diff --git a/policy-F12.patch b/policy-F12.patch
index 0ef3cdd..3fde6e9 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -7539,8 +7539,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.16/policy/modules/roles/unconfineduser.te
 --- nsaserefpolicy/policy/modules/roles/unconfineduser.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/roles/unconfineduser.te	2009-06-12 15:59:08.000000000 -0400
-@@ -0,0 +1,403 @@
++++ serefpolicy-3.6.16/policy/modules/roles/unconfineduser.te	2009-06-15 15:37:34.000000000 -0400
+@@ -0,0 +1,407 @@
 +policy_module(unconfineduser, 1.0.0)
 +
 +########################################
@@ -7798,6 +7798,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
++	ppp_run(unconfined_t, unconfined_r)
++')
++
++optional_policy(`
 +	qemu_role_notrans(unconfined_r, unconfined_t)
 +	qemu_unconfined_role(unconfined_r)
 +
@@ -12151,6 +12155,41 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	spamassassin_read_spamd_tmp_files(dcc_client_t)
  ')
  
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.6.16/policy/modules/services/ddclient.if
+--- nsaserefpolicy/policy/modules/services/ddclient.if	2008-10-08 19:00:27.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/ddclient.if	2009-06-15 15:36:38.000000000 -0400
+@@ -21,6 +21,31 @@
+ 
+ ########################################
+ ## <summary>
++##	 Execute ddclient daemon on behalf of a user or staff type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	 Domain allowed access.
++##	</summary>
++## </param>
++## <param name="role">
++##	<summary>
++##	The role to allow the ppp domain.
++##	</summary>
++## </param>
++## <rolecap/>
++#
++interface(`ddclient_run',`
++	gen_require(`
++		type ddclient_t;
++	')
++
++	ddclient_domtrans($1)
++	role $2 types ddclient_t;
++')
++
++########################################
++## <summary>
+ ##	All of the rules required to administrate 
+ ##	an ddclient environment
+ ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.6.16/policy/modules/services/devicekit.fc
 --- nsaserefpolicy/policy/modules/services/devicekit.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.6.16/policy/modules/services/devicekit.fc	2009-06-12 15:59:08.000000000 -0400
@@ -13845,7 +13884,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.16/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/services/kerberos.te	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/kerberos.te	2009-06-15 15:01:15.000000000 -0400
 @@ -33,6 +33,7 @@
  type kpropd_t;
  type kpropd_exec_t;
@@ -13864,14 +13903,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # kadmind local policy
-@@ -281,6 +285,7 @@
+@@ -281,7 +285,9 @@
  
  allow kpropd_t krb5_keytab_t:file read_file_perms;
  
 +manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
  manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
++filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)
  
  corecmd_exec_bin(kpropd_t)
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.16/policy/modules/services/kerneloops.if
 --- nsaserefpolicy/policy/modules/services/kerneloops.if	2009-01-05 15:39:43.000000000 -0500
 +++ serefpolicy-3.6.16/policy/modules/services/kerneloops.if	2009-06-12 15:59:08.000000000 -0400
@@ -17538,7 +17579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /sbin
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.16/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/ppp.if	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/ppp.if	2009-06-15 15:36:20.000000000 -0400
 @@ -58,6 +58,25 @@
  
  ########################################
@@ -17565,7 +17606,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Send a generic signal to PPP.
  ## </summary>
  ## <param name="domain">
-@@ -298,6 +317,24 @@
+@@ -158,10 +177,16 @@
+ interface(`ppp_run',`
+ 	gen_require(`
+ 		type pppd_t;
++		type pptp_t;
+ 	')
+ 
+ 	ppp_domtrans($1)
+ 	role $2 types pppd_t;
++	role $2 types pptp_t;
++
++	optional_policy(`
++		ddclient_run(pppd_t, $2)
++	')
+ ')
+ 
+ ########################################
+@@ -298,6 +323,24 @@
  
  ########################################
  ## <summary>
@@ -17590,7 +17648,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
  ##	an ppp environment
  ## </summary>
-@@ -315,33 +352,39 @@
+@@ -315,33 +358,39 @@
  		type pppd_etc_rw_t, pppd_var_run_t;
  
  		type pptp_t, pptp_log_t, pptp_var_run_t;
@@ -17641,7 +17699,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.16/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/ppp.te	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/ppp.te	2009-06-15 14:52:23.000000000 -0400
 @@ -37,8 +37,8 @@
  type pppd_etc_rw_t;
  files_type(pppd_etc_rw_t)
@@ -18194,7 +18252,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		mysql_search_db(httpd_prewikka_script_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.16/policy/modules/services/privoxy.te
 --- nsaserefpolicy/policy/modules/services/privoxy.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/privoxy.te	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/privoxy.te	2009-06-15 15:19:59.000000000 -0400
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -18210,7 +18268,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  type privoxy_t; # web_client_domain
  type privoxy_exec_t;
  init_daemon_domain(privoxy_t, privoxy_exec_t)
-@@ -72,21 +80,18 @@
+@@ -39,9 +47,8 @@
+ manage_files_pattern(privoxy_t, privoxy_var_run_t, privoxy_var_run_t)
+ files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
+ 
++kernel_read_system_state(privoxy_t)
+ kernel_read_kernel_sysctls(privoxy_t)
+-kernel_list_proc(privoxy_t)
+-kernel_read_proc_symlinks(privoxy_t)
+ 
+ corenet_all_recvfrom_unlabeled(privoxy_t)
+ corenet_all_recvfrom_netlabel(privoxy_t)
+@@ -72,21 +79,18 @@
  
  logging_send_syslog_msg(privoxy_t)
  
@@ -24289,7 +24358,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.16/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2009-06-12 15:45:03.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/system/authlogin.if	2009-06-12 16:03:57.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/system/authlogin.if	2009-06-15 15:31:30.000000000 -0400
 @@ -46,11 +46,23 @@
  	')
  
@@ -24331,7 +24400,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	init_rw_utmp($1)
  
-@@ -105,9 +120,46 @@
+@@ -105,9 +120,47 @@
  	seutil_read_config($1)
  	seutil_read_default_contexts($1)
  
@@ -24362,6 +24431,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +	optional_policy(`
 +		kerberos_manage_host_rcache($1)
++		kerberos_read_config($1)
 +	')
 +
 +	optional_policy(`
@@ -24380,7 +24450,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -305,19 +356,16 @@
+@@ -305,19 +357,16 @@
  	dev_read_rand($1)
  	dev_read_urand($1)
  
@@ -24405,7 +24475,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	')
  
  	optional_policy(`
-@@ -328,6 +376,29 @@
+@@ -328,6 +377,29 @@
  	optional_policy(`
  		samba_stream_connect_winbind($1)
  	')
@@ -24435,7 +24505,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -352,6 +423,7 @@
+@@ -352,6 +424,7 @@
  
  	auth_domtrans_chk_passwd($1)
  	role $2 types chkpwd_t;
@@ -24443,7 +24513,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -1129,6 +1201,32 @@
+@@ -1129,6 +1202,32 @@
  
  ########################################
  ## <summary>
@@ -24476,7 +24546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Manage all files on the filesystem, except
  ##	the shadow passwords and listed exceptions.
  ## </summary>
-@@ -1395,6 +1493,14 @@
+@@ -1395,6 +1494,14 @@
  	')
  
  	optional_policy(`
@@ -24491,7 +24561,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		nis_use_ypbind($1)
  	')
  
-@@ -1403,8 +1509,13 @@
+@@ -1403,8 +1510,13 @@
  	')
  
  	optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8f9576a..e42913d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.16
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -473,6 +473,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Jun 15 2009 Dan Walsh <dwalsh@redhat.com> 3.6.16-2
+- Additional rules for consolekit/udev, privoxy and various other fixes
+
 * Fri Jun 12 2009 Dan Walsh <dwalsh@redhat.com> 3.6.16-1
 - New version for upstream