diff --git a/mysql/server.sls b/mysql/server.sls
index 839bf31..50995ab 100644
--- a/mysql/server.sls
+++ b/mysql/server.sls
@@ -23,3 +23,20 @@ my.cnf:
     - watch_in:
       - service: mysqld
 {% endif %}
+
+# Set SELinux to permissive mode while installing mysqld otherwise the
+# mysql user will not be created; restore enforcing when done.
+{% if (grains['os_family'] == 'RedHat'
+    and salt['cmd.run']("sestatus | awk '/Current mode/ { print $3 }'") == 'enforcing') %}
+selinux_permissive:
+  cmd.run:
+    - name: setenforce permissive
+    - prereq:
+      - pkg: mysqld
+
+selinux_enforcing:
+  cmd.wait:
+    - name: setenforce enforcing
+    - watch_in:
+      - pkg: mysqld
+{% endif %}