From e2a7dc467dead22ac3eee7b8d596ade0acf1006c Mon Sep 17 00:00:00 2001 From: Alexei Znamensky <103110+russoz@users.noreply.github.com> Date: Fri, 17 Apr 2026 18:41:16 +1200 Subject: [PATCH] sefcontext: flush in-process matchpathcon cache (#11812) * fix sefcontext: flush in-process matchpathcon cache after changes Fixes https://github.com/ansible-collections/community.general/issues/888 Co-Authored-By: Claude Sonnet 4.6 * update changelog fragment with PR number and URL Co-Authored-By: Claude Sonnet 4.6 --------- Co-authored-by: Claude Sonnet 4.6 --- .../11812-sefcontext-matchpathcon-cache-flush.yml | 6 ++++++ plugins/modules/sefcontext.py | 8 ++++++++ 2 files changed, 14 insertions(+) create mode 100644 changelogs/fragments/11812-sefcontext-matchpathcon-cache-flush.yml diff --git a/changelogs/fragments/11812-sefcontext-matchpathcon-cache-flush.yml b/changelogs/fragments/11812-sefcontext-matchpathcon-cache-flush.yml new file mode 100644 index 0000000000..942236daa8 --- /dev/null +++ b/changelogs/fragments/11812-sefcontext-matchpathcon-cache-flush.yml @@ -0,0 +1,6 @@ +bugfixes: + - sefcontext - flush the in-process ``matchpathcon`` cache after applying changes, so + subsequent tasks running in the same process (for example via the Mitogen connection + plugin) see the updated SELinux file context rules instead of stale cached data + (https://github.com/ansible-collections/community.general/issues/888, + https://github.com/ansible-collections/community.general/pull/11812). diff --git a/plugins/modules/sefcontext.py b/plugins/modules/sefcontext.py index 9014471cb0..1e64e21e8d 100644 --- a/plugins/modules/sefcontext.py +++ b/plugins/modules/sefcontext.py @@ -280,6 +280,10 @@ def semanage_fcontext_modify(module, result, target, ftype, setype, substitute, if module._diff and prepared_diff: result["diff"] = dict(prepared=prepared_diff) + if changed and not module.check_mode: + # Flush the in-process matchpathcon cache + selinux.matchpathcon_fini() + module.exit_json(changed=changed, seuser=seuser, serange=serange, **result) @@ -327,6 +331,10 @@ def semanage_fcontext_delete(module, result, target, ftype, setype, substitute, if module._diff and prepared_diff: result["diff"] = dict(prepared=prepared_diff) + if changed and not module.check_mode: + # Flush the in-process matchpathcon cache + selinux.matchpathcon_fini() + module.exit_json(changed=changed, **result)