diff --git a/ansible/seed-hypervisor-host-configure.yml b/ansible/seed-hypervisor-host-configure.yml
index 86c70623be5f99f9a7f2f070ec4c53fa77e9d6b0..dbec1a8b532178c50351b0b5a9a3d7a553453f81 100644
--- a/ansible/seed-hypervisor-host-configure.yml
+++ b/ansible/seed-hypervisor-host-configure.yml
@@ -9,6 +9,7 @@
 - import_playbook: "wipe-disks.yml"
 - import_playbook: "users.yml"
 - import_playbook: "dev-tools.yml"
+- import_playbook: "selinux.yml"
 - import_playbook: "network.yml"
 - import_playbook: "firewall.yml"
 - import_playbook: "tuned.yml"
diff --git a/ansible/selinux.yml b/ansible/selinux.yml
index 730da7a5ce11e5814c2dc23706772b3062a17139..a03e67a27d465cb5088879b72e5b76b83d9702e9 100644
--- a/ansible/selinux.yml
+++ b/ansible/selinux.yml
@@ -1,6 +1,6 @@
 ---
 - name: Configure SELinux state and reboot if required
-  hosts: seed:overcloud:infra-vms
+  hosts: seed:seed-hypervisor:overcloud:infra-vms
   tags:
     - selinux
   roles:
diff --git a/playbooks/kayobe-infra-vm-base/pre.yml b/playbooks/kayobe-infra-vm-base/pre.yml
index 38c9a6e2af9e2bd74fce0cb25958ba8f3b8affc5..e4aa6454d3189acf240831d946bed261e957e4a9 100644
--- a/playbooks/kayobe-infra-vm-base/pre.yml
+++ b/playbooks/kayobe-infra-vm-base/pre.yml
@@ -32,12 +32,6 @@
         value: 1
       become: true
 
-    - name: Ensure SELinux is disabled
-      selinux:
-        state: disabled
-      become: True
-      when: ansible_os_family in ['RedHat', 'Rocky']
-
     # NOTE(mgoddard): Use the name zz-overrides.yml to ensure this takes
     # precedence over the standard config files.
     - name: Ensure kayobe-config override config file exists
diff --git a/playbooks/kayobe-seed-vm-base/pre.yml b/playbooks/kayobe-seed-vm-base/pre.yml
index 0e82db2945519284a0be014a377685a4376136dc..566365f12620005dc905858a3f8f8b2b4bb48bd8 100644
--- a/playbooks/kayobe-seed-vm-base/pre.yml
+++ b/playbooks/kayobe-seed-vm-base/pre.yml
@@ -32,12 +32,6 @@
         value: 1
       become: true
 
-    - name: Ensure SELinux is disabled
-      selinux:
-        state: disabled
-      become: True
-      when: ansible_os_family in ['RedHat', 'Rocky']
-
     # NOTE(mgoddard): Use the name zz-overrides.yml to ensure this takes
     # precedence over the standard config files.
     - name: Ensure kayobe-config override config file exists
diff --git a/releasenotes/notes/selinux-seed-hypervisor-40c74b625ea93a7e.yaml b/releasenotes/notes/selinux-seed-hypervisor-40c74b625ea93a7e.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..18390b85b519161a02be216a97334af10a0e2a18
--- /dev/null
+++ b/releasenotes/notes/selinux-seed-hypervisor-40c74b625ea93a7e.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Kayobe now configures SELinux on the seed hypervisor. The default is to set
+    SELinux to ``permissive``.
+fixes:
+  - |
+    Configures SELinux to ``permissive`` on the seed hypervisor, which fixes
+    permission issues when provisioning seed or infra VMs.