diff --git a/selinux/osbuild.if b/selinux/osbuild.if
index 815c691..48d099f 100644
--- a/selinux/osbuild.if
+++ b/selinux/osbuild.if
@@ -93,3 +93,22 @@ interface(`osbuild_role',`
ps_process_pattern($2, osbuild_t)
allow $2 osbuild_t:process { signull signal sigkill };
')
+
+########################################
+##
+## osbuild nnp / nosuid transitions to domain
+##
+##
+##
+## Domain to be allowed to transition into.
+##
+##
+#
+interface(`osbuild_nnp_nosuid_trans',`
+ gen_require(`
+ type osbuild_t;
+ class process2 { nnp_transition nosuid_transition };
+ ')
+
+ allow osbuild_t $1:process2 {nnp_transition nosuid_transition};
+')
diff --git a/selinux/osbuild.te b/selinux/osbuild.te
index 1a5f98d..e4a0c7d 100644
--- a/selinux/osbuild.te
+++ b/selinux/osbuild.te
@@ -31,6 +31,7 @@ unconfined_domain(osbuild_t)
# execute setfiles in the setfiles_mac domain
# when in the osbuild_t domain
seutil_domtrans_setfiles_mac(osbuild_t)
+osbuild_nnp_nosuid_trans(setfiles_mac_t)
# Allow sysadm and unconfined to run osbuild
optional_policy(`
@@ -63,4 +64,5 @@ optional_policy(`
# allow transitioning to install_t (for ostree)
optional_policy(`
anaconda_domtrans_install(osbuild_t)
+ osbuild_nnp_nosuid_trans(install_t)
')