diff --git a/overlay.d/99okd/usr/lib/okd/selinux-fixes.cil b/overlay.d/99okd/usr/lib/okd/selinux-fixes.cil
new file mode 100644
index 00000000..fd3c758e
--- /dev/null
+++ b/overlay.d/99okd/usr/lib/okd/selinux-fixes.cil
@@ -0,0 +1 @@
+allow iptables_t container_runtime_tmpfs_t:chr_file { read write };
diff --git a/overlay.d/99okd/usr/lib/systemd/system-preset/00-okd.preset b/overlay.d/99okd/usr/lib/systemd/system-preset/00-okd.preset
index 05143056..234e7e0e 100644
--- a/overlay.d/99okd/usr/lib/systemd/system-preset/00-okd.preset
+++ b/overlay.d/99okd/usr/lib/systemd/system-preset/00-okd.preset
@@ -8,3 +8,5 @@ enable fix-resolv-conf-coredns.service
 disable coreos-check-cgroups.service
 # Enable ovirt service
 enable qemu-guest-agent.service
+# Add custom SELinux rules
+enable okd-selinux.service
diff --git a/overlay.d/99okd/usr/lib/systemd/system/okd-selinux.service b/overlay.d/99okd/usr/lib/systemd/system/okd-selinux.service
new file mode 100644
index 00000000..698367f3
--- /dev/null
+++ b/overlay.d/99okd/usr/lib/systemd/system/okd-selinux.service
@@ -0,0 +1,6 @@
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/semodule -i /usr/lib/okd/selinux-fixes.cil
+RemainAfterExit=yes
+[Install]
+WantedBy=multi-user.target