diff --git a/kerberos/manifests/init.pp b/kerberos/manifests/init.pp
index c629b71..ef4f033 100644
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@@ -124,24 +124,39 @@ class kerberos::server {
 
     if $kerberos_datadir {
         file { $kerberos_datadir:
-            ensure => directory,
-            mode   => "0600",
-            owner  => "root",
-            group  => "root",
+            ensure  => directory,
+            mode    => "0600",
+            owner   => "root",
+            group   => "root",
+            seltype => "krb5_conf_t",
         }
         file { "/srv/kerberos":
             ensure  => link,
             target  => $kerberos_datadir,
             owner   => "root",
             group   => "root",
+            seltype => "usr_t",
             require => File[$kerberos_datadir],
         }
+        selinux::manage_fcontext { "${kerberos_datadir}(/.*)?":
+            type   => "krb5_conf_t",
+            before => File[$kerberos_datadir],
+        }
+        selinux::manage_fcontext { "/srv/kerberos":
+            type   => "usr_t",
+            before => File["/srv/kerberos"],
+        }
     } else {
         file { "/srv/kerberos":
-            ensure => directory,
-            mode   => "0600",
-            owner  => "root",
-            group  => "root",
+            ensure  => directory,
+            mode    => "0600",
+            owner   => "root",
+            group   => "root",
+            seltype => "krb5_conf_t",
+        }
+        selinux::manage_fcontext { "/srv/kerberos(/.*)?":
+            type   => "krb5_conf_t",
+            before => File["/srv/kerberos"],
         }
     }