diff --git a/test/helpers.bash b/test/helpers.bash
index 752b666e2e8..1e004e8d21b 100644
--- a/test/helpers.bash
+++ b/test/helpers.bash
@@ -499,7 +499,7 @@ function ping_pod_from_pod() {
     # in such an environment without giving all containers NET_RAW capability
     # rather than reducing the security of the tests for all cases, skip this check
     # instead
-    if grep -i 'Red Hat\|CentOS' /etc/redhat-release | grep -q " 7"; then
+    if is_rhel_7; then
         return
     fi
 
@@ -507,6 +507,10 @@ function ping_pod_from_pod() {
     crictl exec --sync "$2" ping6 -W 1 -c 2 "$ip"
 }
 
+function is_rhel_7() {
+    grep -i 'Red Hat\|CentOS' /etc/redhat-release | grep -q " 7"
+}
+
 function cleanup_network_conf() {
     rm -rf "$CRIO_CNI_CONFIG"
 }
diff --git a/test/selinux.bats b/test/selinux.bats
index 5d66306cdca..b49ca636654 100644
--- a/test/selinux.bats
+++ b/test/selinux.bats
@@ -25,9 +25,17 @@ function teardown() {
 	if [[ $(getenforce) != "Enforcing" ]]; then
 		skip "not enforcing"
 	fi
+
+	# RHEL/CentOS 7's container-selinux package replaces container_file_t with svirt_sandbox_file_t
+	# under the hood. This causes the annotation to not work correctly.
+	if is_rhel_7; then
+		skip "fails on RHEL 7 or earlier"
+	fi
+
 	VOLUME="$TESTDIR"/dir
+	FILE="$VOLUME"/file
 	mkdir "$VOLUME"
-	touch "$VOLUME"/file
+	touch "$FILE"
 
 	create_runtime_with_allowed_annotation "selinux" "io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel"
 	start_crio
@@ -49,19 +57,19 @@ function teardown() {
 
 	crictl rm "$ctr_id"
 
-	# shellcheck disable=SC2012
-	oldlabel=$(ls -Z "$VOLUME" | awk '{ printf $1 }')
+	# shellcheck disable=SC2010
+	oldlabel=$(ls -Z "$FILE" | grep -o '[a-z,_]*_u:[a-z,_]*_r:[a-z,_]*_t:[c,s,0-9,:,\,]* ')
 
 	# Label file, but not top dir. This will show us the directory was not relabeled (as expected)
-	chcon --reference "$TESTDIR"/container.json "$VOLUME"/file # || \
+	chcon --reference "$TESTDIR"/container.json "$FILE" # || \
 
-	# shellcheck disable=SC2012
-	label=$(ls -Z "$VOLUME" | awk '{ printf $1 }')
+	# shellcheck disable=SC2010
+	label=$(ls -Z "$FILE" | grep -o '[a-z,_]*_u:[a-z,_]*_r:[a-z,_]*_t:[c,s,0-9,:,\,]* ')
 	[[ "$oldlabel" != "$label" ]]
 
 	# Recreate. Since top level is already labeled right, there won't be a relabel.
 	ctr_id=$(crictl create "$pod_id" "$TESTDIR"/container.json "$TESTDIR"/sandbox.json)
-	# shellcheck disable=SC2012
-	newlabel=$(ls -Z "$VOLUME" | awk '{ printf $1 }')
+	# shellcheck disable=SC2010
+	newlabel=$(ls -Z "$FILE" | grep -o '[a-z,_]*_u:[a-z,_]*_r:[a-z,_]*_t:[c,s,0-9,:,\,]* ')
 	[[ "$label" == "$newlabel" ]]
 }