diff --git a/elements/fedora/finalise.d/11-selinux-autorelabel b/elements/fedora/finalise.d/11-selinux-fixfiles-restore
similarity index 56%
rename from elements/fedora/finalise.d/11-selinux-autorelabel
rename to elements/fedora/finalise.d/11-selinux-fixfiles-restore
index 880fdba2..c14ccdf4 100755
--- a/elements/fedora/finalise.d/11-selinux-autorelabel
+++ b/elements/fedora/finalise.d/11-selinux-fixfiles-restore
@@ -1,6 +1,12 @@
 #!/bin/bash
 
+set -x
+
 # Without fixing selinux file labels, sshd will run in the kernel_t domain
 # instead of the sshd_t domain, making ssh connections fail with
 # "Unable to get valid context for <user>" error message
-touch /.autorelabel
+setfiles /etc/selinux/targeted/contexts/files/file_contexts /
+FIXFILES_LOG=$(mktemp)
+fixfiles -l $FIXFILES_LOG restore
+cat $FIXFILES_LOG
+rm $FIXFILES_LOG
\ No newline at end of file