diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 95603e6..7ba2583 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1639,7 +1639,7 @@ index ff0ee7c..0c8a085 100644
  test:
  	@python test_sandbox.py -v
 diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 48a26c2..d1037bd 100644
+index 48a26c2..b815af2 100644
 --- a/policycoreutils/sandbox/sandbox
 +++ b/policycoreutils/sandbox/sandbox
 @@ -1,5 +1,6 @@
@@ -1650,7 +1650,7 @@ index 48a26c2..d1037bd 100644
  # Authors: Josh Cogliati
  #
  # Copyright (C) 2009,2010  Red Hat
-@@ -19,15 +20,18 @@
+@@ -19,15 +20,17 @@
  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  #
  
@@ -1664,14 +1664,14 @@ index 48a26c2..d1037bd 100644
 +import setools
  
  PROGNAME = "policycoreutils"
- HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
+-HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
 -
 +SEUNSHARE = "/usr/sbin/seunshare"
 +SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
  import gettext
  gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
  gettext.textdomain(PROGNAME)
-@@ -41,6 +45,7 @@ except IOError:
+@@ -41,6 +44,7 @@ except IOError:
         import __builtin__
         __builtin__.__dict__['_'] = unicode
  
@@ -1679,7 +1679,7 @@ index 48a26c2..d1037bd 100644
  DEFAULT_TYPE = "sandbox_t"
  DEFAULT_X_TYPE = "sandbox_x_t"
  SAVE_FILES = {}
-@@ -63,15 +68,15 @@ def error_exit(msg):
+@@ -63,15 +67,15 @@ def error_exit(msg):
      sys.stderr.flush()
      sys.exit(1)
  
@@ -1699,7 +1699,7 @@ index 48a26c2..d1037bd 100644
                       if not os.path.exists(newdir):
                              os.makedirs(newdir)
                       dest = newdir + "/" + bname
-@@ -81,9 +86,10 @@ def copyfile(file, dir, dest):
+@@ -81,9 +85,10 @@ def copyfile(file, dir, dest):
                              shutil.copytree(file, dest)
                       else:
                              shutil.copy2(file, dest)
@@ -1712,7 +1712,7 @@ index 48a26c2..d1037bd 100644
                       
                SAVE_FILES[file] = (dest, os.path.getmtime(dest))
  
-@@ -161,10 +167,10 @@ class Sandbox:
+@@ -161,10 +166,10 @@ class Sandbox:
                    if not self.__options.homedir or not self.__options.tmpdir:
                           self.usage(_("Homedir and tempdir required for level mounts"))
  
@@ -1726,7 +1726,7 @@ index 48a26c2..d1037bd 100644
  
      def __mount_callback(self, option, opt, value, parser):
             self.__mount = True
-@@ -172,6 +178,15 @@ class Sandbox:
+@@ -172,6 +177,15 @@ class Sandbox:
      def __x_callback(self, option, opt, value, parser):
             self.__mount = True
             setattr(parser.values, option.dest, True)
@@ -1742,7 +1742,7 @@ index 48a26c2..d1037bd 100644
  
      def __validdir(self, option, opt, value, parser):
             if not os.path.isdir(value):
-@@ -194,6 +209,8 @@ class Sandbox:
+@@ -194,6 +208,8 @@ class Sandbox:
                           self.__include(option, opt, i[:-1], parser)
                    except IOError, e:
                           sys.stderr.write(str(e))
@@ -1751,7 +1751,7 @@ index 48a26c2..d1037bd 100644
             fd.close()
  
      def __copyfiles(self):
-@@ -212,13 +229,15 @@ class Sandbox:
+@@ -212,13 +228,15 @@ class Sandbox:
  /etc/gdm/Xsession
  """)
             else:
@@ -1769,7 +1769,7 @@ index 48a26c2..d1037bd 100644
  kill -TERM $WM_PID  2> /dev/null
  """ % (command, wm, command))
             fd.close()
-@@ -226,14 +245,25 @@ kill -TERM $WM_PID  2> /dev/null
+@@ -226,14 +244,25 @@ kill -TERM $WM_PID  2> /dev/null
  
      def usage(self, message = ""):
             error_exit("%s\n%s" % (self.__parser.usage, message))
@@ -1799,7 +1799,7 @@ index 48a26c2..d1037bd 100644
          
          parser = OptionParser(version=self.VERSION, usage=usage)
          parser.disable_interspersed_args()
-@@ -268,6 +298,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -268,6 +297,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
                            action="callback", callback=self.__validdir,
                            help=_("alternate /tmp directory to use for mounting"))
  
@@ -1810,7 +1810,7 @@ index 48a26c2..d1037bd 100644
          parser.add_option("-W", "--windowmanager", dest="wm",  
                            type="string",
                            default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +310,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -276,13 +309,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
          parser.add_option("-l", "--level", dest="level", 
                            help=_("MCS/MLS level for the sandbox"))
  
@@ -1829,7 +1829,7 @@ index 48a26c2..d1037bd 100644
          if self.__options.setype:
                 self.setype = self.__options.setype
  
-@@ -299,6 +337,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -299,6 +336,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
                 self.__options.X_ind = True
                 self.__homedir = self.__options.homedir
                 self.__tmpdir = self.__options.tmpdir
@@ -1839,7 +1839,31 @@ index 48a26c2..d1037bd 100644
          else:
                 if len(cmds) == 0:
                        self.usage(_("Command required"))
-@@ -351,22 +392,24 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -329,44 +369,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+     def __setup_dir(self):
+            if self.__options.level or self.__options.session:
+                   return
+-           sandboxdir = HOMEDIR + "/.sandbox"
+-           if not os.path.exists(sandboxdir):
+-                  os.mkdir(sandboxdir)
+ 
+            if self.__options.homedir:
+                   selinux.chcon(self.__options.homedir, self.__filecon, recursive=True)
+                   self.__homedir = self.__options.homedir
+            else:
+                   selinux.setfscreatecon(self.__filecon)
+-                  self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sandbox")
++                  self.__homedir = mkdtemp(dir="/tmp", prefix=".sandbox_home_")
+ 
+            if self.__options.tmpdir:
+                   selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
+                   self.__tmpdir = self.__options.tmpdir
+            else:
+                   selinux.setfscreatecon(self.__filecon)
+-                  self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
++                  self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox_tmp_")
+            selinux.setfscreatecon(None)
+            self.__copyfiles()
  
      def __execute(self):
             try:
@@ -1879,7 +1903,7 @@ index 48a26c2..d1037bd 100644
  
                    selinux.setexeccon(self.__execcon)
                    rc = subprocess.Popen(self.__cmds).wait()
-@@ -404,7 +447,7 @@ if __name__ == '__main__':
+@@ -404,7 +443,7 @@ if __name__ == '__main__':
             sandbox = Sandbox()
             rc = sandbox.main()
      except OSError, error:
diff --git a/policycoreutils.spec b/policycoreutils.spec
index acb2d54..f8eb3fa 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.85
-Release: 20%{?dist}
+Release: 21%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -331,6 +331,11 @@ fi
 exit 0
 
 %changelog
+* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-21
+- change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_*
+- This will allow default sandboxes to work on NFS homedirs without allowing 
+  access to homedir data
+
 * Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-20
 - Change sepolgen-ifgen to search all available policy files
 - Exit in restorecond if it can not find a UID in the passwd database