stat module, add option to return SELinux Context

coolxxy · web-flow · commit a4e357507774 · 2025-07-02T10:27:54.000-04:00
Added get_selinux_context option
diff --git a/changelogs/fragments/85217-stat-add-selinux-context.yml b/changelogs/fragments/85217-stat-add-selinux-context.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - stat module - add SELinux context as a return value, and add a new option to trigger this return, which is False by default. (https://github.com/ansible/ansible/issues/85217).
diff --git a/lib/ansible/modules/stat.py b/lib/ansible/modules/stat.py
@@ -44,6 +44,14 @@
     version_added: "2.3"
   get_checksum:
     version_added: "1.8"
+  get_selinux_context:
+    description:
+      - Get file SELinux context in a list V([user, role, type, range]),
+        and will get V([None, None, None, None]) if it is not possible to retrieve the context,
+        either because it does not exist or some other issue.
+    type: bool
+    default: no
+    version_added: '2.20'
 extends_documentation_fragment:
   -  action_common_attributes
   -  checksum_common
@@ -346,6 +354,12 @@
             type: list
             sample: [ immutable, extent ]
             version_added: 2.3
+        selinux_context:
+            description: The SELinux context of a path
+            returned: success, path exists and user can execute the path
+            type: list
+            sample: [ user, role, type, range ]
+            version_added: '2.20'
         version:
             description: The version/generation attribute of a file according to the filesystem
             returned: success, path exists, user can execute the path, lsattr is available and filesystem supports
@@ -434,6 +448,7 @@ def main():
             get_checksum=dict(type='bool', default=True),
             get_mime=dict(type='bool', default=True, aliases=['mime', 'mime_type', 'mime-type']),
             get_attributes=dict(type='bool', default=True, aliases=['attr', 'attributes']),
+            get_selinux_context=dict(type='bool', default=False),
             checksum_algorithm=dict(type='str', default='sha1',
                                     choices=['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'],
                                     aliases=['checksum', 'checksum_algo']),
@@ -448,6 +463,7 @@ def main():
     get_attr = module.params.get('get_attributes')
     get_checksum = module.params.get('get_checksum')
     checksum_algorithm = module.params.get('checksum_algorithm')
+    get_selinux_context = module.params.get('get_selinux_context')
 
     # main stat data
     try:
@@ -515,6 +531,10 @@ def main():
             if x in out:
                 output[x] = out[x]
 
+    # try to get SELinux context
+    if get_selinux_context:
+        output['selinux_context'] = module.selinux_context(b_path)
+
     module.exit_json(changed=False, stat=output)
 
 
diff --git a/test/integration/targets/stat/tasks/main.yml b/test/integration/targets/stat/tasks/main.yml
@@ -177,3 +177,27 @@
         - "stat_result.changed == false"
         - "stat_result.stat.mimetype == 'text/plain'"
         - "stat_result.stat.charset == 'us-ascii'"
+
+- name: check stat a file with get_selinux_context on
+  stat:
+    path: "{{ remote_tmp_dir }}/foo.txt"
+    get_selinux_context: True
+  register: stat_result
+
+- debug: var=stat_result
+
+- assert:
+    that:
+        - "'selinux_context' in stat_result.stat"
+
+- name: check stat a file with get_selinux_context off
+  stat:
+    path: "{{ remote_tmp_dir }}/foo.txt"
+    get_selinux_context: False
+  register: stat_result
+
+- debug: var=stat_result
+
+- assert:
+    that:
+        - "'selinux_context' not in stat_result.stat"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+minor_changes:`
	`2`	`+ - stat module - add SELinux context as a return value, and add a new option to trigger this return, which is False by default. (https://github.com/ansible/ansible/issues/85217).`