diff --git a/tests/kola/selinux/kubernetes_file_t/config.fcc b/tests/kola/selinux/kubernetes_file_t/config.fcc
new file mode 100644
index 0000000000..87a12cc57e
--- /dev/null
+++ b/tests/kola/selinux/kubernetes_file_t/config.fcc
@@ -0,0 +1,21 @@
+variant: fcos
+version: 1.3.0
+storage:
+    files:
+      - path: /etc/kubernetes/envfile
+        mode: 0644
+        contents:
+          inline: |
+            KUBE="FCOS"
+systemd:
+  units:
+    - name: kube-env.service
+      enabled: true
+      contents: |
+        [Service]
+        EnvironmentFile=/etc/kubernetes/envfile
+        ExecStart=/usr/bin/echo ${KUBE}
+        RemainAfterExit=yes
+        Type=oneshot
+        [Install]
+        WantedBy=multi-user.target
diff --git a/tests/kola/selinux/kubernetes_file_t/test.sh b/tests/kola/selinux/kubernetes_file_t/test.sh
new file mode 100755
index 0000000000..5cb7cbb5fa
--- /dev/null
+++ b/tests/kola/selinux/kubernetes_file_t/test.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+set -xeuo pipefail
+
+# This test makes sure that systemd can read files in /etc/kubernetes
+# Originally reported downstream in RHCOS, but found to affect FCOS too.
+# See: https://bugzilla.redhat.com/show_bug.cgi?id=1973418
+
+# We don't need to test this on every platform. If it passes in
+# one place it will pass everywhere.
+# kola: { "platforms": "qemu-unpriv" }
+
+ok() {
+    echo "ok" "$@"
+}
+
+fatal() {
+    echo "$@" >&2
+    exit 1
+}
+
+# verify the service didn't fail
+if [ $(systemctl is-failed kube-env.service) != 'active' ]; then
+    fatal "kube-env.service failed unexpectedly"
+fi
+ok "kube-env.service successfully started"
+
+# make sure the unit ran and wrote 'foo' to the journal
+if [ $(journalctl -o cat -u echo@foo.service | sed -n 2p) != 'FCOS' ]; then
+    fatal "kube-env.service did not write 'FCOS' to journal"
+fi
+ok "kube-env.service ran and wrote 'FCOS' to the journal"