diff --git a/.gitignore b/.gitignore
index 826aad1947..d83eb6f602 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,6 +33,7 @@ tempest.log
 *~
 .eggs/
 .ropeproject/
+*.qcow2
 
 # Files created by releasenotes build
 releasenotes/build
diff --git a/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh b/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
index 5ce2a8ba77..91a7e5bca9 100755
--- a/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
+++ b/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
@@ -30,7 +30,7 @@ fi
 
 if [ "$1" == "add" ]; then
 
-    if [ -x "$(sudo bash -c 'command -v nft')" ]; then
+    if [ -x "$(command -v nft)" ]; then
         # Note: inet for nat requires a 5.2 or newer kernel.
         if [ "$2" == "ipv4" ]; then
             nft add table ip octavia-ipv4
@@ -77,7 +77,7 @@ if [ "$1" == "add" ]; then
 
 elif [ "$1" == "delete" ]; then
 
-    if [ -x "$(sudo bash -c 'command -v nft')" ]; then
+    if [ -x "$(command -v nft)" ]; then
         if [ "$2" == "ipv4" ]; then
             nft flush chain ip octavia-ipv4 ip-udp-masq
             nft delete chain ip octavia-ipv4 ip-udp-masq
diff --git a/releasenotes/notes/fix-selinux-issue-with-lvs-masquerade.sh-ebbb89886148c70f.yaml b/releasenotes/notes/fix-selinux-issue-with-lvs-masquerade.sh-ebbb89886148c70f.yaml
new file mode 100644
index 0000000000..4bcec13c8a
--- /dev/null
+++ b/releasenotes/notes/fix-selinux-issue-with-lvs-masquerade.sh-ebbb89886148c70f.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixed issue with SELinux and the lvs-masquerade.sh script on the amphora.
+    The script already runs with root permissions, so the use of sudo inside the
+    script is unneeded.