diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
index 7dc2cca116..6ef2bed599 100644
--- a/k8s/crds/kops.k8s.io_clusters.yaml
+++ b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -896,6 +896,9 @@ spec:
                         description: Version used to pick the runc package.
                         type: string
                     type: object
+                  selinuxEnabled:
+                    description: SelinuxEnabled enables SELinux support
+                    type: boolean
                   skipInstall:
                     description: SkipInstall prevents kOps from installing and modifying
                       containerd in any way (default "false").
diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml
index 09bc8e0f4c..05e10e8078 100644
--- a/k8s/crds/kops.k8s.io_instancegroups.yaml
+++ b/k8s/crds/kops.k8s.io_instancegroups.yaml
@@ -199,6 +199,9 @@ spec:
                         description: Version used to pick the runc package.
                         type: string
                     type: object
+                  selinuxEnabled:
+                    description: SelinuxEnabled enables SELinux support
+                    type: boolean
                   skipInstall:
                     description: SkipInstall prevents kOps from installing and modifying
                       containerd in any way (default "false").
diff --git a/pkg/apis/kops/v1alpha2/containerdconfig.go b/pkg/apis/kops/v1alpha2/containerdconfig.go
index c151f1badc..930c873105 100644
--- a/pkg/apis/kops/v1alpha2/containerdconfig.go
+++ b/pkg/apis/kops/v1alpha2/containerdconfig.go
@@ -40,6 +40,8 @@ type ContainerdConfig struct {
 	NvidiaGPU *NvidiaGPUConfig `json:"nvidiaGPU,omitempty"`
 	// Runc configures the runc runtime.
 	Runc *Runc `json:"runc,omitempty"`
+	// SelinuxEnabled enables SELinux support
+	SeLinuxEnabled bool `json:"selinuxEnabled,omitempty"`
 }
 
 type NvidiaGPUConfig struct {
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
index 16c26c283e..5c1ab15e0e 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@@ -3114,6 +3114,7 @@ func autoConvert_v1alpha2_ContainerdConfig_To_kops_ContainerdConfig(in *Containe
 	} else {
 		out.Runc = nil
 	}
+	out.SeLinuxEnabled = in.SeLinuxEnabled
 	return nil
 }
 
@@ -3158,6 +3159,7 @@ func autoConvert_kops_ContainerdConfig_To_v1alpha2_ContainerdConfig(in *kops.Con
 	} else {
 		out.Runc = nil
 	}
+	out.SeLinuxEnabled = in.SeLinuxEnabled
 	return nil
 }
 
diff --git a/pkg/apis/kops/v1alpha3/containerdconfig.go b/pkg/apis/kops/v1alpha3/containerdconfig.go
index 518541911a..0cb7088c8f 100644
--- a/pkg/apis/kops/v1alpha3/containerdconfig.go
+++ b/pkg/apis/kops/v1alpha3/containerdconfig.go
@@ -40,6 +40,8 @@ type ContainerdConfig struct {
 	NvidiaGPU *NvidiaGPUConfig `json:"nvidiaGPU,omitempty"`
 	// Runc configures the runc runtime.
 	Runc *Runc `json:"runc,omitempty"`
+	// SelinuxEnabled enables SELinux support
+	SeLinuxEnabled bool `json:"selinuxEnabled,omitempty"`
 }
 
 type NvidiaGPUConfig struct {
diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
index eae3dd680f..7d85f8166b 100644
--- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
@@ -3325,6 +3325,7 @@ func autoConvert_v1alpha3_ContainerdConfig_To_kops_ContainerdConfig(in *Containe
 	} else {
 		out.Runc = nil
 	}
+	out.SeLinuxEnabled = in.SeLinuxEnabled
 	return nil
 }
 
@@ -3369,6 +3370,7 @@ func autoConvert_kops_ContainerdConfig_To_v1alpha3_ContainerdConfig(in *kops.Con
 	} else {
 		out.Runc = nil
 	}
+	out.SeLinuxEnabled = in.SeLinuxEnabled
 	return nil
 }