diff --git a/find/defs.h b/find/defs.h
index c834baa..481c013 100644
--- a/find/defs.h
+++ b/find/defs.h
@@ -613,7 +613,7 @@ struct options
   int regex_options;
 
   /* function used to get file context */
-  int (*x_getfilecon) ();
+  int (*x_getfilecon) (int, const char *, security_context_t *);
 
   /* Optimisation level.  One is the default.
    */
diff --git a/find/parser.c b/find/parser.c
index c8b847f..330eb38 100644
--- a/find/parser.c
+++ b/find/parser.c
@@ -53,7 +53,7 @@
 #include <unistd.h>
 #include <sys/stat.h>
 
-#include <selinux/selinux.h>
+#include "selinux-at.h"
 
 #if ENABLE_NLS
 # include <libintl.h>
@@ -352,7 +352,8 @@ static const char *first_nonoption_arg = NULL;
 static const struct parser_table *noop = NULL;
 
 static int
-fallback_getfilecon (const char *name, security_context_t *p, int prev_rv)
+fallback_getfilecon (int fd, const char *name, security_context_t *p,
+		     int prev_rv)
 {
   /* Our original getfilecon () call failed.  Perhaps we can't follow a
    * symbolic link.  If that might be the problem, lgetfilecon () the link.
@@ -365,7 +366,7 @@ fallback_getfilecon (const char *name, security_context_t *p, int prev_rv)
 	fprintf (stderr, "fallback_getfilecon(): getfilecon(%s) failed; falling "
 			"back on lgetfilecon()\n", name);
 #endif
-	return lgetfilecon (name, p);
+	return lgetfileconat (fd, name, p);
 
       case EACCES:
       case EIO:
@@ -389,23 +390,23 @@ fallback_getfilecon (const char *name, security_context_t *p, int prev_rv)
  * If the item to be examined is not a command-line argument, we
  * examine the link itself. */
 int
-optionh_getfilecon (const char *name, security_context_t *p)
+optionh_getfilecon (int fd, const char *name, security_context_t *p)
 {
   int rv;
   if (0 == state.curdepth)
     {
       /* This file is from the command line; dereference the link (if it is
 	 a link). */
-      rv = getfilecon (name, p);
+      rv = getfileconat (fd, name, p);
       if (0 == rv)
 	return 0;               /* success */
       else
-	return fallback_getfilecon (name, p, rv);
+	return fallback_getfilecon (fd, name, p, rv);
     }
   else
     {
       /* Not a file on the command line; do not dereference the link. */
-      return lgetfilecon (name, p);
+      return lgetfileconat (fd, name, p);
     }
 }
 
@@ -413,22 +414,22 @@ optionh_getfilecon (const char *name, security_context_t *p)
  * -L option is in effect.  That option makes us examine the thing the
  * symbolic link points to, not the symbolic link itself. */
 int
-optionl_getfilecon (const char *name, security_context_t *p)
+optionl_getfilecon (int fd, const char *name, security_context_t *p)
 {
-  int rv = getfilecon (name, p);
+  int rv = getfileconat (fd, name, p);
   if (0 == rv)
     return 0;                  /* normal case. */
   else
-    return fallback_getfilecon (name, p, rv);
+    return fallback_getfilecon (fd, name, p, rv);
 }
 
 /* optionp_getfilecon () implements the stat operation when the -P
  * option is in effect (this is also the default).  That option makes
  * us examine the symbolic link itself, not the thing it points to. */
 int
-optionp_getfilecon (const char *name, security_context_t *p)
+optionp_getfilecon (int fd, const char *name, security_context_t *p)
 {
-  return lgetfilecon (name, p);
+  return lgetfileconat (fd, name, p);
 }
 
 void
@@ -2706,7 +2707,7 @@ parse_context (const struct parser_table* entry, char **argv, int *arg_ptr)
       error (1, 0, _("invalid predicate -context: SELinux is not enabled."));
       return false;
     }
-  our_pred = insert_primary (entry);
+  our_pred = insert_primary (entry, NULL);
   our_pred->est_success_rate = 0.01f;
   our_pred->need_stat = false;
 #ifdef DEBUG
diff --git a/find/pred.c b/find/pred.c
index 77c2aac..5c47290 100644
--- a/find/pred.c
+++ b/find/pred.c
@@ -1061,7 +1061,8 @@ do_fprintf(struct format_val *dest,
 	case 'Z':               /* SELinux security context */
 	  {
 	    security_context_t scontext;
-	    int rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
+	    int rv = (*options.x_getfilecon) (state.cwd_dir_fd, state.rel_pathname,
+					      &scontext);
 	    if (rv < 0)
 	      {
 		/* If getfilecon fails, there will in the general case
@@ -1899,7 +1900,8 @@ pred_context (const char *pathname, struct stat *stat_buf,
 	      struct predicate *pred_ptr)
 {
   security_context_t scontext;
-  int rv = (*options.x_getfilecon) (state.rel_pathname, &scontext);
+  int rv = (*options.x_getfilecon) (state.cwd_dir_fd, state.rel_pathname,
+				    &scontext);
   if (rv < 0)
     {
       error (0, errno, "getfilecon: %s", safely_quote_err_filename (0, pathname));
diff --git a/import-gnulib.config b/import-gnulib.config
index cbb384e..699c417 100644
--- a/import-gnulib.config
+++ b/import-gnulib.config
@@ -1,7 +1,7 @@
 # findutils gnulib.config -*- sh -*-
 
 # What version of gnulib to use?
-gnulib_version="b653eda3ac4864de205419d9f41eec267cb89eeb"
+gnulib_version="27aa230554a630b52c2ce1540f6274c0aa4eaed1"
 destdir="gnulib"
 
 # Random extra gnulib files needed for findutils.
@@ -65,7 +65,7 @@ realloc
 regex
 rpmatch
 savedir
-selinux-h
+selinux-at
 stat-macros
 stat-time
 stdint