diff --git a/0040-refactor-the-way-to-convert-selinux-label-to-shared.path b/0040-refactor-the-way-to-convert-selinux-label-to-shared.path
new file mode 100644
index 0000000000000000000000000000000000000000..476ed816bce056c0efecab8caf28697004e20c9b
--- /dev/null
+++ b/0040-refactor-the-way-to-convert-selinux-label-to-shared.path
@@ -0,0 +1,107 @@
+From 70e7dd0da58071557c897fbce2f48c8169633a54 Mon Sep 17 00:00:00 2001
+From: wujing <wujing50@huawei.com>
+Date: Fri, 15 Apr 2022 11:11:38 +0800
+Subject: [PATCH] Refactor the way to convert selinux label to shared mode
+
+Signed-off-by: wujing <wujing50@huawei.com>
+---
+ src/lxc/lsm/selinux.c | 58 ++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 46 insertions(+), 12 deletions(-)
+
+diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c
+index 79697c5..0a1e205 100644
+--- a/src/lxc/lsm/selinux.c
++++ b/src/lxc/lsm/selinux.c
+@@ -230,15 +230,11 @@ static int selinux_chcon(const char *fpath, const char *label, bool recurse)
+ {
+ 	struct stat s_buf;
+ 
+-	if (fpath == NULL) {
+-		ERROR("Empty file path");
++	if (fpath == NULL || label == NULL) {
++		ERROR("Invalid parameters!");
+ 		return -1;
+ 	}
+ 
+-	if (label == NULL) {
+-		return 0;
+-	}
+-
+ 	if (bad_prefix(fpath) != 0) {
+ 		return -1;
+ 	}
+@@ -257,6 +253,42 @@ static int selinux_chcon(const char *fpath, const char *label, bool recurse)
+ 	return 0;
+ }
+ 
++/*
++ * convert_context_to_share_mode: set sensitivity to s0 and remove categories
++ * user:role:type:sensitivity[:categories] => user:role:type:s0
++ *
++ * @label   : label string
++ *
++ * Returns label with share mode on success, NULL on failure
++ */
++static char *convert_context_to_share_mode(const char *label) {
++	__do_free char *converted_label = strdup(label);
++	char *s = converted_label;
++	const char *shared_level = "s0";
++	int cnt = 0;
++
++	// selinux label format: user:role:type:sensitivity[:categories]
++	// locates the ":" position in front of the sensitivity
++	while (cnt++ < 3 && (s = strchr(s, ':')) != NULL) {
++		s++;
++	}
++
++	// make sure sensitivity can set s0 value
++	if (s == NULL || strlen(s) < strlen(shared_level)) {
++		ERROR("Invalid selinux file context: %s", label);	
++		return NULL;
++	}
++
++	if (strcmp(s, shared_level) == 0) {
++		return move_ptr(converted_label);
++	}
++
++	*s = '\0';
++	strcat(converted_label, shared_level);
++
++	return move_ptr(converted_label);
++}
++
+ /*
+  * selinux_relabel: Relabel changes the label of path to the filelabel string.
+  * It changes the MCS label to s0 if shared is true.
+@@ -280,20 +312,22 @@ static int selinux_relabel(const char *path, const char *label, bool shared)
+ 		return 0;
+ 	}
+ 
+-	tmp_file_label = strdup(label);
+ 	if (is_exclude_relabel_path(path)) {
+ 		ERROR("SELinux relabeling of %s is not allowed", path);
+ 		return -1;
+ 	}
+ 
+ 	if (shared) {
+-		context_t c = context_new(label);
+-		context_range_set(c, "s0");
+-		free(tmp_file_label);
+-		tmp_file_label = strdup(context_str(c));
+-		context_free(c);
++		tmp_file_label = convert_context_to_share_mode(label);
++		if (tmp_file_label == NULL) {
++			ERROR("Failed to convert context to share mode: %s", label);
++			return -1;
++		}
++	} else {
++		tmp_file_label = strdup(label);
+ 	}
+ 
++
+ 	if (selinux_chcon(path, tmp_file_label, true) != 0) {
+ 		ERROR("Failed to modify %s's selinux context: %s", path, tmp_file_label);
+ 		return -1;
+-- 
+2.35.1
+
diff --git a/lxc.spec b/lxc.spec
index c7de1c8ce878ac6f4d628b58f790874f2b673727..1adf41abc3c942826c5f40bbe2b3cd0647f34add 100644
--- a/lxc.spec
+++ b/lxc.spec
@@ -1,4 +1,4 @@
-%global _release 2022040901
+%global _release 2022041501
 
 Name:           lxc
 Version:        4.0.3
@@ -47,6 +47,7 @@ Patch0036:	0036-compile-in-android-env.patch
 Patch0037:	0037-fix-always-print-and-temp-len.patch
 Patch0038:	0038-just-print-error-when-new-lock-failed.patch
 Patch0039:	0039-fix-bug-of-memory-free.patch
+Patch0040:	0040-refactor-the-way-to-convert-selinux-label-to-shared.path
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -218,6 +219,12 @@ make check
 %{_mandir}/*/man7/%{name}*
 
 %changelog
+* Fri Apr 15 2022 wujing<wujing50@huawei.com> - 4.0.3-2022041501
+- Type:refactor
+- ID:NA
+- SUG:NA
+- DESC: refactor the way to convert selinux label to shared mode
+
 * Sat Apr 09 2022 wujing<wujing50@huawei.com> - 4.0.3-2022040901
 - Type:bugfix
 - ID:NA
diff --git a/series.conf b/series.conf
index 9e9f9c2504a3a59e1e2ca5c708613ee6179cce6f..3e14cf0eba7a9b615821d089a1c8c778b796f6a5 100644
--- a/series.conf
+++ b/series.conf
@@ -37,3 +37,4 @@
 0037-fix-always-print-and-temp-len.patch
 0038-just-print-error-when-new-lock-failed.patch
 0039-fix-bug-of-memory-free.patch
+0040-refactor-the-way-to-convert-selinux-label-to-shared.path