diff --git a/roles/rke2/selinux/my-kata.te b/roles/rke2/selinux/my-kata.te
new file mode 100644
index 0000000000000000000000000000000000000000..7a218f287dc9bf3dcc91ab977cafb8456a7a4e88
--- /dev/null
+++ b/roles/rke2/selinux/my-kata.te
@@ -0,0 +1,3 @@
+#============= container_t ==============
+allow container_t init_var_run_t:sock_file write;
+allow container_t system_dbusd_var_run_t:sock_file write;
\ No newline at end of file
diff --git a/roles/rke2/tasks/config_rke2.yml b/roles/rke2/tasks/config_rke2.yml
index f7470a0dfaf301722f31e4d05f308236fdd6cf88..1c730c99e3030ca14e78edc421bcb20621cc8d7b 100644
--- a/roles/rke2/tasks/config_rke2.yml
+++ b/roles/rke2/tasks/config_rke2.yml
@@ -3,7 +3,8 @@
   run_once: true
   set_fact:
     token: "{{ lookup('community.general.random_string', length=129, special=False) }}"
-  when: (not upgrade) and (token is not defined) 
+  #when: (not upgrade) and (token is not defined) 
+  when: token is not defined
 
 - name: ensure inventory folders
   delegate_to: localhost
@@ -24,7 +25,7 @@
     dest: group_vars/all/token.yml
     content: |-
       token: {{ token }}
-  #when: not upgrade  TODO ask Thomas the magic logic here
+  when: not upgrade  #TODO ask Thomas the magic logic here
 
 - name: read token
   include_vars: group_vars/all/token.yml