diff --git a/pkg/assets/rte/assets.go b/pkg/assets/rte/assets.go
index 7211fb33..03e46d16 100644
--- a/pkg/assets/rte/assets.go
+++ b/pkg/assets/rte/assets.go
@@ -2,16 +2,29 @@ package rte
 
 import (
 	_ "embed"
+
+	"github.com/k8stopologyawareschedwg/deployer/pkg/deployer/platform"
 )
 
 //go:embed selinuxinstall.service.template
 var SELinuxInstallSystemdServiceTemplate []byte
 
-//go:embed selinuxpolicy.cil
-var SELinuxPolicy []byte
+//go:embed selinuxpolicy-ocp410.cil
+var SELinuxPolicyOCP410 []byte
+
+//go:embed selinuxpolicy-ocp411.cil
+var SELinuxPolicyOCP411 []byte
 
 //go:embed hookconfigrtenotifier.json.template
 var HookConfigRTENotifier []byte
 
 //go:embed rte-notifier.sh
 var NotifierScript []byte
+
+func GetSELinuxPolicy(ver platform.Version) []byte {
+	// error should never happen: we control the input here
+	if ok, _ := ver.AtLeastString("4.11"); ok {
+		return SELinuxPolicyOCP411
+	}
+	return SELinuxPolicyOCP410
+}
diff --git a/pkg/assets/rte/selinuxpolicy.cil b/pkg/assets/rte/selinuxpolicy-ocp410.cil
similarity index 100%
rename from pkg/assets/rte/selinuxpolicy.cil
rename to pkg/assets/rte/selinuxpolicy-ocp410.cil
diff --git a/pkg/assets/rte/selinuxpolicy-ocp411.cil b/pkg/assets/rte/selinuxpolicy-ocp411.cil
new file mode 100644
index 00000000..32dff5df
--- /dev/null
+++ b/pkg/assets/rte/selinuxpolicy-ocp411.cil
@@ -0,0 +1,21 @@
+(block rte
+	(type process)
+	(roletype system_r process)
+	(typeattributeset domain (process))
+	;
+	; Giving rte.process the same attributes as container_t
+	(typeattributeset container_domain (process))
+	(typeattributeset container_net_domain (process))
+	(typeattributeset svirt_sandbox_domain (process))
+	(typeattributeset sandbox_net_domain (process))
+
+	;
+	; Allow to RTE pod access to /run/rte directory
+	(allow process container_var_run_t (dir (add_name write)))
+	(allow process container_var_run_t (file (create read write open)))
+
+	;
+	; Allow to RTE pod connect, read and write permissions to /var/lib/kubelet/pod-resource/kubelet.sock
+	(allow process container_var_lib_t (sock_file (open getattr read write ioctl lock append)))
+	(allow process kubelet_t (unix_stream_socket (connectto)))
+)
diff --git a/pkg/manifests/manifests.go b/pkg/manifests/manifests.go
index 73452da5..5a972ecf 100644
--- a/pkg/manifests/manifests.go
+++ b/pkg/manifests/manifests.go
@@ -429,7 +429,7 @@ func DaemonSet(component, subComponent string, plat platform.Platform, namespace
 	return ds, nil
 }
 
-func MachineConfig(component string) (*machineconfigv1.MachineConfig, error) {
+func MachineConfig(component string, ver platform.Version) (*machineconfigv1.MachineConfig, error) {
 	if component != ComponentResourceTopologyExporter {
 		return nil, fmt.Errorf("component %q is not an %q component", component, ComponentResourceTopologyExporter)
 	}
@@ -444,7 +444,7 @@ func MachineConfig(component string) (*machineconfigv1.MachineConfig, error) {
 		return nil, fmt.Errorf("unexpected type, got %t", obj)
 	}
 
-	ignitionConfig, err := getIgnitionConfig()
+	ignitionConfig, err := getIgnitionConfig(ver)
 	if err != nil {
 		return nil, err
 	}
@@ -453,11 +453,10 @@ func MachineConfig(component string) (*machineconfigv1.MachineConfig, error) {
 	return mc, nil
 }
 
-func getIgnitionConfig() ([]byte, error) {
+func getIgnitionConfig(ver platform.Version) ([]byte, error) {
 	var files []igntypes.File
 
-	// load SELinux policy
-	files = addFileToIgnitionConfig(files, rteassets.SELinuxPolicy, 0644, seLinuxRTEPolicyDst)
+	files = addFileToIgnitionConfig(files, rteassets.GetSELinuxPolicy(ver), 0644, seLinuxRTEPolicyDst)
 
 	// load RTE notifier OCI hook config
 	notifierHookConfigContent, err := getTemplateContent(rteassets.HookConfigRTENotifier, map[string]string{
diff --git a/pkg/manifests/manifests_test.go b/pkg/manifests/manifests_test.go
index c54ffd09..709f9ce1 100644
--- a/pkg/manifests/manifests_test.go
+++ b/pkg/manifests/manifests_test.go
@@ -558,29 +558,59 @@ func TestDaemonSet(t *testing.T) {
 }
 
 func TestMachineConfig(t *testing.T) {
-	mc, err := MachineConfig(ComponentResourceTopologyExporter)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
 
-	ignitionConfig := &igntypes.Config{}
-	if err := json.Unmarshal(mc.Spec.Config.Raw, ignitionConfig); err != nil {
-		t.Fatalf("failed to unmarshal ignition config: %v", err)
+	type testCase struct {
+		name            string
+		platformVersion platform.Version
+		expectedFileNum int
+		expectedUnitNum int
 	}
-
+	// In both these cases:
 	// we are expecting to have 3 files
 	// 1. OCI hook configuration
 	// 2. OCI hook script
 	// 3. SELinux policy
-	if len(ignitionConfig.Storage.Files) != 3 {
-		klog.Errorf("ignition config files: %+v", ignitionConfig.Storage.Files)
-		t.Fatalf("the ignition config has %d files when it should have %d", len(ignitionConfig.Storage.Files), 3)
-	}
 
-	// we are expecting only one systemd unit
+	// One systemd unit
 	// 1. Systemd unit to install the SELinux policy
-	if len(ignitionConfig.Systemd.Units) != 1 {
-		klog.Errorf("ignition config systemd units: %+v", ignitionConfig.Systemd.Units)
-		t.Fatalf("the ignition config has %d systemd units when it should have %d", len(ignitionConfig.Systemd.Units), 1)
+
+	// TODO: Check SELinuxPolicy in the various cases
+	testCases := []testCase{
+		{
+			name:            "OCP 4.10",
+			platformVersion: "4.10",
+			expectedFileNum: 3,
+			expectedUnitNum: 1,
+		},
+		{
+			name:            "OCP 4.11",
+			platformVersion: "4.11",
+			expectedFileNum: 3,
+			expectedUnitNum: 1,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			mc, err := MachineConfig(ComponentResourceTopologyExporter, platform.Version(tc.platformVersion))
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+
+			ignitionConfig := &igntypes.Config{}
+			if err := json.Unmarshal(mc.Spec.Config.Raw, ignitionConfig); err != nil {
+				t.Fatalf("failed to unmarshal ignition config: %v", err)
+			}
+
+			if len(ignitionConfig.Storage.Files) != tc.expectedFileNum {
+				klog.Errorf("ignition config files: %+v", ignitionConfig.Storage.Files)
+				t.Fatalf("the ignition config has %d files when it should have %d", len(ignitionConfig.Storage.Files), tc.expectedFileNum)
+			}
+
+			if len(ignitionConfig.Systemd.Units) != tc.expectedUnitNum {
+				klog.Errorf("ignition config systemd units: %+v", ignitionConfig.Systemd.Units)
+				t.Fatalf("the ignition config has %d systemd units when it should have %d", len(ignitionConfig.Systemd.Units), tc.expectedUnitNum)
+			}
+		})
 	}
 }
diff --git a/pkg/manifests/rte/rte.go b/pkg/manifests/rte/rte.go
index 5e38cc23..d1f5dd6a 100644
--- a/pkg/manifests/rte/rte.go
+++ b/pkg/manifests/rte/rte.go
@@ -250,7 +250,7 @@ func GetManifests(plat platform.Platform, namespace string) (Manifests, error) {
 	mf := New(plat)
 
 	if plat == platform.OpenShift {
-		mf.MachineConfig, err = manifests.MachineConfig(manifests.ComponentResourceTopologyExporter)
+		mf.MachineConfig, err = manifests.MachineConfig(manifests.ComponentResourceTopologyExporter, platform.Version(plat))
 		if err != nil {
 			return mf, err
 		}