diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index e2f34a27dc..9f2872decc 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2541,7 +2541,12 @@ virSecuritySELinuxSetChardevLabel(virSecurityManager *mgr,
         break;
 
     case VIR_DOMAIN_CHR_TYPE_UNIX:
-        if (!dev_source->data.nix.listen) {
+        if (!dev_source->data.nix.listen ||
+            (dev_source->data.nix.path &&
+             virFileExists(dev_source->data.nix.path))) {
+            /* Also label mode='bind' sockets if they exist,
+             * e.g. because they were created by libvirt
+             * and passed via FD */
             if (virSecuritySELinuxSetFilecon(mgr,
                                              dev_source->data.nix.path,
                                              imagelabel,
@@ -2618,7 +2623,7 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityManager *mgr,
     case VIR_DOMAIN_CHR_TYPE_UNIX:
         if (!dev_source->data.nix.listen) {
             if (virSecuritySELinuxRestoreFileLabel(mgr,
-                                                   dev_source->data.file.path,
+                                                   dev_source->data.nix.path,
                                                    true) < 0)
                 goto done;
         }
diff --git a/tests/securityselinuxlabeldata/chardev.txt b/tests/securityselinuxlabeldata/chardev.txt
index 3f4b6302b9..bdb367f7a5 100644
--- a/tests/securityselinuxlabeldata/chardev.txt
+++ b/tests/securityselinuxlabeldata/chardev.txt
@@ -2,6 +2,6 @@
 /plain.dev;system_u:object_r:svirt_image_t:s0:c41,c264
 /plain.fifo;system_u:object_r:svirt_image_t:s0:c41,c264
 /nolabel.sock;
-/plain.sock;
+/plain.sock;system_u:object_r:svirt_image_t:s0:c41,c264
 /yeslabel.sock;system_u:object_r:svirt_image_t:s0:c41,c264
 /altlabel.sock;system_u:object_r:svirt_image_custom_t:s0:c41,c264