diff --git a/macros.selinux-policy b/macros.selinux-policy
index 5f80a2d..a6ed0a6 100644
--- a/macros.selinux-policy
+++ b/macros.selinux-policy
@@ -110,8 +110,12 @@ if [ -z "${_policytype}" ]; then \
 fi \
 if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then \
    if [ -f %{_file_context_file_pre} ]; then \
-     %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \
-     rm -f %{_file_context_file_pre} \
+     if [ -z "${TRANSACTIONAL_UPDATE}" ]; then \
+       %{_sbindir}/fixfiles -C %{_file_context_file_pre} restore &> /dev/null \
+       rm -f %{_file_context_file_pre} \
+     else \
+       touch /etc/selinux/.autorelabel \
+     fi \
    fi \
 fi \
 %{nil}
diff --git a/selinux-policy.changes b/selinux-policy.changes
index d416438..7bc3fc0 100644
--- a/selinux-policy.changes
+++ b/selinux-policy.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Nov 29 14:56:01 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
+
+- Update macros.selinux-policy to trigger a full relabel on transactional
+  systems upon module installation. This is rather expensive and will
+  hopefully be replaced by a more fine grained solution later on (bsc#1232753)
+
 -------------------------------------------------------------------
 Wed Sep 04 08:29:38 UTC 2024 - cathy.hu@suse.com