diff --git a/ansible/idr-omero-readonly.yml b/ansible/idr-omero-readonly.yml
index 2fc76b0b..c9294cae 100644
--- a/ansible/idr-omero-readonly.yml
+++ b/ansible/idr-omero-readonly.yml
@@ -35,6 +35,22 @@
 
   tasks:
   # Lock down the read-write node in the read-only cluster
+  - name: install checkpolicy
+    become: true
+    ansible.builtin.dnf:
+      update_cache: true
+      name:
+        - checkpolicy
+        - policycoreutils
+        - ipa-selinux
+  - name: Set selinux vars for nfs
+    ansible.posix.seboolean:
+      name:
+        - nfs_export_all_ro
+        - nfs_export_all_rw
+      state: true
+      persistent: true
+
   - name: check selinux
     debug:
      msg: "SELinux is enabled or permissive"