diff --git a/roles/podman/files/podman-certs.pp b/roles/podman/files/podman-certs.pp
new file mode 100644
index 0000000..22ae496
Binary files /dev/null and b/roles/podman/files/podman-certs.pp differ
diff --git a/roles/podman/files/podman-certs.te b/roles/podman/files/podman-certs.te
new file mode 100644
index 0000000..b38eb47
--- /dev/null
+++ b/roles/podman/files/podman-certs.te
@@ -0,0 +1,12 @@
+
+module podman-certs 1.0;
+
+require {
+	type cert_t;
+	type container_t;
+	class file { open read };
+}
+
+#============= container_t ==============
+allow container_t cert_t:file read;
+allow container_t cert_t:file open;
diff --git a/roles/podman/tasks/main.yml b/roles/podman/tasks/main.yml
index 21a0c6c..8e7acc3 100644
--- a/roles/podman/tasks/main.yml
+++ b/roles/podman/tasks/main.yml
@@ -9,3 +9,28 @@
     name: httpd_can_network_connect
     state: true
     persistent: true
+
+- name: copy selinux module
+  copy:
+    dest: /usr/local/share/selinux/podman-certs.pp
+    src: podman-certs.pp
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: check if selinux module is loaded
+  command:
+    argv:
+      - semodule
+      - -l
+  register: result
+  check_mode: false
+  changed_when: false
+
+- name: insall selinux module
+  command:
+    argv:
+      - semodule
+      - -i
+      - /usr/local/share/selinux/podman-certs.pp
+  when: '"podman-certs" not in result.stdout_lines'