diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index 35b11a9..3f67bf8 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -241,7 +241,7 @@ allow_nsplugin_execmem=true
 
 # Allow unconfined domain to transition to confined domain
 # 
-allow_unconfined_nsplugin_transition=true
+allow_unconfined_nsplugin_transition=false
 
 # Allow unconfined domains mmap low kernel memory
 # 
diff --git a/policy-20090105.patch b/policy-20090105.patch
index d99c7b4..aed060f 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -22980,7 +22980,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/virt.te	2009-04-17 11:23:07.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/virt.te	2009-04-17 11:32:56.000000000 -0400
 @@ -8,19 +8,24 @@
  
  ## <desc>
@@ -23228,7 +23228,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +list_dirs_pattern(svirt_t, virt_content_t, virt_content_t)
 +read_files_pattern(svirt_t, virt_content_t, virt_content_t)
 +dontaudit svirt_t virt_content_t:file write_file_perms;
-+dontaudit svirt_t virt_content_t:dir write_dir_perms;
++dontaudit svirt_t virt_content_t:dir write;
 +
 +storage_raw_write_removable_device(svirt_t)
 +storage_raw_read_removable_device(svirt_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a0a4484..677eacb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -446,6 +446,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Apr 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-7
+- Turn off nsplugin transition
+- Remove Konsole leaked file descriptors for release
 
 * Fri Apr 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-6
 - Allow cupsd_t to create link files in print_spool_t