diff --git a/src/conf/storage_source_conf.c b/src/conf/storage_source_conf.c
index 908bc5fab2..5b9a80f100 100644
--- a/src/conf/storage_source_conf.c
+++ b/src/conf/storage_source_conf.c
@@ -820,6 +820,9 @@ virStorageSourceCopy(const virStorageSource *src,
     /* storage driver metadata are not copied */
     def->drv = NULL;
 
+    /* flag to avoid seclabel remember is not copied */
+    def->seclabelSkipRemember = false;
+
     def->path = g_strdup(src->path);
     def->fdgroup = g_strdup(src->fdgroup);
     def->volume = g_strdup(src->volume);
diff --git a/src/conf/storage_source_conf.h b/src/conf/storage_source_conf.h
index 05b4bda16c..a507116007 100644
--- a/src/conf/storage_source_conf.h
+++ b/src/conf/storage_source_conf.h
@@ -431,6 +431,15 @@ struct _virStorageSource {
     bool thresholdEventWithIndex;
 
     virStorageSourceFDTuple *fdtuple;
+
+    /* Setting 'seclabelSkipRemember' to true will cause the security driver to
+     * not remember the security label even if it otherwise were to be
+     * remembered. This is needed in cases such as incoming migration for
+     * shared images where the existing security label may no longer be the
+     * correct. The security driver otherwise doesn't have enough information
+     * to do this decision.
+     */
+    bool seclabelSkipRemember;
 };
 
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virStorageSource, virObjectUnref);
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index c327e4c9e0..fdc11876c9 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -940,6 +940,9 @@ virSecurityDACSetImageLabelInternal(virSecurityManager *mgr,
      */
     remember = isChainTop && !src->readonly && !src->shared;
 
+    if (src->seclabelSkipRemember)
+        remember = false;
+
     return virSecurityDACSetOwnership(mgr, src, NULL, user, group, remember);
 }
 
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 779a52ac11..3e213a553b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1992,6 +1992,9 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManager *mgr,
 
         ret = virSecuritySELinuxFSetFilecon(src->fdtuple->fds[0], use_label);
     } else {
+        if (src->seclabelSkipRemember)
+            remember = false;
+
         ret = virSecuritySELinuxSetFilecon(mgr, path, use_label, remember);
     }