diff --git a/deployment/ironic/ironic-conductor-container-puppet.yaml b/deployment/ironic/ironic-conductor-container-puppet.yaml
index d203d25b5c..698b5ab92c 100644
--- a/deployment/ironic/ironic-conductor-container-puppet.yaml
+++ b/deployment/ironic/ironic-conductor-container-puppet.yaml
@@ -603,7 +603,7 @@ outputs:
             mode: "{{ item.mode|default(omit) }}"
           with_items:
             - { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
-            - { 'path': /var/lib/ironic, 'setype': container_file_t }
+            - { 'path': /var/lib/ironic, 'setype': container_file_t, 'mode': 'g+s' }
         - name: stat /httpboot
           stat: path=/httpboot
           register: stat_httpboot
diff --git a/deployment/ironic/ironic-pxe-container-puppet.yaml b/deployment/ironic/ironic-pxe-container-puppet.yaml
index 16dff6e1b2..ef74180c4b 100644
--- a/deployment/ironic/ironic-pxe-container-puppet.yaml
+++ b/deployment/ironic/ironic-pxe-container-puppet.yaml
@@ -174,6 +174,6 @@ outputs:
             setype: "{{ item.setype }}"
             mode: "{{ item.mode|default(omit) }}"
           with_items:
-            - { 'path': /var/lib/ironic, 'setype': container_file_t }
+            - { 'path': /var/lib/ironic, 'setype': container_file_t, 'mode': 'g+s' }
             - { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
             - { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': container_file_t, 'mode': '0750' }