Merge pull request #22306 from edsantiago/gating-fixes

[v4.2.0-rhel] Gating-test fixes

test/system/160-volumes.bats

@@ -149,16 +149,11 @@ EOF
 
     # By default, volumes are mounted exec, but we have manually added the
     # noexec option. This should fail.
-    # ARGH. Unfortunately, runc (used for cgroups v1) produces a different error
+    run_podman 126 run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript
-    local expect_rc=126
-    local expect_msg='.* OCI permission denied.*'
-    if [[ $(podman_runtime) = "runc" ]]; then
-        expect_rc=1
-        expect_msg='.* exec user process caused.*permission denied'
-    fi
 
-    run_podman ${expect_rc} run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript
+    # crun and runc emit different messages, and even runc is inconsistent
-    is "$output" "$expect_msg" "run on volume, noexec"
+    # with itself (output changed some time in 2022?). Deal with all.
+    assert "$output" =~ 'permission denied' "run on volume, noexec"
 
     # With the default, it should pass
     run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript

test/system/200-pod.bats

@@ -474,9 +474,8 @@ spec:
 
 @test "pod resource limits" {
     skip_if_remote "resource limits only implemented on non-remote"
-    if is_rootless; then
+    skip_if_rootless "resource limits only work with root"
-        skip "only meaningful for rootful"
+    skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2"
-    fi
 
     local name1="resources1"
     run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 --memory=10m

test/system/250-systemd.bats

@@ -299,7 +299,7 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
     img="healthcheck_i"
     _build_health_check_image $img
 
-    cname=$(random_string)
+    cname=c_$(random_string)
     run_podman create --name $cname      \
                --health-cmd /healthcheck \
                --health-on-failure=kill  \
@@ -330,7 +330,11 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
     # Wait at most 10 seconds for the service to be restarted
     local timeout=10
     while [[ $timeout -gt 1 ]]; do
-        run_podman '?' container inspect $cname
+        # Possible outcomes:
+        #  - status 0, old container is still terminating: sleep and retry
+        #  - status 0, new CID: yay, break
+        #  - status 1, container not found: sleep and retry
+        run_podman '?' container inspect $cname --format '{{.ID}}'
         if [[ $status == 0 ]]; then
             if [[ "$output" != "$oldID" ]]; then
                 break

test/system/251-system-service.bats

@@ -17,6 +17,10 @@ function teardown() {
 
 @test "podman-system-service containers survive service stop" {
     skip_if_remote "podman system service unavailable over remote"
+    local runtime=$(podman_runtime)
+    if [[ "$runtime" != "crun" ]]; then
+        skip "survival code only implemented in crun; you're using $runtime"
+    fi
 
     port=$(random_free_port)
     URL=tcp://127.0.0.1:$port

test/system/410-selinux.bats

@@ -209,7 +209,7 @@ function check_label() {
 	# https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e
 	#   from failed to set /proc/self/attr/keycreate on procfs
 	#   to   write /proc/self/attr/keycreate: invalid argument
-	runc) expect="OCI runtime error: .*: \(failed to set|write\) /proc/self/attr/keycreate" ;;
+	runc) expect=".*: \(failed to set\|write\) /proc/self/attr/keycreate.*" ;;
 	*)    skip "Unknown runtime '$runtime'";;
     esac