diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 0de3bd7..ab15fac 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1272,8 +1272,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
  	-mkdir -p $(MANDIR)/man8
 diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.63/scripts/sandbox
 --- nsapolicycoreutils/scripts/sandbox	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.63/scripts/sandbox	2009-05-22 13:59:22.000000000 -0400
-@@ -0,0 +1,149 @@
++++ policycoreutils-2.0.63/scripts/sandbox	2009-05-26 12:30:25.000000000 -0400
+@@ -0,0 +1,138 @@
 +#!/usr/bin/python -E
 +import os, sys, getopt, socket, random, fcntl
 +import selinux
@@ -1365,55 +1365,42 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +
 +    setype = "sandbox_t"
 +    mount_ind = False
-+    gopts, cmds = getopt.getopt(sys.argv[1:], "t:m", 
-+                                ["type=", 
-+                                 "mount"])
-+    for o, a in gopts:
-+        if o == "-t" or o == "--type":
-+            setype = a
-+
-+        if o == "-m" or o == "--mount":
-+            mount_ind = True
-+                
-+            
-+    if len(cmds) == 0:
-+           usage(_("Command required"))
-+
-+    os.chdir("/")
-+    execcon, filecon = gen_context(setype)
-+    rc = -1
 +    try:
-+        if mount_ind:
-+            mount(filecon)
-+
-+        if cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
-+               for i in  os.environ["PATH"].split(':'):
-+                      f = "%s/%s" % (i, cmds[0])
-+                      if os.access(f, os.X_OK):
-+                             cmds[0] = f
-+                             break
-+
-+        setype = selinux.getfilecon(cmds[0])[1].split(":")[2]
-+        if setype == "user_home_t" or setype == "user_tmp_t":
-+               error_exit(_("""
-+Sandboxed applications can not read/execute files labeled as user content;  (%s)
-+Temporarily label '%s" as bin_t, if you want it to run it under a sandbox.
-+
-+chcon -t bin_t %s
-+
-+restorecon %s
-+
-+Will set the executable back to the correct context.
-+""") % (setype, cmds[0], cmds[0], cmds[0]) )
-+
-+        selinux.setexeccon(execcon)
-+        rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
-+        selinux.setexeccon(None)
-+
-+        if mount_ind:
-+            umount(filecon)
-+
-+    except getopt.error, error:
++           gopts, cmds = getopt.getopt(sys.argv[1:], "ht:m", 
++                                       ["help",
++                                        "type=", 
++                                        "mount"])
++           for o, a in gopts:
++                  if o == "-t" or o == "--type":
++                         setype = a
++                         
++           if o == "-m" or o == "--mount":
++                  mount_ind = True
++           if o == "-h" or o == "--help":
++                  usage(_("Usage"));
++            
++           if len(cmds) == 0:
++                  usage(_("Command required"))
++
++           execcon, filecon = gen_context(setype)
++           rc = -1
++           if mount_ind:
++                  mount(filecon)
++
++           if cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
++                  for i in  os.environ["PATH"].split(':'):
++                         f = "%s/%s" % (i, cmds[0])
++                         if os.access(f, os.X_OK):
++                                cmds[0] = f
++                                break
++
++           selinux.setexeccon(execcon)
++           rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
++           selinux.setexeccon(None)
++           
++           if mount_ind:
++                  umount(filecon)
++    except getopt.GetoptError, error:
 +        usage(_("Options Error %s ") % error.msg)
 +    except ValueError, error:
 +        error_exit(error.args[0])
@@ -1421,6 +1408,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +        error_exit(_("Invalid value %s") % error.args[0])
 +    except IOError, error:
 +        error_exit(error.args[1])
++    except OSError, error:
++        error_exit(error.args[1])
 +        
 +    sys.exit(rc)
 diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.63/scripts/sandbox.8
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 2de4cd4..547c5b5 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.63
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -226,6 +226,9 @@ else
 fi
 
 %changelog
+* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-3
+- Fix sandbox to be able to execute files in homedir
+
 * Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-2
 - Change polgen.py to be able to generate policy