diff --git a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Afiles.html
index 80793e0..2cd6aea 100644
--- a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Afiles.html
@@ -187,7 +187,24 @@
 89
 90
 91
-92</pre>
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -199,13 +216,17 @@ class puppet_cd::main::files (
 
   if $fqdn != $pt_pm_fqdn {
     file { $pt_puppet_conf_file:
-      ensure  =&gt; file,
-      path    =&gt; $pt_puppet_conf_file,
-      owner   =&gt; &#39;root&#39;,
-      group   =&gt; &#39;root&#39;,
-      mode    =&gt; &#39;0644&#39;,
-      content =&gt; template($pt_puppet_conf_erb),
-      notify  =&gt; Service[$pt_agent_service],
+      ensure   =&gt; file,
+      path     =&gt; $pt_puppet_conf_file,
+      owner    =&gt; &#39;root&#39;,
+      group    =&gt; &#39;root&#39;,
+      mode     =&gt; &#39;0644&#39;,
+      selrange =&gt; s0,
+      selrole  =&gt; object_r,
+      seltype  =&gt; puppet_etc_t,
+      seluser  =&gt; system_u,
+      content  =&gt; template($pt_puppet_conf_erb),
+      notify   =&gt; Service[$pt_agent_service],
     }
     if $pt_use_puppetdb == true {
       file { $pt_node_rb_file:
@@ -228,45 +249,58 @@ class puppet_cd::main::files (
 
   if $fqdn == $pt_pm_fqdn {
     file { $pt_puppet_conf_file:
-      ensure  =&gt; file,
-      path    =&gt; $pt_puppet_conf_file,
-      owner   =&gt; &#39;root&#39;,
-      group   =&gt; &#39;root&#39;,
-      mode    =&gt; &#39;0644&#39;,
-      content =&gt; template($pt_puppet_conf_erb),
-      notify  =&gt; Service[$pt_agent_service,$pt_server_service],
+      ensure   =&gt; file,
+      path     =&gt; $pt_puppet_conf_file,
+      owner    =&gt; &#39;root&#39;,
+      group    =&gt; &#39;root&#39;,
+      mode     =&gt; &#39;0644&#39;,
+      selrange =&gt; s0,
+      selrole  =&gt; object_r,
+      seltype  =&gt; puppet_etc_t,
+      seluser  =&gt; system_u,
+      content  =&gt; template($pt_puppet_conf_erb),
+      notify   =&gt; Service[$pt_agent_service,$pt_server_service],
     }
 
     if $pt_use_puppetdb == true {
       # puppetdb
       file { $pt_puppetdb_conf_file:
-        ensure  =&gt; file,
-        path    =&gt; $pt_puppetdb_conf_file,
-        owner   =&gt; &#39;root&#39;,
-        group   =&gt; &#39;root&#39;,
-        mode    =&gt; &#39;0644&#39;,
-        content =&gt; template($pt_puppetdb_conf_erb),
-        notify  =&gt; Service[$pt_agent_service,$pt_server_service],
+        ensure   =&gt; file,
+        path     =&gt; $pt_puppetdb_conf_file,
+        owner    =&gt; &#39;root&#39;,
+        group    =&gt; &#39;root&#39;,
+        mode     =&gt; &#39;0644&#39;,
+        selrange =&gt; s0,
+        selrole  =&gt; object_r,
+        seltype  =&gt; puppet_etc_t,
+        seluser  =&gt; system_u,
+        content  =&gt; template($pt_puppetdb_conf_erb),
+        notify   =&gt; Service[$pt_agent_service,$pt_server_service],
       }
       # routes.yaml
       file { $pt_routes_file:
-        ensure  =&gt; file,
-        path    =&gt; $pt_routes_file,
-        owner   =&gt; &#39;root&#39;,
-        group   =&gt; &#39;root&#39;,
-        mode    =&gt; &#39;0644&#39;,
-        content =&gt; template($pt_routes_erb),
-        notify  =&gt; Service[$pt_server_service],
+        ensure   =&gt; file,
+        path     =&gt; $pt_routes_file,
+        owner    =&gt; &#39;root&#39;,
+        group    =&gt; &#39;root&#39;,
+        mode     =&gt; &#39;0644&#39;,
+        selrange =&gt; s0,
+        selrole  =&gt; object_r,
+        seltype  =&gt; puppet_etc_t,
+        seluser  =&gt; system_u,
+        content  =&gt; template($pt_routes_erb),
+        notify   =&gt; Service[$pt_server_service],
       }
       file { $pt_node_rb_file:
-        ensure  =&gt; file,
-        owner   =&gt; &#39;puppet&#39;,
-        group   =&gt; &#39;puppet&#39;,
-        mode    =&gt; &#39;0550&#39;,
-        selrole =&gt; object_r,
-        seltype =&gt; foreman_enc_t,
-        seluser =&gt; system_u,
-        content =&gt; template($pt_node_rb_erb),
+        ensure   =&gt; file,
+        owner    =&gt; &#39;puppet&#39;,
+        group    =&gt; &#39;puppet&#39;,
+        mode     =&gt; &#39;0550&#39;,
+        selrange =&gt; s0,
+        selrole  =&gt; object_r,
+        seltype  =&gt; foreman_enc_t,
+        seluser  =&gt; system_u,
+        content  =&gt; template($pt_node_rb_erb),
       }
     }
     if $pt_use_puppetdb != true {
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 74b7a41..ad0c257 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -10,13 +10,17 @@ class puppet_cd::main::files (
 
   if $fqdn != $pt_pm_fqdn {
     file { $pt_puppet_conf_file:
-      ensure  => file,
-      path    => $pt_puppet_conf_file,
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0644',
-      content => template($pt_puppet_conf_erb),
-      notify  => Service[$pt_agent_service],
+      ensure   => file,
+      path     => $pt_puppet_conf_file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_puppet_conf_erb),
+      notify   => Service[$pt_agent_service],
     }
     if $pt_use_puppetdb == true {
       file { $pt_node_rb_file:
@@ -39,45 +43,58 @@ class puppet_cd::main::files (
 
   if $fqdn == $pt_pm_fqdn {
     file { $pt_puppet_conf_file:
-      ensure  => file,
-      path    => $pt_puppet_conf_file,
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0644',
-      content => template($pt_puppet_conf_erb),
-      notify  => Service[$pt_agent_service,$pt_server_service],
+      ensure   => file,
+      path     => $pt_puppet_conf_file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_puppet_conf_erb),
+      notify   => Service[$pt_agent_service,$pt_server_service],
     }
 
     if $pt_use_puppetdb == true {
       # puppetdb
       file { $pt_puppetdb_conf_file:
-        ensure  => file,
-        path    => $pt_puppetdb_conf_file,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0644',
-        content => template($pt_puppetdb_conf_erb),
-        notify  => Service[$pt_agent_service,$pt_server_service],
+        ensure   => file,
+        path     => $pt_puppetdb_conf_file,
+        owner    => 'root',
+        group    => 'root',
+        mode     => '0644',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => puppet_etc_t,
+        seluser  => system_u,
+        content  => template($pt_puppetdb_conf_erb),
+        notify   => Service[$pt_agent_service,$pt_server_service],
       }
       # routes.yaml
       file { $pt_routes_file:
-        ensure  => file,
-        path    => $pt_routes_file,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0644',
-        content => template($pt_routes_erb),
-        notify  => Service[$pt_server_service],
+        ensure   => file,
+        path     => $pt_routes_file,
+        owner    => 'root',
+        group    => 'root',
+        mode     => '0644',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => puppet_etc_t,
+        seluser  => system_u,
+        content  => template($pt_routes_erb),
+        notify   => Service[$pt_server_service],
       }
       file { $pt_node_rb_file:
-        ensure  => file,
-        owner   => 'puppet',
-        group   => 'puppet',
-        mode    => '0550',
-        selrole => object_r,
-        seltype => foreman_enc_t,
-        seluser => system_u,
-        content => template($pt_node_rb_erb),
+        ensure   => file,
+        owner    => 'puppet',
+        group    => 'puppet',
+        mode     => '0550',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => foreman_enc_t,
+        seluser  => system_u,
+        content  => template($pt_node_rb_erb),
       }
     }
     if $pt_use_puppetdb != true {