diff --git a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
index e3c3175a2..c815ba055 100644
--- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
@@ -412,6 +412,15 @@
         setype: http_port_t
         state: present
 
+    - name: "Add proper context on created data for tftpboot"
+      sefcontext:
+        target: "{{ item }}"
+        setype: tftpdir_t
+        state: present
+      loop:
+        - /tftpboot
+        - /tftpboot/pxelinux.cfg
+
     - name: "Add proper context on created data for http_boot"
       sefcontext:
         target: "{{ http_boot_folder }}(/.*)?"
diff --git a/playbooks/roles/bifrost-ironic-install/tasks/create_tftpboot.yml b/playbooks/roles/bifrost-ironic-install/tasks/create_tftpboot.yml
index cd4d9c4c5..8a7f5273d 100644
--- a/playbooks/roles/bifrost-ironic-install/tasks/create_tftpboot.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/create_tftpboot.yml
@@ -24,7 +24,12 @@
     - "{{ http_boot_folder }}/pxelinux.cfg"
 
 - name: "Place tftpd map-file"
-  copy: src=tftpboot-map-file dest=/tftpboot/map-file owner=ironic group=ironic
+  copy:
+    src: tftpboot-map-file
+    dest: /tftpboot/map-file
+    owner: ironic
+    group: ironic
+    mode: 0644
 
 - name: "Disable service {{ tftp_service_name }}"
   service: name="{{ tftp_service_name }}" state=stopped enabled=no
diff --git a/releasenotes/notes/tftp-context-6f918743ba9052b0.yaml b/releasenotes/notes/tftp-context-6f918743ba9052b0.yaml
new file mode 100644
index 000000000..8a65c454f
--- /dev/null
+++ b/releasenotes/notes/tftp-context-6f918743ba9052b0.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Adds correct SELinux context for ``/tftpboot``.