diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6ae4e8c688..acbec7a525 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6268,7 +6268,6 @@ error:
     return -1;
 }
 
-/* TODO: check seclabel restore */
 static int ATTRIBUTE_NONNULL(6)
 qemudDomainSaveImageStartVM(virConnectPtr conn,
                             struct qemud_driver *driver,
@@ -6380,6 +6379,11 @@ qemudDomainSaveImageStartVM(virConnectPtr conn,
     ret = 0;
 
 out:
+    if (driver->securityDriver &&
+        driver->securityDriver->domainRestoreSavedStateLabel &&
+        driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1)
+        VIR_WARN("failed to restore save state label on %s", path);
+
     return ret;
 }
 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index d4e2edbe1f..e5eef196d1 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -972,7 +972,7 @@ SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED,
 
 
 static int
-SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED)
+SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
 {
     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
     int i;
@@ -1009,6 +1009,10 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_
         SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
         return -1;
 
+    if (stdin_path &&
+        SELinuxSetFilecon(stdin_path, default_content_context) < 0)
+        return -1;
+
     return 0;
 }