diff --git a/osbuild/buildroot.py b/osbuild/buildroot.py
index ddc60a0b..85c3e192 100644
--- a/osbuild/buildroot.py
+++ b/osbuild/buildroot.py
@@ -237,6 +237,12 @@ class BuildRoot(contextlib.AbstractContextManager):
         mounts += ["--ro-bind-try",
                    os.path.join(self._rootdir, "etc/containers"),
                    "/etc/containers"]
+        mounts += ["--ro-bind-try",
+                   os.path.join(self._rootdir, "ostree"),
+                   "/ostree"]
+        mounts += ["--ro-bind-try",
+                   os.path.join(self._rootdir, "etc/selinux/targeted/contexts"),
+                   "/etc/selinux/targeted/contexts"]
 
         # We execute our own modules by bind-mounting them from the host into
         # the build-root. We have minimal requirements on the build-root, so
diff --git a/stages/org.osbuild.bootc.install-to-filesystem b/stages/org.osbuild.bootc.install-to-filesystem
new file mode 100755
index 00000000..6b8c376a
--- /dev/null
+++ b/stages/org.osbuild.bootc.install-to-filesystem
@@ -0,0 +1,62 @@
+#!/usr/bin/python3
+"""Run bootc install to-filesystem
+
+Note that this needs the disk.img in the inputs as one continous
+devices so that bootupd can install grub to the mbr.
+
+Buildhost commands used: bootc
+"""
+
+import subprocess
+import sys
+
+import osbuild.api
+from osbuild.util import containers
+
+CAPABILITIES = ["CAP_MAC_ADMIN"]
+
+SCHEMA_2 = r"""
+"inputs": {
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["images"],
+  "properties": {
+    "images": {
+      "type": "object",
+      "additionalProperties": true
+    }
+  }
+},
+"options": {
+  "additionalProperties": false
+},
+"devices": {
+  "type": "object",
+  "additionalProperties": true
+},
+"mounts": {
+  "type": "array"
+}
+"""
+
+
+def main(inputs, mounts):
+    images = containers.parse_containers_input(inputs)
+    assert len(images) == 1
+    image = list(images.values())[0]
+
+    with containers.container_source(image) as (_, source):
+        dst = mounts["root"]["path"]
+        subprocess.run(
+            ["bootc", "install", "to-filesystem",
+             "--source-imgref", source,
+             "--skip-fetch-check", "--generic-image",
+             dst],
+            check=True
+        )
+
+
+if __name__ == "__main__":
+    args = osbuild.api.arguments()
+    r = main(args["inputs"], args["mounts"])
+    sys.exit(r)