diff --git a/pam-1.1.6-namespace-mntopts.patch b/pam-1.1.6-namespace-mntopts.patch
new file mode 100644
index 0000000..20c55f6
--- /dev/null
+++ b/pam-1.1.6-namespace-mntopts.patch
@@ -0,0 +1,93 @@
+diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml
+index 673099b..f28350d 100644
+--- a/modules/pam_namespace/namespace.conf.5.xml
++++ b/modules/pam_namespace/namespace.conf.5.xml
+@@ -119,6 +119,14 @@
+       contain the user name and will be shared among all users.
+     </para>
+ 
++    <para><emphasis>mntopts</emphasis>=<replaceable>value</replaceable>
++      - this flag value is passed to the mount call when the tmpfs mount is done.
++      It allows for example the specification of the maximum size of the tmpfs
++      instance that is created by the mount call. See <citerefentry>
++      <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum>
++      </citerefentry> for details.
++    </para>
++
+     <para>
+       The directory where polyinstantiated instances are to be
+       created, must exist and must have, by default, the mode of 0000.  The
+diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
+index a40f05e..e0d5e30 100644
+--- a/modules/pam_namespace/pam_namespace.c
++++ b/modules/pam_namespace/pam_namespace.c
+@@ -64,6 +64,7 @@ static void del_polydir(struct polydir_s *poly)
+ 	if (poly) {
+ 		free(poly->uid);
+ 		free(poly->init_script);
++		free(poly->mount_opts);
+ 		free(poly);
+ 	}
+ }
+@@ -237,9 +238,9 @@ static int parse_method(char *method, struct polydir_s *poly,
+     static const char *method_names[] = { "user", "context", "level", "tmpdir",
+ 	"tmpfs", NULL };
+     static const char *flag_names[] = { "create", "noinit", "iscript",
+-	"shared", NULL };
++	"shared", "mntopts", NULL };
+     static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT,
+-	POLYDIR_ISCRIPT, POLYDIR_SHARED };
++	POLYDIR_ISCRIPT, POLYDIR_SHARED, POLYDIR_MNTOPTS };
+     int i;
+     char *flag;
+ 
+@@ -279,6 +280,20 @@ static int parse_method(char *method, struct polydir_s *poly,
+ 					return -1;
+ 				};
+ 				break;
++
++			    case POLYDIR_MNTOPTS:
++				if (flag[namelen] != '=')
++					break;
++				if (poly->method != TMPFS) {
++					pam_syslog(idata->pamh, LOG_WARNING, "Mount options applicable only to tmpfs method");
++					break;
++				}
++				free(poly->mount_opts); /* if duplicate mntopts specified */
++				if ((poly->mount_opts = strdup(flag+namelen+1)) == NULL) {
++					pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
++					return -1;
++				}
++				break;
+ 			}
+ 		}
+ 	}
+@@ -1464,7 +1479,7 @@ static int ns_setup(struct polydir_s *polyptr,
+     }
+ 
+     if (polyptr->method == TMPFS) {
+-	if (mount("tmpfs", polyptr->dir, "tmpfs", 0, NULL) < 0) {
++	if (mount("tmpfs", polyptr->dir, "tmpfs", 0, polyptr->mount_opts) < 0) {
+ 	    pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m",
+ 		polyptr->dir);
+             return PAM_SESSION_ERR;
+diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h
+index 51d2388..47ebcc3 100644
+--- a/modules/pam_namespace/pam_namespace.h
++++ b/modules/pam_namespace/pam_namespace.h
+@@ -116,6 +116,7 @@
+ #define POLYDIR_NOINIT        0x00000004 /* no init script */
+ #define POLYDIR_SHARED        0x00000008 /* share context/level instances among users */
+ #define POLYDIR_ISCRIPT       0x00000010 /* non default init script */
++#define POLYDIR_MNTOPTS       0x00000020 /* mount options for tmpfs mount */
+ 
+ 
+ #define NAMESPACE_MAX_DIR_LEN 80
+@@ -164,6 +165,7 @@ struct polydir_s {
+     uid_t *uid;				/* list of override uids */
+     unsigned int flags;			/* polydir flags */
+     char *init_script;			/* path to init script */
++    char *mount_opts;			/* mount options for tmpfs mount */
+     uid_t owner;			/* user which should own the polydir */
+     gid_t group;			/* group which should own the polydir */
+     mode_t mode;			/* mode of the polydir */
diff --git a/pam.spec b/pam.spec
index 6871542..0c68c77 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -46,7 +46,10 @@ Patch20: pam-1.1.5-unix-no-fallback.patch
 Patch21: pam-1.1.6-install-empty.patch
 #
 Patch22: pam-1.1.5-unix-build.patch
+# Upstreamed
 Patch23: pam-1.1.6-autoupdate.patch
+# Upstreamed
+Patch24: pam-1.1.6-namespace-mntopts.patch
 
 %define _sbindir /sbin
 %define _moduledir /%{_lib}/security
@@ -125,6 +128,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch21 -p1 -b .empty
 %patch22 -p1 -b .build
 %patch23 -p1 -b .autoupdate
+%patch24 -p1 -b .mntopts
 
 %build
 autoreconf
@@ -378,6 +382,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Mon Oct 15 2012 Tomas Mraz <tmraz@redhat.com> 1.1.6-3
+- add support for tmpfs mount options in pam_namespace
+
 * Mon Sep  3 2012 Tomas Mraz <tmraz@redhat.com> 1.1.6-2
 - link setuid binaries with full relro (#853158)
 - add rhost and tty to auditing data in modules (#677664)