use_unpriv_users_fds(smbd_t)
@@ -23780,7 +23823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ifdef(`hide_broken_symptoms', `
  	files_dontaudit_getattr_default_dirs(smbd_t)
  	files_dontaudit_getattr_boot_dirs(smbd_t)
-@@ -352,19 +369,19 @@
+@@ -352,19 +371,19 @@
  ') 
  
  tunable_policy(`samba_domain_controller',`
@@ -23806,7 +23849,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  # Support Samba sharing of NFS mount points
-@@ -376,6 +393,15 @@
+@@ -376,6 +395,15 @@
  	fs_manage_nfs_named_sockets(smbd_t)
  ')
  
@@ -23822,7 +23865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  optional_policy(`
  	cups_read_rw_config(smbd_t)
  	cups_stream_connect(smbd_t)
-@@ -391,6 +417,11 @@
+@@ -391,6 +419,11 @@
  ')
  
  optional_policy(`
@@ -23834,7 +23877,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  	rpc_search_nfs_state_data(smbd_t)
  ')
  
-@@ -405,13 +436,15 @@
+@@ -405,13 +438,15 @@
  tunable_policy(`samba_create_home_dirs',`
  	allow smbd_t self:capability chown;
  	userdom_create_user_home_dirs(smbd_t)
@@ -23851,7 +23894,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  	auth_read_all_files_except_shadow(nmbd_t)
  ')
  
-@@ -420,8 +453,8 @@
+@@ -420,8 +455,8 @@
  	auth_manage_all_files_except_shadow(smbd_t)
  	fs_read_noxattr_fs_files(nmbd_t) 
  	auth_manage_all_files_except_shadow(nmbd_t)
@@ -23861,7 +23904,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  ########################################
  #
-@@ -525,6 +558,7 @@
+@@ -525,6 +560,7 @@
  
  allow smbcontrol_t winbind_t:process { signal signull };
  
@@ -23869,7 +23912,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  samba_read_config(smbcontrol_t)
  samba_rw_var_files(smbcontrol_t)
  samba_search_var(smbcontrol_t)
-@@ -536,6 +570,8 @@
+@@ -536,6 +572,8 @@
  
  miscfiles_read_localization(smbcontrol_t)
  
@@ -23878,7 +23921,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ########################################
  #
  # smbmount Local policy
-@@ -618,7 +654,7 @@
+@@ -618,7 +656,7 @@
  # SWAT Local policy
  #
  
@@ -23887,7 +23930,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow swat_t self:process { setrlimit signal_perms };
  allow swat_t self:fifo_file rw_fifo_file_perms;
  allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
-@@ -626,23 +662,23 @@
+@@ -626,23 +664,23 @@
  allow swat_t self:udp_socket create_socket_perms;
  allow swat_t self:unix_stream_socket connectto;
  
@@ -23920,7 +23963,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  allow swat_t smbd_exec_t:file mmap_file_perms ;
  
  allow swat_t smbd_t:process signull;
-@@ -657,7 +693,7 @@
+@@ -657,7 +695,7 @@
  files_pid_filetrans(swat_t, swat_var_run_t, file)
  
  allow swat_t winbind_exec_t:file mmap_file_perms;
@@ -23929,7 +23972,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  allow swat_t winbind_var_run_t:dir { write add_name remove_name };
  allow swat_t winbind_var_run_t:sock_file { create unlink };
-@@ -700,6 +736,8 @@
+@@ -700,6 +738,8 @@
  
  miscfiles_read_localization(swat_t)
  
@@ -23938,7 +23981,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  optional_policy(`
  	cups_read_rw_config(swat_t)
  	cups_stream_connect(swat_t)
-@@ -713,12 +751,23 @@
+@@ -713,12 +753,23 @@
  	kerberos_use(swat_t)
  ')
  
@@ -23963,7 +24006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  dontaudit winbind_t self:capability sys_tty_config;
  allow winbind_t self:process { signal_perms getsched setsched };
  allow winbind_t self:fifo_file rw_fifo_file_perms;
-@@ -779,6 +828,9 @@
+@@ -779,6 +830,9 @@
  corenet_tcp_bind_generic_node(winbind_t)
  corenet_udp_bind_generic_node(winbind_t)
  corenet_tcp_connect_smbd_port(winbind_t)
@@ -23973,7 +24016,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  dev_read_sysfs(winbind_t)
  dev_read_urand(winbind_t)
-@@ -788,7 +840,7 @@
+@@ -788,7 +842,7 @@
  
  auth_domtrans_chk_passwd(winbind_t)
  auth_use_nsswitch(winbind_t)
@@ -23982,7 +24025,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  
  domain_use_interactive_fds(winbind_t)
  
-@@ -866,6 +918,18 @@
+@@ -866,6 +920,18 @@
  #
  
  optional_policy(`
@@ -24001,7 +24044,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  	type samba_unconfined_script_t;
  	type samba_unconfined_script_exec_t;
  	domain_type(samba_unconfined_script_t)
-@@ -876,9 +940,12 @@
+@@ -876,9 +942,12 @@
  	allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
  	allow smbd_t samba_unconfined_script_exec_t:file ioctl;
  
@@ -33748,7 +33791,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.10/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.10/policy/modules/system/userdomain.if	2010-02-22 09:09:07.000000000 -0500
++++ serefpolicy-3.7.10/policy/modules/system/userdomain.if	2010-02-22 15:33:37.000000000 -0500
 @@ -30,8 +30,9 @@
  	')
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1cae429..9eeea5e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.10
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Feb 22 2010 Dan Walsh <dwalsh@redhat.com> 3.7.10-2
+- Allow sshd to setattr on pseudo terms
+
 * Mon Feb 22 2010 Dan Walsh <dwalsh@redhat.com> 3.7.10-1
 - Update to upstream