diff --git a/0030-conf-fix-a-memory-leak.patch b/0030-conf-fix-a-memory-leak.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ddd0ae53029fc7ee2947ae9f4790ca0d67d143a8
--- /dev/null
+++ b/0030-conf-fix-a-memory-leak.patch
@@ -0,0 +1,48 @@
+From 1ce660ae03e85574b1fb8f899b78f13ab14faf46 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Thu, 25 Mar 2021 09:03:21 +0000
+Subject: [PATCH 1/2] conf: fix a memory leak
+
+It was triggered by passing "lxc.selinux.context.keyring=xroot" to the
+fuzz target introduced in https://github.com/google/oss-fuzz/pull/5498
+```
+=================================================================
+==22==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 6 byte(s) in 1 object(s) allocated from:
+    #0 0x538ca4 in __strdup /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3
+    #1 0x5c40e8 in set_config_string_item /src/lxc/src/lxc/confile_utils.c:635:14
+    #2 0x44394e in set_config_selinux_context_keyring /src/lxc/src/lxc/confile.c:1596:9
+    #3 0x5af955 in parse_line /src/lxc/src/lxc/confile.c:2953:9
+    #4 0x4475cd in lxc_file_for_each_line_mmap /src/lxc/src/lxc/parse.c:125:9
+    #5 0x5af24f in lxc_config_read /src/lxc/src/lxc/confile.c:3024:9
+    #6 0x580b04 in LLVMFuzzerTestOneInput /src/fuzz-lxc-config-read.c:36:2
+    #7 0x483643 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
+    #8 0x46d4a2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
+    #9 0x4732ea in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
+    #10 0x49f022 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
+    #11 0x7f16d09b883f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
+```
+
+This is a follow-up to https://github.com/lxc/lxc/commit/4fef78bc332a2d186dca6f
+
+Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
+---
+ src/lxc/conf.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 19e193dda..8b1d2d43d 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -5678,6 +5678,7 @@ void lxc_conf_free(struct lxc_conf *conf)
+ 	free(conf->lsm_aa_profile);
+ 	free(conf->lsm_aa_profile_computed);
+ 	free(conf->lsm_se_context);
++	free(conf->lsm_se_keyring_context);
+ 	lxc_seccomp_free(&conf->seccomp);
+ 	lxc_clear_config_caps(conf);
+ 	lxc_clear_config_keepcaps(conf);
+-- 
+2.25.1
+
diff --git a/0031-fix-lsm_se_mount_context-memory-leak.patch b/0031-fix-lsm_se_mount_context-memory-leak.patch
new file mode 100644
index 0000000000000000000000000000000000000000..759584e5ad4603239ae2a52126b65560f523f320
--- /dev/null
+++ b/0031-fix-lsm_se_mount_context-memory-leak.patch
@@ -0,0 +1,25 @@
+From ecb05bff284f2f5364bcfd2196e7cb5e1d4fa512 Mon Sep 17 00:00:00 2001
+From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+Date: Fri, 17 Sep 2021 19:45:30 +0800
+Subject: [PATCH 2/2] fix lsm_se_mount_context memory leak
+
+Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+---
+ src/lxc/conf.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 8b1d2d43d..ce550e264 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -5718,6 +5718,7 @@ void lxc_conf_free(struct lxc_conf *conf)
+ 	if (conf->ocihooks) {
+ 		free_oci_runtime_spec_hooks(conf->ocihooks);
+ 	}
++	free(conf->lsm_se_mount_context);
+ #endif
+ 	free(conf);
+ }
+-- 
+2.25.1
+
diff --git a/lxc.spec b/lxc.spec
index 663a00196cf7c96b2e075c2bf3fa4e0ea05c1a6b..43f525e11384d21405600029632ee9534eda7de1 100644
--- a/lxc.spec
+++ b/lxc.spec
@@ -1,4 +1,4 @@
-%global _release 2021091702
+%global _release 2021091703
 
 Name:           lxc
 Version:        4.0.3
@@ -37,6 +37,8 @@ Patch0026:	0026-coredump-fix-coredump-when-cgroup-get-return-error.patch
 Patch0027:	0027-add-help-for-new-arguments.patch
 Patch0028:	0028-seccomp-init-and-destroy-notifier.cookie.patch
 Patch0029:	0029-just-use-origin-loop-if-do-not-have-io.patch
+Patch0030:	0030-conf-fix-a-memory-leak.patch
+Patch0031:	0031-fix-lsm_se_mount_context-memory-leak.patch
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -208,6 +210,12 @@ make check
 %{_mandir}/*/man7/%{name}*
 
 %changelog
+* Fri Sep 17 2021 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 4.0.3-2021091703
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix conf memory leak
+
 * Fri Sep 17 2021 haozi007<liuhao27@huawei.com> - 4.0.3-2021091702
 - Type:bugfix
 - ID:NA
diff --git a/series.conf b/series.conf
index 2454c4bfd80a7606da7d23948a64ee4a9a4480d9..25f1cec3f52e9512e397a1be722f5f3432646e03 100644
--- a/series.conf
+++ b/series.conf
@@ -27,3 +27,5 @@
 0027-add-help-for-new-arguments.patch
 0028-seccomp-init-and-destroy-notifier.cookie.patch
 0029-just-use-origin-loop-if-do-not-have-io.patch
+0030-conf-fix-a-memory-leak.patch
+0031-fix-lsm_se_mount_context-memory-leak.patch