tests: iptables-nft does not lock in user space anymore

Effectively disable xtables-tools-locking-vulnerable-to-local-DoS unless for old versions of RHEL/Fedora/CentOS. Related: RHEL-14147
2023-10-27 20:06:36 +00:00 · 2023-10-27 20:06:36 +00:00 · 33ffe56c42
parent 66c02f9077
commit 33ffe56c42
1 changed files with 7 additions and 5 deletions
--- a/tests/xtables-tools-locking-vulnerable-to-local-DoS/runtest.sh
+++ b/tests/xtables-tools-locking-vulnerable-to-local-DoS/runtest.sh
@ -36,11 +36,13 @@ rlJournalStart
    rlPhaseEnd

    rlPhaseStartTest
-        rlRun "strace -fe flock,bind,open,openat -o strace.out iptables -w -L" 0 "execute iptables in strace"
-        echo --debug--; cat strace.out
-        rlAssertNotGrep "bind.*xtables" strace.out -E
-        rlAssertGrep " flock(" strace.out
-        rlAssertGrep "/run/xtables.lock" strace.out
+        if rlIsRHEL '<8' || rlIsFedora '<32' || rlIsCentOS '<8'; then
+            rlRun "strace -fe flock,bind,open,openat -o strace.out iptables -w -L" 0 "execute iptables in strace"
+            echo --debug--; cat strace.out
+            rlAssertNotGrep "bind.*xtables" strace.out -E
+            rlAssertGrep " flock(" strace.out
+            rlAssertGrep "/run/xtables.lock" strace.out
+        fi
    rlPhaseEnd

    rlPhaseStartCleanup