diff --git a/internal/server/instance/drivers/driver_common.go b/internal/server/instance/drivers/driver_common.go
index 0bfe1c28700..aefa0701a9f 100644
--- a/internal/server/instance/drivers/driver_common.go
+++ b/internal/server/instance/drivers/driver_common.go
@@ -1726,3 +1726,21 @@ func (d *common) setOOMPriority(pid int) error {
 
 	return nil
 }
+
+// selinuxCategory returns the SELinux category suffix.
+func (d *common) selinuxCategory() string {
+	idStr := strconv.Itoa(d.id)
+	remaining := len(idStr)
+
+	seContext := ""
+	current := 0
+	for current != len(idStr) {
+		length := min(remaining, 3)
+		seContext += ":c" + idStr[current:current+length]
+
+		current += length
+		remaining -= length
+	}
+
+	return seContext
+}
diff --git a/internal/server/instance/drivers/driver_lxc.go b/internal/server/instance/drivers/driver_lxc.go
index 898991daac6..a49ff371e88 100644
--- a/internal/server/instance/drivers/driver_lxc.go
+++ b/internal/server/instance/drivers/driver_lxc.go
@@ -1022,7 +1022,7 @@ func (d *lxc) initLXC(config bool) (*liblxc.Container, error) {
 
 	// Setup SELinux.
 	if d.state.OS.SELinuxAvailable && d.state.OS.SELinuxContextInstanceLXC != "" {
-		err := lxcSetConfigItem(cc, "lxc.selinux.context", fmt.Sprintf("%s:c%d", d.state.OS.SELinuxContextInstanceLXC, d.id))
+		err := lxcSetConfigItem(cc, "lxc.selinux.context", fmt.Sprintf("%s%s", d.state.OS.SELinuxContextInstanceLXC, d.selinuxCategory()))
 		if err != nil {
 			return nil, err
 		}