diff --git a/overlay.d/50scos/usr/lib/okd/selinux/.keep b/overlay.d/50scos/usr/lib/okd/selinux/.keep
new file mode 100644
index 00000000..e69de29b
diff --git a/overlay.d/50scos/usr/lib/systemd/system-presets/50-scos.preset b/overlay.d/50scos/usr/lib/systemd/system-presets/50-scos.preset
new file mode 100644
index 00000000..c718368b
--- /dev/null
+++ b/overlay.d/50scos/usr/lib/systemd/system-presets/50-scos.preset
@@ -0,0 +1 @@
+enable okd-selinux.service
diff --git a/overlay.d/50scos/usr/lib/systemd/system/okd-selinux.service b/overlay.d/50scos/usr/lib/systemd/system/okd-selinux.service
new file mode 100644
index 00000000..18a9bf68
--- /dev/null
+++ b/overlay.d/50scos/usr/lib/systemd/system/okd-selinux.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Apply custom SELinux policies in /usr/lib/okd/selinux/*.cil
+Documentation=
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/find /usr/lib/okd/selinux -type f -name '*.cil' -exec /usr/sbin/semodule -i {} \;
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/overrides-c9s.yaml b/overrides-c9s.yaml
index d142ae4d..f600d709 100644
--- a/overrides-c9s.yaml
+++ b/overrides-c9s.yaml
@@ -8,3 +8,6 @@
 #  - c9s-appstream-mirror
 
 #packages:
+
+ostree-layers:
+  - overlay/50scos