diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 7906d75..153e0a3 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1603,6 +1603,28 @@ index 540860a..10175dd 100644
  connects the physical terminal it was invoked upon with the pseudo
  terminal, passing keyboard input into to the child process, and passing the
  output of the child process to the physical terminal.
+diff --git a/policycoreutils/run_init/run_init.c b/policycoreutils/run_init/run_init.c
+index 9db766c..068e24c 100644
+--- a/policycoreutils/run_init/run_init.c
++++ b/policycoreutils/run_init/run_init.c
+@@ -414,10 +414,17 @@ int main(int argc, char *argv[])
+ 	 * execvp or using a exec(1) recycles pty's, and does not open a new
+ 	 * one. 
+ 	 */
++#ifdef USE_OPEN_INIT_PTY
+ 	if (execvp("/usr/sbin/open_init_pty", argv)) {
+ 		perror("execvp");
+ 		exit(-1);
+ 	}
++#else
++	if (execvp(argv[1], argv + 1)) {
++		perror("execvp");
++		exit(-1);
++	}
++#endif
+ 	return 0;
+ 
+ }				/* main() */
 diff --git a/policycoreutils/sandbox/Makefile b/policycoreutils/sandbox/Makefile
 index ff0ee7c..0c8a085 100644
 --- a/policycoreutils/sandbox/Makefile
@@ -2143,7 +2165,7 @@ index 0000000..e7b8991
 +and
 +.I Thomas Liu <tliu@fedoraproject.org>
 diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..49dad71 100644
+index ec692e7..52362e0 100644
 --- a/policycoreutils/sandbox/seunshare.c
 +++ b/policycoreutils/sandbox/seunshare.c
 @@ -1,28 +1,35 @@
@@ -2211,16 +2233,17 @@ index ec692e7..49dad71 100644
 -static int drop_capabilities(uid_t uid)
 +static int drop_caps()
  {
-+	if (capng_have_capabilities(CAPNG_SELECT_BOTH) == CAPNG_NONE)
-+		return 0;
- 	capng_clear(CAPNG_SELECT_BOTH);
+-	capng_clear(CAPNG_SELECT_BOTH);
 -
 -	if (capng_lock() < 0) 
 -		return -1;
 -	/* Change uid */
 -	if (setresuid(uid, uid, uid)) {
 -		fprintf(stderr, _("Error changing uid, aborting.\n"));
-+	if (capng_lock() == -1 || capng_apply(CAPNG_SELECT_BOTH) == -1) {
++	if (capng_have_capabilities(CAPNG_SELECT_CAPS) == CAPNG_NONE)
++		return 0;
++	capng_clear(CAPNG_SELECT_CAPS);
++	if (capng_lock() == -1 || capng_apply(CAPNG_SELECT_CAPS) == -1) {
 +		fprintf(stderr, _("Failed to drop all capabilities\n"));
  		return -1;
  	}
diff --git a/policycoreutils.spec b/policycoreutils.spec
index fd0163d..b0d58f9 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.86
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -336,6 +336,10 @@ fi
 exit 0
 
 %changelog
+* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-14
+- Do not drop capability bounding set in seunshare, this allows sandbox to 
+- run setuid apps.
+
 * Fri Jun 10 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-13
 - Add semanage-bash-completion.sh script