diff --git a/SOURCES/podman-1895027.patch b/SOURCES/podman-1895027.patch
new file mode 100644
index 0000000..6760c81
--- /dev/null
+++ b/SOURCES/podman-1895027.patch
@@ -0,0 +1,12 @@
+diff -up libpod-5cc92849f7fc9dd734ca2fd8f3ae8830b9a7eb26/vendor/github.com/containers/buildah/run_linux.go.orig libpod-5cc92849f7fc9dd734ca2fd8f3ae8830b9a7eb26/vendor/github.com/containers/buildah/run_linux.go
+--- libpod-5cc92849f7fc9dd734ca2fd8f3ae8830b9a7eb26/vendor/github.com/containers/buildah/run_linux.go.orig	2020-12-10 13:29:00.744683412 +0100
++++ libpod-5cc92849f7fc9dd734ca2fd8f3ae8830b9a7eb26/vendor/github.com/containers/buildah/run_linux.go	2020-12-10 13:29:08.319636738 +0100
+@@ -460,7 +460,7 @@ func (b *Builder) setupMounts(mountPoint
+ 	}
+ 
+ 	// Get the list of secrets mounts.
+-	secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, mountPoint, int(rootUID), int(rootGID), unshare.IsRootless(), false)
++	secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, cdir, int(rootUID), int(rootGID), unshare.IsRootless(), false)
+ 
+ 	// Add temporary copies of the contents of volume locations at the
+ 	// volume locations, unless we already have something there.
diff --git a/SPECS/podman.spec b/SPECS/podman.spec
index a698a17..3c7d28c 100644
--- a/SPECS/podman.spec
+++ b/SPECS/podman.spec
@@ -10,10 +10,10 @@
 %endif
 
 %if 0%{?rhel} <= 7 && ! 0%{?fedora}
-%define gobuild(o:) scl enable go-toolset-1.12 -- go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
+%define gobuild(o:) scl enable go-toolset-1.12 -- go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
 %define gogenerate(o:) scl enable go-toolset-1.12 -- go generate %{?**};
 %else
-%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
+%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
 %global gogenerate go generate
 %endif
 
@@ -30,7 +30,7 @@
 
 Name: podman
 Version: 1.6.4
-Release: 26%{?dist}
+Release: 27%{?dist}
 Summary: Manage Pods, Containers and Container Images
 ExcludeArch: %{ix86} s390 ppc ppc64
 License: ASL 2.0
@@ -77,6 +77,7 @@ Patch14: podman-1877699.patch
 # tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14370
 # patch:       0001-Fix-CVE-2020-14370.patch
 Patch15: podman-CVE-2020-14370.patch
+Patch16: podman-1895027.patch
 Provides: %{name}-manpages = %{version}-%{release}
 Obsoletes: %{name}-manpages < %{version}-%{release}
 %if 0%{?rhel} <= 7 && ! 0%{?fedora}
@@ -380,6 +381,10 @@ exit 0
 %{_datadir}/%{name}/test
 
 %changelog
+* Thu Dec 10 2020 Jindrich Novy <jnovy@redhat.com> - 1.6.4-27
+- fix podman-buildah mounting issue
+- Resolves: #1895027
+
 * Tue Sep 22 2020 Jindrich Novy <jnovy@redhat.com> - 1.6.4-26
 - fix "CVE-2020-14370 podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API [rhel-7]"
 - Resolves: #1881062