diff --git a/manifests/fedora-coreos.yaml b/manifests/fedora-coreos.yaml
index 7cfe12eb2b..047f86292a 100644
--- a/manifests/fedora-coreos.yaml
+++ b/manifests/fedora-coreos.yaml
@@ -32,6 +32,8 @@ conditional-include:
     include: wifi-firmwares.yaml
   - if: releasever >= 41
     include: composefs.yaml
+  - if: releasever >= 41
+    include: selinux-workaround.yaml
 
 ostree-layers:
   - overlay/15fcos
diff --git a/manifests/selinux-workaround.yaml b/manifests/selinux-workaround.yaml
new file mode 100644
index 0000000000..c902679cb3
--- /dev/null
+++ b/manifests/selinux-workaround.yaml
@@ -0,0 +1,20 @@
+# Recent changes in the SELinux policy have broken a lot of our code.
+# Revert the affected domains back to permissive mode so we can
+# continue to build and test `releasever >= 41` until
+# https://github.com/fedora-selinux/selinux-policy/pull/2257 merges
+# and the domains are reverted upstream or until the issue is resolved
+# altogether
+postprocess:
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+    cat > /tmp/fcos-workarounds.cil << EOF
+    ; https://bugzilla.redhat.com/show_bug.cgi?id=2300306
+    (typeattributeset cil_gen_require bootupd_t)
+    (typepermissive bootupd_t)
+    ; https://bugzilla.redhat.com/show_bug.cgi?id=2305385
+    (typeattributeset cil_gen_require coreos_installer_t)
+    (typepermissive coreos_installer_t)
+    EOF
+    /usr/sbin/semodule -i /tmp/fcos-workarounds.cil
+    rm /tmp/fcos-workarounds.cil