diff --git a/.gitignore b/.gitignore
index a5fa0cc..bb99c27 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/runc-c91b5be.tar.gz
+SOURCES/runc-5d93f81.tar.gz
diff --git a/.runc.metadata b/.runc.metadata
index 76dcf21..a39af1c 100644
--- a/.runc.metadata
+++ b/.runc.metadata
@@ -1 +1 @@
-930145d8c0ec09a4face7be395dee26b24866bc0 SOURCES/runc-c91b5be.tar.gz
+2d07a2ecc585678c4739ac6c8c3dc36a7d9f6ea6 SOURCES/runc-5d93f81.tar.gz
diff --git a/SOURCES/0001-Set-init-processes-as-non-dumpable.patch b/SOURCES/0001-Set-init-processes-as-non-dumpable.patch
deleted file mode 100644
index 937ba38..0000000
--- a/SOURCES/0001-Set-init-processes-as-non-dumpable.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 50a19c6ff828c58e5dab13830bd3dacde268afe5 Mon Sep 17 00:00:00 2001
-From: Michael Crosby <crosbymichael@gmail.com>
-Date: Wed, 7 Dec 2016 15:05:51 -0800
-Subject: [PATCH] Set init processes as non-dumpable
-
-This sets the init processes that join and setup the container's
-namespaces as non-dumpable before they setns to the container's pid (or
-any other ) namespace.
-
-This settings is automatically reset to the default after the Exec in
-the container so that it does not change functionality for the
-applications that are running inside, just our init processes.
-
-This prevents parent processes, the pid 1 of the container, to ptrace
-the init process before it drops caps and other sets LSMs.
-
-This patch also ensures that the stateDirFD being used is still closed
-prior to exec, even though it is set as O_CLOEXEC, because of the order
-in the kernel.
-
-https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318
-
-The order during the exec syscall is that the process is set back to
-dumpable before O_CLOEXEC are processed.
-
-Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
----
- libcontainer/init_linux.go          | 3 ++-
- libcontainer/nsenter/nsexec.c       | 5 +++++
- libcontainer/setns_init_linux.go    | 7 ++++++-
- libcontainer/standard_init_linux.go | 3 +++
- 4 files changed, 16 insertions(+), 2 deletions(-)
-
-diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go
-index b1e6762..4043d51 100644
---- a/libcontainer/init_linux.go
-+++ b/libcontainer/init_linux.go
-@@ -77,7 +77,8 @@ func newContainerInit(t initType, pipe *os.File, stateDirFD int) (initer, error)
- 	switch t {
- 	case initSetns:
- 		return &linuxSetnsInit{
--			config: config,
-+			config:     config,
-+			stateDirFD: stateDirFD,
- 		}, nil
- 	case initStandard:
- 		return &linuxStandardInit{
-diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
-index b93f827..4b5398b 100644
---- a/libcontainer/nsenter/nsexec.c
-+++ b/libcontainer/nsenter/nsexec.c
-@@ -408,6 +408,11 @@ void nsexec(void)
- 	if (pipenum == -1)
- 		return;
- 
-+	/* make the process non-dumpable */
-+	if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) != 0) {
-+		bail("failed to set process as non-dumpable");
-+	}
-+
- 	/* Parse all of the netlink configuration. */
- 	nl_parse(pipenum, &config);
- 
-diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go
-index 2a8f345..7f5f182 100644
---- a/libcontainer/setns_init_linux.go
-+++ b/libcontainer/setns_init_linux.go
-@@ -5,6 +5,7 @@ package libcontainer
- import (
- 	"fmt"
- 	"os"
-+	"syscall"
- 
- 	"github.com/opencontainers/runc/libcontainer/apparmor"
- 	"github.com/opencontainers/runc/libcontainer/keys"
-@@ -16,7 +17,8 @@ import (
- // linuxSetnsInit performs the container's initialization for running a new process
- // inside an existing container.
- type linuxSetnsInit struct {
--	config *initConfig
-+	config     *initConfig
-+	stateDirFD int
- }
- 
- func (l *linuxSetnsInit) getSessionRingName() string {
-@@ -49,5 +51,8 @@ func (l *linuxSetnsInit) Init() error {
- 	if err := label.SetProcessLabel(l.config.ProcessLabel); err != nil {
- 		return err
- 	}
-+	// close the statedir fd before exec because the kernel resets dumpable in the wrong order
-+	// https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318
-+	syscall.Close(l.stateDirFD)
- 	return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ())
- }
-diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go
-index 2104f1a..6a65154 100644
---- a/libcontainer/standard_init_linux.go
-+++ b/libcontainer/standard_init_linux.go
-@@ -171,6 +171,9 @@ func (l *linuxStandardInit) Init() error {
- 			return newSystemErrorWithCause(err, "init seccomp")
- 		}
- 	}
-+	// close the statedir fd before exec because the kernel resets dumpable in the wrong order
-+	// https://github.com/torvalds/linux/blob/v4.9/fs/exec.c#L1290-L1318
-+	syscall.Close(l.stateDirFD)
- 	if err := syscall.Exec(name, l.config.Args[0:], os.Environ()); err != nil {
- 		return newSystemErrorWithCause(err, "exec user process")
- 	}
--- 
-2.11.0
-
diff --git a/SPECS/runc.spec b/SPECS/runc.spec
index b5edd16..3590a95 100644
--- a/SPECS/runc.spec
+++ b/SPECS/runc.spec
@@ -25,25 +25,25 @@
 # https://github.com/opencontainers/runc
 %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
 %global import_path     %{provider_prefix}
-%global commit          c91b5bea4830a57eac7882d7455d59518cdf70ec
+%global commit          5d93f81bdbc79a7bf052f8724caa5f0da36c33e4
 %global shortcommit     %(c=%{commit}; echo ${c:0:7})
 
-Name:           %{repo}
+Name: %{repo}
 %if 0%{?fedora}
-Epoch:          1
+Epoch: 1
 %endif
-Version:        1.0.0
-Release:        1.rc2%{?dist}
-Summary:        CLI for running Open Containers
-License:        ASL 2.0
-URL:            https://%{provider_prefix}
-Source0:        https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz
-Patch0:         0001-Set-init-processes-as-non-dumpable.patch
+Version: 1.0.0
+Release: 3.rc2%{?dist}
+Summary: CLI for running Open Containers
+License: ASL 2.0
+URL: https://%{provider_prefix}
+Source0: https://github.com/projectatomic/%{name}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz
 Requires: criu
 
 ExclusiveArch:  x86_64
 # If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
-BuildRequires:  %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} >= 1.6.2
+BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} >= 1.6.2
+BuildRequires: git
 BuildRequires: go-md2man
 BuildRequires: libseccomp-devel
 
@@ -155,8 +155,7 @@ providing packages with %{import_path} prefix.
 %endif
 
 %prep
-%setup -q -n %{repo}-%{commit}
-%patch0 -p1
+%autosetup -Sgit -n %{repo}-%{commit}
 
 %build
 mkdir -p src/github.com/opencontainers
@@ -272,6 +271,14 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/Godeps/_workspace:%{gopath}
 %endif
 
 %changelog
+* Fri Feb 24 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-3.rc2
+- Resolves: #1426674
+- built projectatomic/runc_rhel_7 commit 5d93f81
+
+* Mon Feb 06 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-2.rc2
+- Resolves: #1419702 - rebase to latest upstream master
+- built commit b263a43
+
 * Wed Jan 11 2017 Lokesh Mandvekar <lsm5@redhat.com> - 1.0.0-1.rc2
 - Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable,
 runc patch from Michael Crosby <crosbymichael@gmail.com>