diff --git a/locals.tf b/locals.tf
index d4fec46..61a8fff 100644
--- a/locals.tf
+++ b/locals.tf
@@ -145,9 +145,10 @@ locals {
     "[ -e /etc/rancher/k3s/k3s.yaml ] && exit 0",
   ]
 
-  install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"])
+  k3s_selinux_apply = ["chcon -u system_u -r object_r -t container_runtime_exec_t /usr/local/bin/k3s"]
 
-  install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"])
+  install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"], local.k3s_selinux_apply)
+  install_k3s_agent  = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"], local.k3s_selinux_apply)
 
   agent_nodepools = merge([
     for nodepool_name, nodepool_obj in var.agent_nodepools : {
diff --git a/modules/host/locals.tf b/modules/host/locals.tf
index 2da653d..1fcef4d 100644
--- a/modules/host/locals.tf
+++ b/modules/host/locals.tf
@@ -10,12 +10,4 @@ locals {
   ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
   # shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
   ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
-
-  microOS_install_commands = [
-    "set -ex",
-    "apt-get update",
-    "apt-get install -y aria2",
-    "aria2c --follow-metalink=mem https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-OpenStack-Cloud.qcow2.meta4",
-    "qemu-img convert -p -f qcow2 -O host_device $(ls -a | grep -ie '^opensuse.*microos.*qcow2$') /dev/sda",
-  ]
 }
diff --git a/modules/host/main.tf b/modules/host/main.tf
index 99d4069..6f17ec9 100644
--- a/modules/host/main.tf
+++ b/modules/host/main.tf
@@ -31,14 +31,42 @@ resource "hcloud_server" "server" {
 
   # Install MicroOS
   provisioner "remote-exec" {
-    inline = local.microOS_install_commands
+    inline = [
+      "set -ex",
+      "apt-get update",
+      "apt-get install -y aria2",
+      "aria2c --follow-metalink=mem https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-OpenStack-Cloud.qcow2.meta4",
+      "qemu-img convert -p -f qcow2 -O host_device $(ls -a | grep -ie '^opensuse.*microos.*qcow2$') /dev/sda",
+    ]
   }
 
   # Issue a reboot command
   provisioner "local-exec" {
     command = "ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3"
   }
+  # Wait for MicroOS to reboot and be ready
+  provisioner "local-exec" {
+    command = <<-EOT
+      until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true 2> /dev/null
+      do
+        echo "Waiting for MicroOS to reboot and become available..."
+        sleep 3
+      done
+    EOT
+  }
 
+  # We've rebooted into MicroOS, now we install the k3s-selinux RPM
+  provisioner "remote-exec" {
+    inline = [
+      "set -ex",
+      "transactional-update pkg install -y k3s-selinux"
+    ]
+  }
+
+  # Issue a reboot command
+  provisioner "local-exec" {
+    command = "ssh ${local.ssh_args} root@${self.ipv4_address} '(sleep 2; reboot)&'; sleep 3"
+  }
   # Wait for MicroOS to reboot and be ready
   provisioner "local-exec" {
     command = <<-EOT
diff --git a/modules/host/templates/boothook.sh.tpl b/modules/host/templates/boothook.sh.tpl
index 0b1f461..96b4a3c 100644
--- a/modules/host/templates/boothook.sh.tpl
+++ b/modules/host/templates/boothook.sh.tpl
@@ -2,4 +2,4 @@
 #cloud-boothook
 
 # Fix hostname after reboot
-hostnamectl hostname "${hostname}"
+hostnamectl hostname "${hostname}"
\ No newline at end of file
diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl
index 37b80ee..1ec848a 100644
--- a/modules/host/templates/userdata.yaml.tpl
+++ b/modules/host/templates/userdata.yaml.tpl
@@ -29,15 +29,14 @@ ssh_authorized_keys:
 %{ endfor ~}
 
 runcmd:
+  # Activate the private network
+  - systemctl reload network
 
-# Activate the private network
-- systemctl reload network
+  # Activate ssh configuration
+  - systemctl reload sshd
 
-# Activate ssh configuration
-- systemctl reload sshd
+  # Fix hostname (during first boot)
+  - hostnamectl hostname ${hostname}
 
-# Fix hostname (during first boot)
-- hostnamectl hostname ${hostname}
-
-# Finishing automatic reboot via Kured setup
-- rebootmgrctl set-strategy off
\ No newline at end of file
+  # Finishing automatic reboot via Kured setup
+  - rebootmgrctl set-strategy off
\ No newline at end of file