diff --git a/roles/rke2/handlers/main.yml b/roles/rke2/handlers/main.yml
index 75b35a872ec93904c779fcee77c8f4457c80b18c..5389b9efab6dddfadb1a7ff75c00e23bdfe95486 100644
--- a/roles/rke2/handlers/main.yml
+++ b/roles/rke2/handlers/main.yml
@@ -14,6 +14,13 @@
     enabled: yes
     state: restarted
     daemon_reload: yes
+  notify:
+     - enable SELinux
+
+- name: enable SELinux
+  selinux:
+    policy: targeted
+    state: enforcing
 
 - name: reload rke2
   ansible.builtin.systemd:
diff --git a/roles/rke2/tasks/fix_selinux.yml b/roles/rke2/tasks/fix_selinux.yml
index bc73ce70c2124a4809ab6b4f79a34526e55ce5d4..af34d12b2880f44569ca2e79435e8ae42a176f72 100644
--- a/roles/rke2/tasks/fix_selinux.yml
+++ b/roles/rke2/tasks/fix_selinux.yml
@@ -3,14 +3,14 @@
     timeout: 45
   delegate_to: localhost
 
-- name: kill the openstack ccm pods to make sure they boot in permissive mode
-  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
-  register: openstack_ccm_ready
-  until: openstack_ccm_ready.stdout
-  retries: 2
-  delay: 30
-  when: ( 'master' in group_names )
-  ignore_errors: True
+#- name: kill the openstack ccm pods to make sure they boot in permissive mode
+#  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
+#  register: openstack_ccm_ready
+#  until: openstack_ccm_ready.stdout
+#  retries: 2
+#  delay: 30
+#  when: ( 'master' in group_names )
+#  ignore_errors: True
 
 - name: Sleep for another 30 seconds so that the OS-CCM has had time to boot up
   ansible.builtin.wait_for:
@@ -40,7 +40,7 @@
 #   ignore_errors: True
 
 
-- name: Enable SELinux
-  selinux:
-    policy: targeted
-    state: enforcing
\ No newline at end of file
+# - name: Enable SELinux
+#   selinux:
+#     policy: targeted
+#     state: enforcing
\ No newline at end of file