diff --git a/container-selinux.spec b/container-selinux.spec
index bc8439a..12cc253 100644
--- a/container-selinux.spec
+++ b/container-selinux.spec
@@ -17,10 +17,10 @@
 # Version of SELinux we were using
 %global selinux_policyver 3.14.3-9.el8
 
-Epoch: 2
+Epoch: 3
 Name: container-selinux
 Version: 2.163.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 URL: %{git0}
 Summary: SELinux policies for container runtimes
@@ -93,6 +93,12 @@ if [ $1 -eq 0 ]; then
 %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker
 fi
 
+%triggerpostun -- container-selinux < 3:2.162.1-3
+if %{_sbindir}/selinuxenabled ; then
+  echo "Fixing Rootless SELinux labels in homedir"
+  %{_sbindir}/restorecon -R /home/*/.local/share/containers/storage/overlay*  2> /dev/null || :
+fi
+
 %posttrans
 %selinux_relabel_post -s %{selinuxtype}
 
@@ -106,6 +112,11 @@ fi
 %{_datadir}/containers/selinux/contexts
 
 %changelog
+* Wed Jun 23 2021 Jindrich Novy <jnovy@redhat.com> - 3:2.163.0-2
+- add trigger to fix labels in users homedirs, before overlayfs
+  is supported by default for non root users
+- Related: #1970747
+
 * Mon Jun 14 2021 Jindrich Novy <jnovy@redhat.com> - 2:2.163.0-1
 - update to https://github.com/containers/container-selinux/releases/tag/v2.163.0
 - Related: #1970747