diff --git a/overlay/usr/lib/systemd/system-preset/80-local-default.preset b/overlay/usr/lib/systemd/system-preset/80-local-default.preset
index b7e7ea9..9ed307d 100644
--- a/overlay/usr/lib/systemd/system-preset/80-local-default.preset
+++ b/overlay/usr/lib/systemd/system-preset/80-local-default.preset
@@ -1,5 +1,7 @@
 enable auditd.service
 
+enable restorecon.service
+
 disable ldconfig.service
 
 disable systemd-userdbd.service
diff --git a/overlay/usr/lib/systemd/system/restorecon.service b/overlay/usr/lib/systemd/system/restorecon.service
new file mode 100644
index 0000000..1b2fa45
--- /dev/null
+++ b/overlay/usr/lib/systemd/system/restorecon.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Restore SELinux file contexts in /var
+ConditionNeedsUpdate=/var
+DefaultDependencies=no
+After=local-fs.target
+Before=sysinit.target
+Before=systemd-tmpfiles-setup.service
+Before=systemd-update-done.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/restorecon -RFv /var
+
+[Install]
+WantedBy=sysinit.target