diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2
index 4a2b31d13a..e47979472f 100644
--- a/docker/base/Dockerfile.j2
+++ b/docker/base/Dockerfile.j2
@@ -416,7 +416,8 @@ RUN apt-get update \
 {% endif %}
 
 {% if base_distro == 'centos' or base_distro == 'rhel' %}
-RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth
+RUN sed -ri '/-session(\s+)optional(\s+)pam_systemd.so/d' /etc/pam.d/system-auth \
+    && sed -ri '/^[^#]/ s/systemd//g' /etc/nsswitch.conf
 {% endif %}
 
 COPY set_configs.py /usr/local/bin/kolla_set_configs
diff --git a/releasenotes/notes/disable-systemd-nss-on-rhel-based-distros-5d586fcdb9a82da7.yaml b/releasenotes/notes/disable-systemd-nss-on-rhel-based-distros-5d586fcdb9a82da7.yaml
new file mode 100644
index 0000000000..78521b9dcc
--- /dev/null
+++ b/releasenotes/notes/disable-systemd-nss-on-rhel-based-distros-5d586fcdb9a82da7.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Drop systemd support from nsswitch.conf on RHEL-based distros. This avoids
+    unneeded systemd nss lookups inside containers and it also avoids possible
+    selinux denials when a container bind mounts /run and makes the dbus socket
+    available inside the container only to be denied by selinux on the host.