diff --git a/.cvsignore b/.cvsignore
index 53b47c4..dbaf9f6 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -171,3 +171,4 @@ serefpolicy-3.6.13.tgz
 serefpolicy-3.6.14.tgz
 serefpolicy-3.6.15.tgz
 serefpolicy-3.6.16.tgz
+serefpolicy-3.6.17.tgz
diff --git a/policy-F12.patch b/policy-F12.patch
index f6e7faf..041c898 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -1565,41 +1565,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  type sudo_exec_t;
  application_executable_file(sudo_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.6.16/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/admin/su.if	2009-06-12 15:59:08.000000000 -0400
-@@ -90,15 +90,6 @@
- 
- 	miscfiles_read_localization($1_su_t)
- 
--	ifdef(`distro_redhat',`
--		# RHEL5 and possibly newer releases incl. Fedora
--		auth_domtrans_upd_passwd($1_su_t)
--
--		optional_policy(`
--			locallogin_search_keys($1_su_t)
--		')
--	')
--
- 	ifdef(`distro_rhel4',`
- 		domain_role_change_exemption($1_su_t)
- 		domain_subj_id_change_exemption($1_su_t)
-@@ -227,15 +218,6 @@
- 	userdom_use_user_terminals($1_su_t)
- 	userdom_search_user_home_dirs($1_su_t)
- 
--	ifdef(`distro_redhat',`
--		# RHEL5 and possibly newer releases incl. Fedora
--		auth_domtrans_upd_passwd($1_su_t)
--
--		optional_policy(`
--			locallogin_search_keys($1_su_t)
--		')
--	')
--
- 	ifdef(`distro_rhel4',`
- 		domain_role_change_exemption($1_su_t)
- 		domain_subj_id_change_exemption($1_su_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.16/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-11-11 16:13:49.000000000 -0500
 +++ serefpolicy-3.6.16/policy/modules/admin/tmpreaper.te	2009-06-12 15:59:08.000000000 -0400
@@ -4249,7 +4214,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.16/policy/modules/apps/qemu.te
 --- nsaserefpolicy/policy/modules/apps/qemu.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/apps/qemu.te	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/apps/qemu.te	2009-06-19 07:21:45.000000000 -0400
 @@ -13,28 +13,97 @@
  ## </desc>
  gen_tunable(qemu_full_network, false)
@@ -5351,7 +5316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-06-12 09:08:48.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in	2009-06-19 07:01:21.000000000 -0400
 @@ -65,6 +65,7 @@
  type server_packet_t, packet_type, server_packet_type;
  
@@ -5390,7 +5355,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
  network_port(howl, tcp,5335,s0, udp,5353,s0)
  network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
-@@ -121,6 +128,7 @@
+@@ -121,16 +128,18 @@
  network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
  network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
  network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
@@ -5398,7 +5363,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  network_port(kprop, tcp,754,s0)
  network_port(ktalkd, udp,517,s0, udp,518,s0)
  network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
-@@ -131,6 +139,7 @@
+ type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
+ network_port(lmtp, tcp,24,s0, udp,24,s0)
+-network_port(mail, tcp,2000,s0)
++network_port(mail, tcp,2000,s0, tcp,3905,s0)
+ network_port(memcache, tcp,11211,s0, udp,11211,s0)
  network_port(mmcc, tcp,5050,s0, udp,5050,s0)
  network_port(monopd, tcp,1234,s0)
  network_port(msnp, tcp,1863,s0, udp,1863,s0)
@@ -5683,7 +5652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  type lvm_control_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.16/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-06-12 09:08:48.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/kernel/domain.if	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/kernel/domain.if	2009-06-19 06:16:32.000000000 -0400
 @@ -65,7 +65,8 @@
  	')
  
@@ -6286,7 +6255,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/dev/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.16/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-06-12 09:08:48.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/kernel/kernel.if	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/kernel/kernel.if	2009-06-19 06:12:19.000000000 -0400
 @@ -1807,7 +1807,7 @@
  	')
  
@@ -13004,7 +12973,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.16/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/services/dnsmasq.te	2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/dnsmasq.te	2009-06-19 07:12:42.000000000 -0400
 @@ -42,8 +42,7 @@
  files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
  
@@ -13015,7 +12984,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_all_recvfrom_unlabeled(dnsmasq_t)
  corenet_all_recvfrom_netlabel(dnsmasq_t)
-@@ -84,6 +83,14 @@
+@@ -84,6 +83,18 @@
  userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
  
  optional_policy(`
@@ -13023,6 +12992,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
++	dbus_system_bus_client(dnsmasq_t)
++')
++
++optional_policy(`
 +	tftp_read_content(dnsmasq_t)
 +')
 +
@@ -13687,8 +13660,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.16/policy/modules/services/gnomeclock.te
 --- nsaserefpolicy/policy/modules/services/gnomeclock.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/gnomeclock.te	2009-06-12 15:59:08.000000000 -0400
-@@ -0,0 +1,49 @@
++++ serefpolicy-3.6.16/policy/modules/services/gnomeclock.te	2009-06-19 05:26:32.000000000 -0400
+@@ -0,0 +1,50 @@
 +policy_module(gnomeclock, 1.0.0)
 +########################################
 +#
@@ -13733,6 +13706,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
++	polkit_dbus_chat(gnomeclock_t)
 +	polkit_domtrans_auth(gnomeclock_t)
 +	polkit_read_lib(gnomeclock_t)
 +	polkit_read_reload(gnomeclock_t)
@@ -14494,27 +14468,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  optional_policy(`
  	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.6.16/policy/modules/services/milter.fc
---- nsaserefpolicy/policy/modules/services/milter.fc	2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/services/milter.fc	2009-06-12 15:59:08.000000000 -0400
-@@ -1,8 +1,15 @@
- /usr/sbin/milter-regex				--	gen_context(system_u:object_r:regex_milter_exec_t,s0)
--/var/spool/milter-regex(/.*)?				gen_context(system_u:object_r:regex_milter_data_t,s0)
--
- /usr/sbin/spamass-milter			--	gen_context(system_u:object_r:spamass_milter_exec_t,s0)
-+/usr/sbin/milter-greylist			--	gen_context(system_u:object_r:greylist_milter_exec_t,s0)
-+
-+/var/spool/milter-regex(/.*)?				gen_context(system_u:object_r:regex_milter_data_t,s0)
- 
- /var/lib/spamass-milter(/.*)?				gen_context(system_u:object_r:spamass_milter_state_t,s0)
-+/var/lib/milter-greylist(/.*)?				gen_context(system_u:object_r:greylist_milter_data_t,s0)
-+/var/lib/miltermilter.*					gen_context(system_u:object_r:spamass_milter_state_t,s0)
-+
-+/var/run/milter.*				--	gen_context(system_u:object_r:spamass_milter_data_t,s0)
-+/var/run/milter-greylist(/.*)?				gen_context(system_u:object_r:greylist_milter_data_t,s0)
-+/var/run/milter-greylist\.pid			--	gen_context(system_u:object_r:greylist_milter_data_t,s0)
- /var/run/spamass-milter(/.*)?				gen_context(system_u:object_r:spamass_milter_data_t,s0)
- /var/run/spamass-milter\.pid			--	gen_context(system_u:object_r:spamass_milter_data_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.16/policy/modules/services/milter.if
 --- nsaserefpolicy/policy/modules/services/milter.if	2009-05-21 08:43:08.000000000 -0400
 +++ serefpolicy-3.6.16/policy/modules/services/milter.if	2009-06-12 15:59:08.000000000 -0400
@@ -14527,50 +14480,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	allow $1_milter_t self:fifo_file rw_fifo_file_perms;
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.6.16/policy/modules/services/milter.te
---- nsaserefpolicy/policy/modules/services/milter.te	2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/services/milter.te	2009-06-12 15:59:08.000000000 -0400
-@@ -63,3 +63,40 @@
- 
- # The main job of the milter is to pipe spam through spamc and act on the result
- spamassassin_domtrans_client(spamass_milter_t)
-+
-+########################################
-+#
-+# milter-greylist Declarations
-+#
-+
-+milter_template(greylist)
-+
-+########################################
-+#
-+# milter-greylist local policy
-+#   ensure smtp clients retry mail like real MTAs and not spamware
-+#   http://hcpnet.free.fr/milter-greylist/
-+#
-+
-+# Look up username for dropping privs
-+auth_use_nsswitch(greylist_milter_t)
-+
-+# It creates a pid file /var/run/milter-greylist.pid
-+files_pid_filetrans(greylist_milter_t, greylist_milter_data_t, file)
-+
-+# It removes any existing socket (not owned by root) whilst running as root,
-+# fixes permissions, renices itself and then calls setgid() and setuid() to
-+# drop privileges
-+kernel_read_kernel_sysctls(greylist_milter_t)
-+allow greylist_milter_t self:capability { chown dac_override setgid setuid sys_nice };
-+allow greylist_milter_t self:process { setsched getsched };
-+
-+# Allow the milter to read a GeoIP database in /usr/share
-+files_read_usr_files(greylist_milter_t)
-+
-+# The milter runs from /var/lib/milter-greylist and maintains files there
-+files_search_var_lib(greylist_milter_t);
-+
-+# Config is in /etc/mail/greylist.conf
-+mta_read_config(greylist_milter_t)
-+
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.16/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-09-12 10:48:05.000000000 -0400
 +++ serefpolicy-3.6.16/policy/modules/services/mta.fc	2009-06-12 15:59:08.000000000 -0400
@@ -18123,7 +18032,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  # /sbin
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.16/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/ppp.if	2009-06-15 15:36:20.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/ppp.if	2009-06-18 15:55:53.000000000 -0400
 @@ -58,6 +58,25 @@
  
  ########################################
@@ -23031,8 +22940,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.16/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/virt.te	2009-06-16 11:25:30.000000000 -0400
-@@ -8,19 +8,31 @@
++++ serefpolicy-3.6.16/policy/modules/services/virt.te	2009-06-19 07:22:38.000000000 -0400
+@@ -8,19 +8,38 @@
  
  ## <desc>
  ## <p>
@@ -23053,6 +22962,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -attribute virt_image_type;
 +## <desc>
 +## <p>
++## Allow svirt to use usb devices
++## </p>
++## </desc>
++gen_tunable(virt_use_usb, true)
++
++## <desc>
++## <p>
 +## Allow svirt to manage device configuration, (pci)
 +## </p>
 +## </desc>
@@ -23067,7 +22983,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  type virt_etc_t;
  files_config_file(virt_etc_t)
-@@ -29,8 +41,13 @@
+@@ -29,8 +48,13 @@
  files_type(virt_etc_rw_t)
  
  # virt Image files
@@ -23083,7 +22999,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  type virt_log_t;
  logging_log_file(virt_log_t)
-@@ -48,17 +65,39 @@
+@@ -48,17 +72,39 @@
  type virtd_initrc_exec_t;
  init_script_file(virtd_initrc_exec_t)
  
@@ -23125,7 +23041,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
  read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
  
-@@ -67,7 +106,11 @@
+@@ -67,7 +113,11 @@
  manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
  filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
  
@@ -23138,7 +23054,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
  manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -86,6 +129,7 @@
+@@ -86,6 +136,7 @@
  kernel_read_network_state(virtd_t)
  kernel_rw_net_sysctls(virtd_t)
  kernel_load_module(virtd_t)
@@ -23146,7 +23062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corecmd_exec_bin(virtd_t)
  corecmd_exec_shell(virtd_t)
-@@ -96,30 +140,51 @@
+@@ -96,30 +147,51 @@
  corenet_tcp_sendrecv_generic_node(virtd_t)
  corenet_tcp_sendrecv_all_ports(virtd_t)
  corenet_tcp_bind_generic_node(virtd_t)
@@ -23201,7 +23117,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  term_use_ptmx(virtd_t)
  
  auth_use_nsswitch(virtd_t)
-@@ -129,7 +194,15 @@
+@@ -129,7 +201,15 @@
  
  logging_send_syslog_msg(virtd_t)
  
@@ -23217,7 +23133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  tunable_policy(`virt_use_nfs',`
  	fs_manage_nfs_dirs(virtd_t)
-@@ -167,22 +240,34 @@
+@@ -167,22 +247,34 @@
  	dnsmasq_domtrans(virtd_t)
  	dnsmasq_signal(virtd_t)
  	dnsmasq_kill(virtd_t)
@@ -23236,8 +23152,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	kerberos_keytab_template(virtd, virtd_t)
 +')
-+
-+optional_policy(`
+ 
+ optional_policy(`
+-	qemu_domtrans(virtd_t)
 +	lvm_domtrans(virtd_t)
 +')
 +
@@ -23246,9 +23163,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	polkit_domtrans_resolve(virtd_t)
 +	polkit_read_lib(virtd_t)
 +')
- 
- optional_policy(`
--	qemu_domtrans(virtd_t)
++
++optional_policy(`
 +	qemu_spec_domtrans(virtd_t, svirt_t)
  	qemu_read_state(virtd_t)
  	qemu_signal(virtd_t)
@@ -23257,7 +23173,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
-@@ -195,8 +280,86 @@
+@@ -195,8 +287,92 @@
  
  	xen_stream_connect(virtd_t)
  	xen_stream_connect_xenstore(virtd_t)
@@ -23326,6 +23242,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	dev_rw_sysfs(svirt_t)
 +')
 +
++tunable_policy(`virt_use_usb',`
++	dev_rw_usbfs(svirt_t)
++	fs_manage_dos_dirs(svirt_t)
++	fs_manage_dos_files(svirt_t)
++')
++
 +tunable_policy(`virt_use_nfs',`
 +	fs_manage_nfs_dirs(svirt_t)
 +	fs_manage_nfs_files(svirt_t)
@@ -25185,9 +25107,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.16/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te	2009-06-12 15:45:03.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.te	2009-06-19 07:33:00.000000000 -0400
 +++ serefpolicy-3.6.16/policy/modules/system/authlogin.te	2009-06-12 15:59:08.000000000 -0400
-@@ -124,9 +124,18 @@
+@@ -125,9 +124,18 @@
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 5a20e0b..55bdc4b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,8 +19,8 @@
 %define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.6.16
-Release: 4%{?dist}
+Version: 3.6.17
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -183,7 +183,7 @@ fi;
 
 %description
 SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision  2996.
+Based off of reference policy: Checked out revision  3000.
 
 %build
 
@@ -473,6 +473,11 @@ exit 0
 %endif
 
 %changelog
+* Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
+- Update to upstream
+- Additional mail ports
+- Add virt_use_usb boolean for svirt
+
 * Thu Jun 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.16-4
 - Fix mcs rules to include chr_file and blk_file
 
diff --git a/sources b/sources
index 90f2f2b..019c2c1 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a0c76482dedfe1a4e3fe645a8435f634  serefpolicy-3.6.16.tgz
+ff26e4c0c4b5057f2fae0ecc28f2c5fa  serefpolicy-3.6.17.tgz