diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index b3b5c905ad8..60fd24c0ba6 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -67,8 +67,8 @@ int mac_smack_read_fd(int fd, SmackAttr attr, char **label) {
         return fgetxattr_malloc(fd, smack_attr_to_string(attr), label);
 }
 
-int mac_smack_apply(const char *path, SmackAttr attr, const char *label) {
-        int r;
+int mac_smack_apply_at(int dir_fd, const char *path, SmackAttr attr, const char *label) {
+        _cleanup_close_ int fd = -EBADF;
 
         assert(path);
         assert(attr >= 0 && attr < _SMACK_ATTR_MAX);
@@ -76,14 +76,11 @@ int mac_smack_apply(const char *path, SmackAttr attr, const char *label) {
         if (!mac_smack_use())
                 return 0;
 
-        if (label)
-                r = lsetxattr(path, smack_attr_to_string(attr), label, strlen(label), 0);
-        else
-                r = lremovexattr(path, smack_attr_to_string(attr));
-        if (r < 0)
+        fd = openat(dir_fd, path, O_PATH|O_CLOEXEC|O_NOFOLLOW);
+        if (fd < 0)
                 return -errno;
 
-        return 0;
+        return mac_smack_apply_fd(fd, attr, label);
 }
 
 int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
@@ -277,13 +274,16 @@ int mac_smack_copy(const char *dest, const char *src) {
 }
 #endif
 
-int rename_and_apply_smack_floor_label(const char *from, const char *to) {
+int renameat_and_apply_smack_floor_label(int fdf, const char *from, int fdt, const char *to) {
 
-        if (rename(from, to) < 0)
+        assert(fdf >= 0 || fdf == AT_FDCWD);
+        assert(fdt >= 0 || fdt == AT_FDCWD);
+
+        if (renameat(fdf, from, fdt, to) < 0)
                 return -errno;
 
 #if HAVE_SMACK_RUN_LABEL
-        return mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
+        return mac_smack_apply_at(fdt, to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
 #else
         return 0;
 #endif
diff --git a/src/shared/smack-util.h b/src/shared/smack-util.h
index da8be5e6f0a..17b31c6c253 100644
--- a/src/shared/smack-util.h
+++ b/src/shared/smack-util.h
@@ -38,9 +38,15 @@ const char* smack_attr_to_string(SmackAttr i) _const_;
 SmackAttr smack_attr_from_string(const char *s) _pure_;
 int mac_smack_read(const char *path, SmackAttr attr, char **label);
 int mac_smack_read_fd(int fd, SmackAttr attr, char **label);
-int mac_smack_apply(const char *path, SmackAttr attr, const char *label);
+int mac_smack_apply_at(int dir_fd, const char *path, SmackAttr attr, const char *label);
+static inline int mac_smack_apply(const char *path, SmackAttr attr, const char *label) {
+        return mac_smack_apply_at(AT_FDCWD, path, attr, label);
+}
 int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label);
 int mac_smack_apply_pid(pid_t pid, const char *label);
 int mac_smack_copy(const char *dest, const char *src);
 
-int rename_and_apply_smack_floor_label(const char *temp_path, const char *dest_path);
+int renameat_and_apply_smack_floor_label(int fdf, const char *from, int fdt, const char *to);
+static inline int rename_and_apply_smack_floor_label(const char *from, const char *to) {
+        return renameat_and_apply_smack_floor_label(AT_FDCWD, from, AT_FDCWD, to);
+}