From 33ffe56c42693414f16027fe2dd524e27a05d370 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Fri, 27 Oct 2023 20:06:36 +0000
Subject: [PATCH] tests: iptables-nft does not lock in user space anymore

Effectively disable xtables-tools-locking-vulnerable-to-local-DoS unless
for old versions of RHEL/Fedora/CentOS.

Related: RHEL-14147
---
 .../runtest.sh                                       | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/xtables-tools-locking-vulnerable-to-local-DoS/runtest.sh b/tests/xtables-tools-locking-vulnerable-to-local-DoS/runtest.sh
index abfb03a..1aaaf26 100755
--- a/tests/xtables-tools-locking-vulnerable-to-local-DoS/runtest.sh
+++ b/tests/xtables-tools-locking-vulnerable-to-local-DoS/runtest.sh
@@ -36,11 +36,13 @@ rlJournalStart
     rlPhaseEnd
 
     rlPhaseStartTest
-        rlRun "strace -fe flock,bind,open,openat -o strace.out iptables -w -L" 0 "execute iptables in strace"
-        echo --debug--; cat strace.out
-        rlAssertNotGrep "bind.*xtables" strace.out -E
-        rlAssertGrep " flock(" strace.out
-        rlAssertGrep "/run/xtables.lock" strace.out
+        if rlIsRHEL '<8' || rlIsFedora '<32' || rlIsCentOS '<8'; then
+            rlRun "strace -fe flock,bind,open,openat -o strace.out iptables -w -L" 0 "execute iptables in strace"
+            echo --debug--; cat strace.out
+            rlAssertNotGrep "bind.*xtables" strace.out -E
+            rlAssertGrep " flock(" strace.out
+            rlAssertGrep "/run/xtables.lock" strace.out
+        fi
     rlPhaseEnd
 
     rlPhaseStartCleanup