diff --git a/selinux-policy.spec b/selinux-policy.spec
index fbe097f..c39a36e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -30,6 +30,7 @@ patch6: apache.patch
 patch7: ptrace.patch
 patch8: qemu.patch
 patch9: consoletype.patch
+patch10: denyexecmem.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel
@@ -222,10 +223,9 @@ if [ -e /etc/selinux/%2/.rebuild ]; then \
 	/usr/sbin/semodule -n -s %2 -r execmem openoffice ada tzdata hal hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
    fi \
    rm -f  /etc/selinux/%2/modules/active/modules/qemu.pp \
-   /usr/sbin/semodule -B -s %2; \
-else \
-   [ "${SELINUXTYPE}" == "%2" ] && [ selinuxenabled ] && load_policy; \
+   /usr/sbin/semodule -B -n -s %2; \
 fi; \
+[ "${SELINUXTYPE}" == "%2" ] && [ selinuxenabled ] && load_policy; \
 if [ %1 -eq 1 ]; then \
    /sbin/restorecon -R /root /var/log /var/run 2> /dev/null; \
 else \
@@ -252,6 +252,7 @@ Based off of reference policy: Checked out revision  2.20091117
 %patch7 -p1 -b .ptrace
 %patch8 -p1 -b .qemu
 %patch9 -p1 -b .consoletype
+%patch10 -p1 -b .denyexecmem
 
 %install
 mkdir selinux_config