rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity

tests: iptables-nft does not lock in user space anymore

Browse Source 
Effectively disable xtables-tools-locking-vulnerable-to-local-DoS unless
for old versions of RHEL/Fedora/CentOS.

Related: RHEL-14147
This commit is contained in:
Phil Sutter 2023-10-27 20:06:36 +00:00
parent 66c02f9077
commit 33ffe56c42
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tests/xtables-tools-locking-vulnerable-to-local-DoS/runtest.sh
View File

@ -36,11 +36,13 @@ rlJournalStart
rlPhaseEnd rlPhaseEnd
rlPhaseStartTest rlPhaseStartTest
rlRun "strace -fe flock,bind,open,openat -o strace.out iptables -w -L" 0 "execute iptables in strace" if rlIsRHEL '<8' || rlIsFedora '<32' || rlIsCentOS '<8'; then
echo --debug--; cat strace.out rlRun "strace -fe flock,bind,open,openat -o strace.out iptables -w -L" 0 "execute iptables in strace"
rlAssertNotGrep "bind.*xtables" strace.out -E echo --debug--; cat strace.out
rlAssertGrep " flock(" strace.out rlAssertNotGrep "bind.*xtables" strace.out -E
rlAssertGrep "/run/xtables.lock" strace.out rlAssertGrep " flock(" strace.out
rlAssertGrep "/run/xtables.lock" strace.out
fi
rlPhaseEnd rlPhaseEnd
rlPhaseStartCleanup rlPhaseStartCleanup