diff --git a/instances/tools.tm/config.jsonnet b/instances/tools.tm/config.jsonnet
index 33ea3d9b3..8d0575bfd 100644
--- a/instances/tools.tm/config.jsonnet
+++ b/instances/tools.tm/config.jsonnet
@@ -10,5 +10,6 @@
       "gerrit-trigger",
       "warnings-ng",
     ]
-  }
+  },
+  seLinuxLevel: "s0:c55,c45",
 }
diff --git a/instances/tools.tm/target/config.json b/instances/tools.tm/target/config.json
index 1ee9df8f2..282192ae2 100644
--- a/instances/tools.tm/target/config.json
+++ b/instances/tools.tm/target/config.json
@@ -903,6 +903,7 @@
       },
       "generate": false
    },
+   "seLinuxLevel": "s0:c55,c45",
    "secrets": {
       "dockerconfigjson": {
          "dockerconfigjson-for-pull-as-default": {
diff --git a/instances/tools.tm/target/k8s/statefulset.json b/instances/tools.tm/target/k8s/statefulset.json
index 8fcb00dd5..0c11b7174 100644
--- a/instances/tools.tm/target/k8s/statefulset.json
+++ b/instances/tools.tm/target/k8s/statefulset.json
@@ -119,7 +119,12 @@
                         "cpu": "250m"
                      }
                   },
-                  "securityContext": { },
+                  "securityContext": {
+                     "seLinuxOptions": {
+                        "level": "s0:c55,c45",
+                        "type": "spc_t"
+                     }
+                  },
                   "volumeMounts": [
                      {
                         "mountPath": "/var/jenkins",