diff --git a/policy-20090521.patch b/policy-20090521.patch
index 397c731..e96b8b8 100644
--- a/policy-20090521.patch
+++ b/policy-20090521.patch
@@ -57,6 +57,50 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  logging_send_syslog_msg(certwatch_t)
  
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.6.12/policy/modules/admin/kismet.te
+--- nsaserefpolicy/policy/modules/admin/kismet.te	2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/kismet.te	2009-07-07 08:55:43.000000000 +0200
+@@ -23,6 +23,9 @@
+ type kismet_var_lib_t;
+ files_type(kismet_var_lib_t)
+ 
++type kismet_tmpfs_t;
++files_tmp_file(kismet_tmpfs_t)
++
+ ########################################
+ #
+ # kismet local policy
+@@ -44,6 +47,10 @@
+ manage_files_pattern(kismet_t, kismet_tmp_t, kismet_tmp_t)
+ files_tmp_filetrans(kismet_t, kismet_tmp_t, { file dir })
+ 
++manage_dirs_pattern(kismet_t, kismet_tmpfs_t, kismet_tmpfs_t)
++manage_files_pattern(kismet_t, kismet_tmpfs_t, kismet_tmpfs_t)
++fs_tmpfs_filetrans(kismet_t, kismet_tmpfs_t, file)
++
+ allow kismet_t kismet_var_lib_t:file manage_file_perms;
+ allow kismet_t kismet_var_lib_t:dir manage_dir_perms;
+ files_var_lib_filetrans(kismet_t, kismet_var_lib_t, { file dir })
+@@ -53,6 +60,7 @@
+ files_pid_filetrans(kismet_t, kismet_var_run_t, { file dir })
+ 
+ kernel_search_debugfs(kismet_t)
++kernel_read_system_state(kismet_t)
+ 
+ corecmd_exec_bin(kismet_t)
+ 
+@@ -75,3 +83,11 @@
+ 
+ userdom_use_user_terminals(kismet_t)
+ userdom_read_user_tmpfs_files(kismet_t)
++
++optional_policy(`
++        dbus_system_bus_client(kismet_t)
++
++        optional_policy(`
++                networkmanager_dbus_chat(kismet_t)
++        ')
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.12/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2009-06-25 10:19:43.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/admin/prelink.te	2009-06-25 10:21:01.000000000 +0200
@@ -604,6 +648,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
  xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.12/policy/modules/apps/nsplugin.if
+--- nsaserefpolicy/policy/modules/apps/nsplugin.if	2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/nsplugin.if	2009-07-07 08:51:57.000000000 +0200
+@@ -89,6 +89,8 @@
+ 	role $1 types nsplugin_config_t;
+ 
+ 	allow nsplugin_t $2:process signull;
++	allow nsplugin_t $2:sem rw_sem_perms;
++ 	allow nsplugin_t $2:shm rw_shm_perms;
+ 
+ 	list_dirs_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
+ 	read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.12/policy/modules/apps/qemu.fc
 --- nsaserefpolicy/policy/modules/apps/qemu.fc	2009-06-25 10:19:43.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc	2009-06-25 10:21:01.000000000 +0200
@@ -1400,7 +1456,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  type lvm_control_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.12/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.if	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.if	2009-07-07 08:21:23.000000000 +0200
 @@ -44,34 +44,6 @@
  interface(`domain_type',`
  	# start with basic domain
@@ -1436,6 +1492,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
+@@ -1338,3 +1310,20 @@
+ 	typeattribute $1 process_uncond_exempt;
+ ')
+ 
++#######################################
++## <summary>
++## Send generic signals to the unconfined domains.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`domain_unconfined_signal',`
++	gen_require(`
++		type unconfined_domain_type;
++	')
++
++	allow $1 unconfined_domain_type:process signal;
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.12/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/kernel/domain.te	2009-06-26 15:48:29.000000000 +0200
@@ -1836,6 +1913,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  /usr/sbin/printconf-backend --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
  /usr/sbin/ptal-printd	--	gen_context(system_u:object_r:ptal_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.12/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te	2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cups.te	2009-07-07 09:04:11.000000000 +0200
+@@ -733,6 +733,8 @@
+ files_read_etc_files(cups_pdf_t)
+ files_read_usr_files(cups_pdf_t)
+ 
++fs_rw_anon_inodefs_files(cups_pdf_t)  
++
+ kernel_read_system_state(cups_pdf_t)
+ 
+ auth_use_nsswitch(cups_pdf_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.12/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/services/dcc.te	2009-06-25 10:21:01.000000000 +0200
@@ -2124,11 +2213,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.12/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.te	2009-06-25 10:21:01.000000000 +0200
-@@ -287,6 +287,11 @@
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.te	2009-07-07 08:19:18.000000000 +0200
+@@ -277,6 +277,8 @@
+ #
+ 
+ allow kpropd_t self:capability net_bind_service;
++allow kpropd_t self:process setfscreate;
++
+ allow kpropd_t self:fifo_file rw_file_perms;
+ allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
+ allow kpropd_t self:tcp_socket create_stream_socket_perms;
+@@ -287,6 +289,12 @@
  
  manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
  manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
++read_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_conf_t)
 +filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)
 +
 +manage_dirs_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
@@ -2137,6 +2236,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corecmd_exec_bin(kpropd_t)
  
+@@ -302,10 +310,14 @@
+ files_read_etc_files(kpropd_t)
+ files_search_tmp(kpropd_t)
+ 
++selinux_validate_context(kpropd_t)
++
+ logging_send_syslog_msg(kpropd_t)
+ 
+ miscfiles_read_localization(kpropd_t)
+ 
++seutil_read_file_contexts(kpropd_t)
++
+ sysnet_dns_name_resolve(kpropd_t)
+ 
+ kerberos_use(kpropd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.12/policy/modules/services/lircd.te
 --- nsaserefpolicy/policy/modules/services/lircd.te	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/services/lircd.te	2009-06-25 10:21:01.000000000 +0200
@@ -2563,7 +2677,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-07-07 08:35:34.000000000 +0200
 @@ -95,6 +95,10 @@
  userdom_signal_unpriv_users(rpcd_t)
  
@@ -2575,7 +2689,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	nis_read_ypserv_config(rpcd_t)
  ')
  
-@@ -214,6 +218,10 @@
+@@ -103,6 +107,10 @@
+ 	unconfined_signal(rpcd_t)
+ ')
+ 
++optional_policy(`
++        domain_unconfined_signal(rpcd_t)
++')
++
+ ########################################
+ #
+ # NFSD local policy
+@@ -214,6 +222,10 @@
  ')
  
  optional_policy(`
@@ -2917,12 +3042,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2009-06-25 10:21:01.000000000 +0200
-@@ -1,3 +1,4 @@
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2009-07-07 08:44:02.000000000 +0200
+@@ -1,13 +1,15 @@
 +/root/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
  HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
  
  /etc/rc\.d/init\.d/spamd	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
++/etc/rc\.d/init\.d/spamassassin --      gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/mimedefang.*	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
+ 
+ /usr/bin/sa-learn	--	gen_context(system_u:object_r:spamc_exec_t,s0)
+ /usr/bin/spamassassin	--	gen_context(system_u:object_r:spamc_exec_t,s0)
+ /usr/bin/spamc		--	gen_context(system_u:object_r:spamc_exec_t,s0)
+-/usr/bin/spamd		--	gen_context(system_u:object_r:spamassassin_exec_t,s0)
+ 
++/usr/bin/spamd          --      gen_context(system_u:object_r:spamd_exec_t,s0)
+ /usr/sbin/spamd		--	gen_context(system_u:object_r:spamd_exec_t,s0)
+ /usr/bin/mimedefang-multiplexor --	gen_context(system_u:object_r:spamd_exec_t,s0)
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.12/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2009-06-25 10:19:44.000000000 +0200
 +++ serefpolicy-3.6.12/policy/modules/services/ssh.te	2009-06-29 22:52:07.000000000 +0200
@@ -2939,7 +3076,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.12/policy/modules/services/uucp.te
 --- nsaserefpolicy/policy/modules/services/uucp.te	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/services/uucp.te	2009-06-25 10:21:01.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/uucp.te	2009-07-07 09:47:39.000000000 +0200
 @@ -95,6 +95,8 @@
  files_search_home(uucpd_t)
  files_search_spool(uucpd_t)
@@ -3692,7 +3829,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-06-25 10:19:44.000000000 +0200
-+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc	2009-06-29 14:16:57.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/libraries.fc	2009-07-07 09:20:48.000000000 +0200
 @@ -139,6 +139,7 @@
  /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/fglrx/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -3701,7 +3838,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/libjs\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libx264\.so(\.[^/]*)* 	-- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/sse2/libx264\.so(\.[^/]*)* 	-- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -190,6 +191,7 @@
+@@ -167,6 +168,8 @@
+ /usr/lib(64)?/xorg/modules/drivers/nvidia_drv\.o -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
++/usr/share/hplip/prnt/plugins(/.*)?		gen_context(system_u:object_r:lib_t,s0)
++
+ ifdef(`distro_debian',`
+ /usr/lib32				-l	gen_context(system_u:object_r:lib_t,s0)
+ ')
+@@ -190,6 +193,7 @@
  /usr/lib/firefox-[^/]*/plugins/nppdf.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/libFLAC\.so.*			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/mozilla/plugins/nppdf\.so 	-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -3709,7 +3855,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib/maxima/[^/]+/binary-gcl/maxima	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/mozilla/plugins/libvlcplugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/nx/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -284,6 +286,7 @@
+@@ -284,6 +288,7 @@
  /usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  # vmware 
@@ -3717,7 +3863,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -366,9 +369,10 @@
+@@ -366,9 +371,10 @@
  /usr/matlab.*\.so(\.[^/]*)*		gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/local/matlab.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/matlab.*\.so(\.[^/]*)*	gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index fe380be..4ce99b9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 63%{?dist}
+Release: 64%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -475,6 +475,10 @@ exit 0
 %endif
 
 %changelog
+* Tue Jul 7 2009 Miroslav Grepl <mgrepl@redhat.com> 3.6.12-64
+- Fixes for kpropd
+- Fix up kismet policy
+
 * Fri Jul 3 2009 Miroslav Grepl <mgrepl@redhat.com> 3.6.12-63
 - Allow ftpd to create shm