diff --git a/SOURCES/bz2116839-01-fix-ruby-socket-permissions.patch b/SOURCES/bz2116839-01-fix-ruby-socket-permissions.patch
new file mode 100644
index 0000000..355a23c
--- /dev/null
+++ b/SOURCES/bz2116839-01-fix-ruby-socket-permissions.patch
@@ -0,0 +1,46 @@
+From 826b217734dc7d56199749382f4845193b38f1d1 Mon Sep 17 00:00:00 2001
+From: Tomas Jelinek <tojeline@redhat.com>
+Date: Wed, 10 Aug 2022 14:47:53 +0200
+Subject: [PATCH] fix ruby socket permissions
+
+---
+ pcsd/rserver.rb | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/pcsd/rserver.rb b/pcsd/rserver.rb
+index e2c5e2a1..4fde639e 100644
+--- a/pcsd/rserver.rb
++++ b/pcsd/rserver.rb
+@@ -7,6 +7,29 @@ require 'thin'
+ 
+ require 'settings.rb'
+ 
++# Replace Thin::Backends::UnixServer:connect
++# The only change is 'File.umask(0o777)' instead of 'File.umask(0)' to properly
++# set python-ruby socket permissions
++module Thin
++  module Backends
++    class UnixServer < Base
++      def connect
++        at_exit { remove_socket_file } # In case it crashes
++        old_umask = File.umask(0o077)
++        begin
++          EventMachine.start_unix_domain_server(@socket, UnixConnection, &method(:initialize_connection))
++          # HACK EventMachine.start_unix_domain_server doesn't return the connection signature
++          #      so we have to go in the internal stuff to find it.
++        @signature = EventMachine.instance_eval{@acceptors.keys.first}
++        ensure
++          File.umask(old_umask)
++        end
++      end
++    end
++  end
++end
++
++
+ def pack_response(response)
+   return [200, {}, [response.to_json.to_str]]
+ end
+-- 
+2.37.1
+
diff --git a/SPECS/pcs.spec b/SPECS/pcs.spec
index 27ed558..7c91edf 100644
--- a/SPECS/pcs.spec
+++ b/SPECS/pcs.spec
@@ -1,6 +1,6 @@
 Name: pcs
 Version: 0.11.1
-Release: 10%{?dist}.1
+Release: 10%{?dist}.2
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/
 # https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses
 # GPLv2: pcs
@@ -115,6 +115,7 @@ Patch7: bz1990787-01-Multiple-fixes-in-pcs-resource-move-command.patch
 Patch8: bz2040420-01-fix-creating-empty-cib.patch
 Patch9: bz20486401-01-Fix-snmp-client.patch
 Patch10: fix-translating-resource-roles-in-colocation-constra.patch
+Patch11: bz2116839-01-fix-ruby-socket-permissions.patch
 
 # Downstream patches do not come from upstream. They adapt pcs for specific
 # RHEL needs.
@@ -317,6 +318,7 @@ update_times_patch %{PATCH7}
 update_times_patch %{PATCH8}
 update_times_patch %{PATCH9}
 update_times_patch %{PATCH10}
+update_times_patch %{PATCH11}
 
 # prepare dirs/files necessary for building all bundles
 # -----------------------------------------------------
@@ -557,6 +559,10 @@ run_all_tests
 %license pyagentx_LICENSE.txt
 
 %changelog
+* Thu Aug 11 2022 Miroslav Lisik <mlisik@redhat.com> - 0.11.1-10.el9_0.2
+- Fixed ruby socket permissions
+- Resolves: rhbz#2116839
+
 * Tue May 10 2022 Miroslav Lisik <mlisik@redhat.com> - 0.11.1-10.el9_0.1
 - Updated bundled rubygems: sinatra, rack-protection
 - Resolves: rhbz#2081333