diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 5d2bc8dfe333847ac3fe9a5c64991dba21e16143..b001efc8095325d40adbb4a67463dae7740078cf 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -16372,8 +16372,10 @@ virDomainDefParseXML(xmlDocPtr xml,
 
     /* analysis of security label, done early even though we format it
      * late, so devices can refer to this for defaults */
-    if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1)
-        goto error;
+    if (!(flags & VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL)) {
+        if (virSecurityLabelDefsParseXML(def, ctxt, caps, flags) == -1)
+            goto error;
+    }
 
     /* Extract domain memory */
     if (virDomainParseMemory("./memory[1]", NULL, ctxt,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 3dfd7803dfa8b476d76db40a80b838f37f784a89..4447b035b468a3c6c6fea12cf80f5079449cd83e 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2684,6 +2684,8 @@ typedef enum {
     VIR_DOMAIN_DEF_PARSE_ABI_UPDATE = 1 << 9,
     /* skip definition validation checks meant to be executed on define time only */
     VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE = 1 << 10,
+    /* skip parsing of security labels */
+    VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL        = 1 << 11,
 } virDomainDefParseFlags;
 
 typedef enum {
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 77eeaff4fa37f33d9581b110e64e8b7a80f43173..5f5d1cd71054a974a49e9e5d087b2f4375ce5348 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -705,6 +705,7 @@ get_definition(vahControl * ctl, const char *xmlStr)
 
     ctl->def = virDomainDefParseString(xmlStr,
                                        ctl->caps, ctl->xmlopt, NULL,
+                                       VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL |
                                        VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE);
 
     if (ctl->def == NULL) {