diff --git a/selinux/manifests/init.pp b/selinux/manifests/init.pp
index 13cd8e1..fc636e5 100644
--- a/selinux/manifests/init.pp
+++ b/selinux/manifests/init.pp
@@ -23,7 +23,7 @@ class selinux {
         default:      { fail("Invalid SELinux mode ${selinux_type}") }
     }
 
-    package { [ "selinux-policy-targeted", "setroubleshoot" ]:
+    package { "selinux-policy":
         ensure => installed,
     }
 
@@ -37,21 +37,6 @@ class selinux {
         notify  => Exec["set-selinux-mode"],
     }
 
-    if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\./ {
-        service { "setroubleshoot":
-            ensure    => $selinux_type ? {
-                disabled => stopped,
-                default  => running,
-            },
-            enable    => $selinux_type ? {
-                disabled => false,
-                default  => true,
-            },
-            hasstatus => true,
-            require   => Package["setroubleshoot"],
-        }
-    }
-
     exec { "set-selinux-mode":
         command => $selinux_type ? {
             "enforcing"  => "setenforce 1",
@@ -63,7 +48,33 @@ class selinux {
         require => File["/etc/selinux/config"],
     }
 
-    include selinux::tools
+    if $selinux_type != "disabled" {
+        include selinux::tools
+        package { "selinux-policy-targeted":
+            ensure => installed,
+        }
+    }
+
+}
+
+
+# Install setroubleshoot
+#
+class selinux::setroubleshoot {
+
+    if $::selinux == "true" {
+        package { "setroubleshoot":
+            ensure => installed,
+        }
+        if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\./ {
+            service { "setroubleshoot":
+                ensure    => running,
+                enable    => true,
+                hasstatus => true,
+                require   => Package["setroubleshoot"],
+            }
+        }
+    }
 
 }