diff --git a/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch b/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch
new file mode 100644
index 0000000..e072b4b
--- /dev/null
+++ b/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch
@@ -0,0 +1,37 @@
+From e1b83fb58eadfd02227673db9a7e2833d29b0c98 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 23 Apr 2012 00:32:43 +0200
+Subject: [PATCH] selinux: when dropping capabilities only include AUDIT caps
+ if we have them
+
+When we drop capabilities we shouldn't assume we can keep
+CAP_AUDIT_WRITE unconditionally, since it will not be available when
+running in containers.
+
+This patch only adds CAP_AUDIT_WRITE to the list of caps we keep if we
+actually have it in the first place.
+
+This makes audit/selinux enabled D-Bus work in a Linux container.
+---
+ bus/selinux.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bus/selinux.c b/bus/selinux.c
+index 36287e9..1bfc791 100644
+--- a/bus/selinux.c
++++ b/bus/selinux.c
+@@ -1053,8 +1053,9 @@ _dbus_change_to_daemon_user  (const char    *user,
+       int rc;
+ 
+       capng_clear (CAPNG_SELECT_BOTH);
+-      capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
+-                    CAP_AUDIT_WRITE);
++      if (capng_have_capability (CAPNG_PERMITTED, CAP_AUDIT_WRITE))
++        capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
++                      CAP_AUDIT_WRITE);
+       rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP);
+       if (rc)
+         {
+-- 
+1.7.10
+
diff --git a/dbus.spec b/dbus.spec
index 27a1284..44e3034 100644
--- a/dbus.spec
+++ b/dbus.spec
@@ -10,7 +10,7 @@ Summary: D-BUS message bus
 Name: dbus
 Epoch: 1
 Version: 1.4.20
-Release: 1%{?dist}
+Release: 2%{?dist}
 URL: http://www.freedesktop.org/software/dbus/
 #VCS: git:git://git.freedesktop.org/git/dbus/dbus
 Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
@@ -44,6 +44,10 @@ Conflicts: cups < 1:1.1.20-4
 # FIXME this should be upstreamed; need --daemon-bindir=/bin and --bindir=/usr/bin or something?
 Patch0: bindir.patch
 
+# Posted upstream, makes D-Bus work in Linux containers.
+# https://bugs.freedesktop.org/show_bug.cgi?id=49062
+Patch1: 0001-selinux-when-dropping-capabilities-only-include-AUDI.patch
+
 %description
 D-BUS is a system for sending messages between applications. It is
 used both for the system-wide message bus service, and as a
@@ -94,6 +98,7 @@ in this separate package so server systems need not install X.
 /bin/chmod 0644 COPYING ChangeLog NEWS
 
 %patch0 -p1 -b .bindir
+%patch1 -p1
 
 autoreconf -f -i
 
@@ -227,6 +232,9 @@ fi
 %{_includedir}/*
 
 %changelog
+* Sun Apr 22 2012 Lennart Poettering <lpoetter@redhat.com> - 1:1.4.20-2
+- Make D-Bus work in containers
+
 * Tue Apr 13 2012 Colin Walters <walters@verbum.org>
 - Update to 1.4.20; closes #806082
 - Ensure /var/lib/dbus exists; this seems to have been