diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2022-01-13-policycoreutils-fix-root-path.md b/sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2022-01-13-policycoreutils-fix-root-path.md
new file mode 100644
index 0000000000..77fb882557
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2022-01-13-policycoreutils-fix-root-path.md
@@ -0,0 +1 @@
+- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar-linux/Flatcar/issues/596))
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild
index 949fd35c8c..ca31fa2cea 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild
@@ -220,6 +220,6 @@ pkg_postinst() {
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
 		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
-		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		semodule -p "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }