diff --git a/doc/source/developer-notes/V-51379.rst b/doc/source/developer-notes/V-51379.rst
index 393e1b4f..ad0db536 100644
--- a/doc/source/developer-notes/V-51379.rst
+++ b/doc/source/developer-notes/V-51379.rst
@@ -1,7 +1,10 @@
-**Exception**
+**Exception for Ubuntu**
+
+The security role will search for unlabeled devices on CentOS and the playbook
+will fail with an error message if any unlabeled devices are found.
 
 Although SELinux works through a labeling system where every file (including
-devices) receive a label, AppArmor works purely through policies without
-labels. However, openstack-ansible does configure several AppArmor policies
-to reduce the chances and impact of LXC container breakouts on OpenStack
-hosts.
+devices) receives a label, AppArmor on Ubuntu works purely through policies
+without labels. However, OpenStack-Ansible does configure several AppArmor
+policies to reduce the chances and impact of LXC container breakouts on
+OpenStack hosts.
diff --git a/releasenotes/notes/search-for-unlabeled-devices-cb047c5f767e93ce.yaml b/releasenotes/notes/search-for-unlabeled-devices-cb047c5f767e93ce.yaml
new file mode 100644
index 00000000..15742b3f
--- /dev/null
+++ b/releasenotes/notes/search-for-unlabeled-devices-cb047c5f767e93ce.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Tasks were added to search for any device files without a proper SELinux
+    label on CentOS systems. If any of these device labels are found, the
+    playbook execution will stop with an error message.
diff --git a/tasks/misc.yml b/tasks/misc.yml
index 01ca5598..367603b8 100644
--- a/tasks/misc.yml
+++ b/tasks/misc.yml
@@ -412,3 +412,24 @@
   tags:
     - cat2
     - V-38674
+
+- name: Check for unlabeled device files (for V-51379)
+  shell: "find /dev -context '*unlabeled_t*'"
+  register: v51379_unlabeled_devices
+  always_run: True
+  when:
+    - ansible_os_family == 'RedHat'
+  tags:
+    - cat1
+    - V-51379
+
+- name: V-51379 - All device files must be monitored by the Linux Security Module
+  fail:
+    msg: "Devices were found without SELinux labels: {{ v51379_unlabeled_devices.stdout_lines | join(', ') }}"
+  when:
+    - ansible_os_family == 'RedHat'
+    - v51379_unlabeled_devices.stdout is defined
+    - v51379_unlabeled_devices.stdout | length > 0
+  tags:
+    - cat1
+    - V-51379