diff --git a/roles/vmhost/files/fix-run-libvirt-network.conf b/roles/vmhost/files/fix-run-libvirt-network.conf
new file mode 100644
index 0000000..710aaf5
--- /dev/null
+++ b/roles/vmhost/files/fix-run-libvirt-network.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStartPre=+/bin/mkdir -p %t/libvirt/network
+ExecStartPre=+/bin/chcon -t virtnetworkd_var_run_t %t/libvirt/network
diff --git a/roles/vmhost/tasks/main.yml b/roles/vmhost/tasks/main.yml
index 93ffa3f..b492095 100644
--- a/roles/vmhost/tasks/main.yml
+++ b/roles/vmhost/tasks/main.yml
@@ -40,6 +40,31 @@
   tags:
   - log-dir
 
+- name: ensure virtnetworkd.service drop-in directory exists
+  file:
+    path: /etc/systemd/system/virtnetworkd.service.d
+    owner: root
+    group: root
+    mode: u=rwx,go=rx
+    state: directory
+  tags:
+  - systemd
+  - virtnetworkd-selinux-bug
+  - 'rhbz#2362040'
+- name: 'ensure virtnetworkd selinux bug work-around is in place (rhbz#2362040)'
+  copy:
+    src: fix-run-libvirt-network.conf
+    dest: /etc/systemd/system/virtnetworkd.service.d/
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - reload systemd
+  tags:
+  - systemd
+  - virtnetworkd-selinux-bug
+  - 'rhbz#2362040'
+
 - name: ensure libvirtd starts at boot
   service:
     name: '{{ item }}'