diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/config.toml b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/config.toml
index b5459b93db..c6b44e6634 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/config.toml
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/containerd/files/config.toml
@@ -27,6 +27,10 @@ runtime = "runc"
 # live restore is not supported
 no_shim = false
 
+[plugins."io.containerd.grpc.v1.cri"]
+# enable SELinux labeling
+enable_selinux = true
+
 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
 # setting runc.options unsets parent settings
 runtime_type = "io.containerd.runc.v2"
diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-08-containerd-selinux.md b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-08-containerd-selinux.md
new file mode 100644
index 0000000000..16909ec38a
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-03-08-containerd-selinux.md
@@ -0,0 +1,2 @@
+- Made SELinux enabled by default in default containerd configuration file. ([PR#1699](https://github.com/flatcar-linux/coreos-overlay/pull/1699))
+