1 files changed, 16 insertions, 0 deletions

diff --git a/lib/puppet/type/file/selcontext.rb b/lib/puppet/type/file/selcontext.rb
index a33c6a000..ea385eec0 100644
--- a/lib/puppet/type/file/selcontext.rb
+++ b/lib/puppet/type/file/selcontext.rb
@@ -32,9 +32,14 @@ module Puppet
     end
 
     def retrieve_default_context(property)
+      if @resource[:selinux_ignore_defaults] == :true
+        return nil
+      end
+
       unless context = self.get_selinux_default_context(@resource[:path])
         return nil
       end
+
       property_default = self.parse_selinux_context(property, context)
       self.debug "Found #{property} default '#{property_default}' for #{@resource[:path]}" if not property_default.nil?
       property_default
@@ -54,6 +59,17 @@ module Puppet
     end
   end
 
+  Puppet::Type.type(:file).newparam(:selinux_ignore_defaults) do
+    desc "If this is set then Puppet will not ask SELinux (via matchpathcon) to
+      supply defaults for the SELinux attributes (seluser, selrole,
+      seltype, and selrange). In general, you should leave this set at its
+      default and only set it to true when you need Puppet to not try to fix
+      SELinux labels automatically."
+    newvalues(:true, :false)
+
+    defaultto :false
+  end
+
   Puppet::Type.type(:file).newproperty(:seluser, :parent => Puppet::SELFileContext) do
     desc "What the SELinux user component of the context of the file should be.
       Any valid SELinux user component is accepted.  For example `user_u`.