diff --git a/.bubblewrap.metadata b/.bubblewrap.metadata
new file mode 100644
index 0000000..20239a1
--- /dev/null
+++ b/.bubblewrap.metadata
@@ -0,0 +1 @@
+00e121950ea494fcd9cfbe23971c0938d6be6755 SOURCES/bubblewrap-0.4.1.tar.xz
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..cb13d4c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/bubblewrap-0.4.1.tar.xz
diff --git a/SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch b/SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
new file mode 100644
index 0000000..9a11a57
--- /dev/null
+++ b/SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
@@ -0,0 +1,39 @@
+From d70c640aecc30e9216dc1a614a207e85c8732036 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Thu, 27 May 2021 16:19:27 -0400
+Subject: [PATCH] Avoid memory leak if --args is specified multiple times
+
+Found by a static analyzer.
+
+```
+bubblewrap-0.4.1/bubblewrap.c:1500: overwrite_var: Overwriting "opt_args_data" in "opt_args_data = load_file_data(the_fd, &data_len)" leaks the storage that "opt_args_data" points to.
+ # 1498|              * keep allocated until exit time, since its argv entries get used
+ # 1499|              * by the other cases in parse_args_recurse() when we recurse. */
+ # 1500|->           opt_args_data = load_file_data (the_fd, &data_len);
+ # 1501|             if (opt_args_data == NULL)
+ # 1502|               die_with_error ("Can't read --args data");
+```
+---
+ bubblewrap.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/bubblewrap.c b/bubblewrap.c
+index 771e1ea..56ac07c 100644
+--- a/bubblewrap.c
++++ b/bubblewrap.c
+@@ -1494,6 +1494,12 @@ parse_args_recurse (int          *argcp,
+           if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
+             die ("Invalid fd: %s", argv[1]);
+ 
++          /* Specifying --args multiple times doesn't work; this just pacifies
++           * a static analyzer which pointed out the memory leak
++           */
++          if (opt_args_data != NULL)
++            free (opt_args_data);
++
+           /* opt_args_data is essentially a recursive argv array, which we must
+            * keep allocated until exit time, since its argv entries get used
+            * by the other cases in parse_args_recurse() when we recurse. */
+-- 
+2.31.1
+
diff --git a/SPECS/bubblewrap.spec b/SPECS/bubblewrap.spec
new file mode 100644
index 0000000..d8d7f65
--- /dev/null
+++ b/SPECS/bubblewrap.spec
@@ -0,0 +1,147 @@
+Name: bubblewrap
+Version: 0.4.1
+Release: 6%{?dist}
+Summary: Core execution tool for unprivileged containers
+
+License: LGPLv2+
+#VCS: git:https://github.com/projectatomic/bubblewrap
+URL: https://github.com/projectatomic/bubblewrap
+Source0: https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/bubblewrap-%{version}.tar.xz
+Patch0: 0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
+
+BuildRequires: autoconf automake libtool
+BuildRequires: gcc
+BuildRequires: libcap-devel
+BuildRequires: pkgconfig(libselinux)
+BuildRequires: libxslt
+BuildRequires: docbook-style-xsl
+BuildRequires: make
+
+%description
+Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged
+containers that works as a setuid binary on kernels without
+user namespaces.
+
+%prep
+%autosetup
+
+%build
+if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi
+%configure --disable-silent-rules --with-priv-mode=none
+%make_build
+
+%install
+%make_install INSTALL="install -p -c"
+find %{buildroot} -name '*.la' -delete -print
+
+%files
+%license COPYING
+%dir %{_datadir}/bash-completion
+%dir %{_datadir}/bash-completion/completions
+%{_datadir}/bash-completion/completions/bwrap
+%if (0%{?rhel} != 0 && 0%{?rhel} <= 7)
+%attr(0755,root,root) %caps(cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid=ep) %{_bindir}/bwrap
+%else
+%{_bindir}/bwrap
+%endif
+%{_mandir}/man1/*
+
+%changelog
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-6
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu May 27 2021 Colin Walters <walters@verbum.org> - 0.4.1-5
+- Backport https://github.com/containers/bubblewrap/pull/426
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-4
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Mar 30 2020 David King <amigadave@amigadave.com> - 0.4.1-1
+- Update to 0.4.1
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Nov 27 2019 Kalev Lember <klember@redhat.com> - 0.4.0-1
+- Update to 0.4.0
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed May 01 2019 Colin Walters <walters@redhat.com> - 0.3.3-2
+- New upstream release
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Oct 01 2018 Kalev Lember <klember@redhat.com> - 0.3.1-1
+- Update to 0.3.1
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jul 11 2018 Colin Walters <walters@verbum.org> - 0.3.0-1
+- https://github.com/projectatomic/bubblewrap/releases/tag/v0.3.0
+
+* Wed May 16 2018 Kalev Lember <klember@redhat.com> - 0.2.1-1
+- Update to 0.2.1
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Oct 09 2017 Colin Walters <walters@verbum.org> - 0.2.0-2
+- New upstream version
+- https://github.com/projectatomic/bubblewrap/releases/tag/v0.2.0
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Tue Mar 28 2017 Colin Walters <walters@verbum.org> - 0.1.8-1
+- New upstream version
+  https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.8
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Jan 18 2017 Colin Walters <walters@verbum.org> - 0.1.7-1
+- New upstream version;
+  https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.7
+- Resolves: #1411814
+
+* Tue Jan 10 2017 Colin Walters <walters@verbum.org> - 0.1.6-1
+- New upstream version with security fix
+- Resolves: #1411814
+
+* Mon Dec 19 2016 Kalev Lember <klember@redhat.com> - 0.1.5-1
+- Update to 0.1.5
+
+* Tue Dec 06 2016 walters@redhat.com - 0.1.4-4
+- Backport fix for regression in previous commit for rpm-ostree
+
+* Thu Dec 01 2016 walters@redhat.com - 0.1.4-3
+- Backport patch to fix running via nspawn, which should fix rpm-ostree-in-bodhi
+
+* Tue Nov 29 2016 Kalev Lember <klember@redhat.com> - 0.1.4-1
+- Update to 0.1.4
+
+* Fri Oct 14 2016 Colin Walters <walters@verbum.org> - 0.1.3-2
+- New upstream version
+
+* Mon Sep 12 2016 Kalev Lember <klember@redhat.com> - 0.1.2-1
+- Update to 0.1.2
+
+* Tue Jul 12 2016 Igor Gnatenko <ignatenko@redhat.com> - 0.1.1-2
+- Trivial fixes in packaging
+
+* Fri Jul 08 2016 Colin Walters <walters@verbum.org> - 0.1.1
+- Initial package