diff --git a/SOURCES/libcap-PAM_REINITIALIZE_CRED.patch b/SOURCES/libcap-PAM_REINITIALIZE_CRED.patch
new file mode 100644
index 0000000..3e99baf
--- /dev/null
+++ b/SOURCES/libcap-PAM_REINITIALIZE_CRED.patch
@@ -0,0 +1,12 @@
+diff -urN libcap-2.25/pam_cap/pam_cap.c libcap-2.25_patched/pam_cap/pam_cap.c
+--- libcap-2.25/pam_cap/pam_cap.c	2013-12-16 05:46:28.000000000 +0100
++++ libcap-2.25_patched/pam_cap/pam_cap.c	2019-03-04 16:18:23.440525062 +0100
+@@ -286,7 +286,7 @@
+     int retval;
+     struct pam_cap_s pcs;
+ 
+-    if (!(flags & PAM_ESTABLISH_CRED)) {
++    if (!(flags & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) {
+ 	D(("we don't handle much in the way of credentials"));
+ 	return PAM_IGNORE;
+     }
diff --git a/SPECS/libcap.spec b/SPECS/libcap.spec
index ac2e4de..d0d7394 100644
--- a/SPECS/libcap.spec
+++ b/SPECS/libcap.spec
@@ -1,6 +1,6 @@
 Name: libcap
 Version: 2.22
-Release: 9%{?dist}
+Release: 10%{?dist}
 Summary: Library for getting and setting POSIX.1e capabilities
 # Original tarball should be here, but got deleted:
 #Source: http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/libcap-2.22.tar.bz2
@@ -10,6 +10,7 @@ Source1: getpcaps.8
 Source2: libcap.pc
 Patch0: %{name}-2.22-buildflags.patch
 Patch1: libcap-2.22-signed-sizeof-compare.patch
+Patch2: %{name}-PAM_REINITIALIZE_CRED.patch
 
 URL: http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/
 License: LGPLv2+
@@ -38,6 +39,7 @@ libcap.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 # libcap can not be build with _smp_mflags:
@@ -84,6 +86,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 rm -rf %{buildroot}
 
 %changelog
+* Thu Apr 11 2019 Karsten Hopp <karsten@redhat.com> - 2.22-10
+- check for PAM_REINITIALIZE_CRED in pam_cap.so, required by sudo
+
 * Mon Mar 06 2017 Karsten Hopp <karsten@redhat.com> - 2.22-9
 - add pkgconfig file