diff --git a/roles/rke2/selinux/my-openstack.te b/roles/rke2/selinux/my-openstack.te
new file mode 100644
index 0000000000000000000000000000000000000000..a672db872510ec75a430943a0f5b1edb6de23a04
--- /dev/null
+++ b/roles/rke2/selinux/my-openstack.te
@@ -0,0 +1,10 @@
+module my-openstack 1.0;
+
+require {
+        type cert_t;
+        type container_t;
+        class dir read;
+}
+
+#============= container_t ==============
+allow container_t cert_t:dir read;
\ No newline at end of file
diff --git a/roles/rke2/selinux/my-openstackcloud-mgmt.pp b/roles/rke2/selinux/my-openstackcloud-mgmt.pp
deleted file mode 100644
index 7e9d1a5fb49fb004b57a3545c9c15ea2c9ef3146..0000000000000000000000000000000000000000
Binary files a/roles/rke2/selinux/my-openstackcloud-mgmt.pp and /dev/null differ
diff --git a/roles/rke2/selinux/my-openstackcloud-server1.pp b/roles/rke2/selinux/my-openstackcloud-server1.pp
deleted file mode 100644
index d4a4ae65c1e9e1780eacd779890b3b6248505cd6..0000000000000000000000000000000000000000
Binary files a/roles/rke2/selinux/my-openstackcloud-server1.pp and /dev/null differ
diff --git a/roles/rke2/selinux/my-openstackcloud-server2.pp b/roles/rke2/selinux/my-openstackcloud-server2.pp
deleted file mode 100644
index b3e0457e1f81162972699f9a4a29c7ca55327e68..0000000000000000000000000000000000000000
Binary files a/roles/rke2/selinux/my-openstackcloud-server2.pp and /dev/null differ
diff --git a/roles/rke2/tasks/fix_selinux.yml b/roles/rke2/tasks/fix_selinux.yml
index c88f85d2ca5f7dabc155157d9a1c0dda6435ceda..0d8c76b23d6fbf6681afcf0a98734f713524ecec 100644
--- a/roles/rke2/tasks/fix_selinux.yml
+++ b/roles/rke2/tasks/fix_selinux.yml
@@ -20,19 +20,36 @@
 #Target Objects                cacert.pem [ file ]
 #Source                        openstack-cloud
 #Source Path                   /bin/openstack-cloud-controller-manager
+- name: Copy SELinux Policies
+  template:
+    src: ../selinux/my-openstack.te
+    dest: /etc/selinux/targeted/policy/my-openstack.te
 
-- name: allow openstack CCM to mount the /etc/ssl/certs files 
-  sefcontext:
-    target: '/etc/ssl/certs(/.*)?'
-    ftype: 'd'
-    setype: container_file_t
-    state: present
-    reload: True
-
-#- name: uninstall SELinux debug RHEL packages
-#  dnf:
-#    name:
-#      - setroubleshoot      
-#      - python3-libselinux
-#      - policycoreutils-python-utils
-#    state: absent
\ No newline at end of file
+
+- name: Build SELinux exception module & allow openstack CCM to mount the /etc/ssl/certs files
+  shell: |
+    checkmodule -M -m -o /etc/selinux/targeted/policy/my-openstack.mod /etc/selinux/targeted/policy/my-openstack.te
+    semodule_package -o /etc/selinux/targeted/policy/my-openstack.pp -m /etc/selinux/targeted/policy/my-openstack.mod
+    semodule -i /etc/selinux/targeted/policy/my-openstack.pp
+
+
+
+
+#module test 1.0;
+#
+#require {
+#        type cert_t;
+#        type container_t;
+#        class dir read;
+#}
+#
+##============= container_t ==============
+#allow container_t cert_t:dir read;
+
+- name: uninstall SELinux debug RHEL packages
+  dnf:
+    name:
+      - setroubleshoot      
+      - python3-libselinux
+      - policycoreutils-python-utils
+    state: absent
\ No newline at end of file