diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index c7ab814..d8c8ffe 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1128,6 +1128,110 @@ index 3b96b1d..3868711 100644
  						path, lineno, *ctx);
  			} else {
  				COMPAT_LOG(SELINUX_WARNING,
+diff --git libselinux-2.4/src/procattr.c libselinux-2.4/src/procattr.c
+index f990350..527a0a5 100644
+--- libselinux-2.4/src/procattr.c
++++ libselinux-2.4/src/procattr.c
+@@ -11,8 +11,6 @@
+ 
+ #define UNSET (char *) -1
+ 
+-static __thread pid_t cpid;
+-static __thread pid_t tid;
+ static __thread char *prev_current = UNSET;
+ static __thread char * prev_exec = UNSET;
+ static __thread char * prev_fscreate = UNSET;
+@@ -24,15 +22,6 @@ static pthread_key_t destructor_key;
+ static int destructor_key_initialized = 0;
+ static __thread char destructor_initialized;
+ 
+-extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden")));
+-extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *);
+-
+-static int __selinux_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void))
+-{
+-  return __register_atfork (prepare, parent, child,
+-                            &__dso_handle == NULL ? NULL : __dso_handle);
+-}
+-
+ static pid_t gettid(void)
+ {
+ 	return syscall(__NR_gettid);
+@@ -52,14 +41,6 @@ static void procattr_thread_destructor(void __attribute__((unused)) *unused)
+ 		free(prev_sockcreate);
+ }
+ 
+-static void free_procattr(void)
+-{
+-	procattr_thread_destructor(NULL);
+-	tid = 0;
+-	cpid = getpid();
+-	prev_current = prev_exec = prev_fscreate = prev_keycreate = prev_sockcreate = UNSET;
+-}
+-
+ void __attribute__((destructor)) procattr_destructor(void);
+ 
+ void hidden __attribute__((destructor)) procattr_destructor(void)
+@@ -79,7 +60,6 @@ static inline void init_thread_destructor(void)
+ static void init_procattr(void)
+ {
+ 	if (__selinux_key_create(&destructor_key, procattr_thread_destructor) == 0) {
+-		__selinux_atfork(NULL, NULL, free_procattr);
+ 		destructor_key_initialized = 1;
+ 	}
+ }
+@@ -88,21 +68,26 @@ static int openattr(pid_t pid, const char *attr, int flags)
+ {
+ 	int fd, rc;
+ 	char *path;
+-
+-	if (cpid != getpid())
+-		free_procattr();
++	pid_t tid;
+ 
+ 	if (pid > 0)
+ 		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ 	else {
+-		if (!tid)
+-			tid = gettid();
++		rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
++		if (rc < 0)
++			return -1;
++		fd = open(path, flags | O_CLOEXEC);
++		if (fd >= 0 || errno != ENOENT)
++			goto out;
++		free(path);
++		tid = gettid();
+ 		rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ 	}
+ 	if (rc < 0)
+ 		return -1;
+ 
+ 	fd = open(path, flags | O_CLOEXEC);
++out:
+ 	free(path);
+ 	return fd;
+ }
+@@ -120,9 +105,6 @@ static int getprocattrcon_raw(char ** context,
+ 	__selinux_once(once, init_procattr);
+ 	init_thread_destructor();
+ 
+-	if (cpid != getpid())
+-		free_procattr();
+-
+ 	switch (attr[0]) {
+ 		case 'c':
+ 			prev_context = prev_current;
+@@ -220,9 +202,6 @@ static int setprocattrcon_raw(const char * context,
+ 	__selinux_once(once, init_procattr);
+ 	init_thread_destructor();
+ 
+-	if (cpid != getpid())
+-		free_procattr();
+-
+ 	switch (attr[0]) {
+ 		case 'c':
+ 			prev_context = &prev_current;
 diff --git libselinux-2.4/src/selinux_config.c libselinux-2.4/src/selinux_config.c
 index 30e9dc7..bec5f3b 100644
 --- libselinux-2.4/src/selinux_config.c
diff --git a/libselinux.spec b/libselinux.spec
index f41938a..36b9d48 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -9,7 +9,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.4
-Release: 1%{?dist}.1
+Release: 3%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 # https://github.com/SELinuxProject/selinux/wiki/Releases
@@ -105,6 +105,8 @@ needed for developing SELinux applications.
 %patch1 -p1 -b .rhat
 
 %build
+export LDFLAGS="%{?__global_ldflags}"
+
 # To support building the Python wrapper against multiple Python runtimes
 # Define a function, for how to perform a "build" of the python wrapper against
 # a specific runtime:
@@ -245,6 +247,12 @@ rm -rf %{buildroot}
 %{ruby_vendorarchdir}/selinux.so
 
 %changelog
+* Wed Sep 02 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-3
+- Simplify procattr cache (#1257157,#1232371)
+
+* Fri Aug 14 2015 Adam Jackson <ajax@redhat.com> 2.4-2
+- Export ldflags into the build so hardening works
+
 * Tue Jul 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-1.1
 - Update to 2.4 release