Merge pull request #7786 from rhatdan/rootless

Remove SkipIfRootless if possible, document other calls
2025-06-20 09:03:43 +08:00 · 2020-09-28 14:43:46 +00:00
parent d2802636b0 007c0ecd50
commit b0e70a6411
27 changed files with 58 additions and 94 deletions
--- a/cmd/podman/containers/pause.go
+++ b/cmd/podman/containers/pause.go
@ -6,6 +6,7 @@ import (

 	"github.com/containers/podman/v2/cmd/podman/registry"
 	"github.com/containers/podman/v2/cmd/podman/utils"
+	"github.com/containers/podman/v2/pkg/cgroups"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/pkg/errors"
@ -64,7 +65,10 @@ func pause(cmd *cobra.Command, args []string) error {
 		errs utils.OutputErrors
 	)
 	if rootless.IsRootless() && !registry.IsRemote() {
-		return errors.New("pause is not supported for rootless containers")
+		cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
+		if !cgroupv2 {
+			return errors.New("pause is not supported for cgroupv1 rootless containers")
+		}
 	}

 	if len(args) < 1 && !pauseOpts.All {
--- a/cmd/podman/containers/unpause.go
+++ b/cmd/podman/containers/unpause.go
@ -6,6 +6,7 @@ import (

 	"github.com/containers/podman/v2/cmd/podman/registry"
 	"github.com/containers/podman/v2/cmd/podman/utils"
+	"github.com/containers/podman/v2/pkg/cgroups"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/pkg/errors"
@ -62,7 +63,10 @@ func unpause(cmd *cobra.Command, args []string) error {
 		errs utils.OutputErrors
 	)
 	if rootless.IsRootless() && !registry.IsRemote() {
-		return errors.New("unpause is not supported for rootless containers")
+		cgroupv2, _ := cgroups.IsCgroup2UnifiedMode()
+		if !cgroupv2 {
+			return errors.New("unpause is not supported for cgroupv1 rootless containers")
+		}
 	}
 	if len(args) < 1 && !unPauseOptions.All {
 		return errors.Errorf("you must provide at least one container name or id")
--- a/test/e2e/checkpoint_test.go
+++ b/test/e2e/checkpoint_test.go
@ -27,7 +27,7 @@ var _ = Describe("Podman checkpoint", func() {
 	)

 	BeforeEach(func() {
-		SkipIfRootless()
+		SkipIfRootless() //checkpoint not supported in rootless mode
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@ -41,7 +41,7 @@ var _ = Describe("Podman run", func() {
 	})

 	It("podman run limits test", func() {
-		SkipIfRootless()
+		SkipIfRootlessCgroupsV1()
 		//containers.conf is set to "nofile=500:500"
 		session := podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "ulimit", "-n"})
 		session.WaitWithDefaultTimeout()
@ -80,7 +80,6 @@ var _ = Describe("Podman run", func() {
 	})

 	It("podman Capabilities in containers.conf", func() {
-		SkipIfRootless()
 		os.Setenv("CONTAINERS_CONF", "config/containers.conf")
 		cap := podmanTest.Podman([]string{"run", ALPINE, "grep", "CapEff", "/proc/self/status"})
 		cap.WaitWithDefaultTimeout()
@ -94,7 +93,6 @@ var _ = Describe("Podman run", func() {
 	})

 	It("podman Regular capabilities", func() {
-		SkipIfRootless()
 		os.Setenv("CONTAINERS_CONF", "config/containers.conf")
 		setup := podmanTest.RunTopContainer("test1")
 		setup.WaitWithDefaultTimeout()
@ -176,7 +174,6 @@ var _ = Describe("Podman run", func() {
 	})

 	It("podman run containers.conf sysctl test", func() {
-		SkipIfRootless()
 		//containers.conf is set to   "net.ipv4.ping_group_range=0 1000"
 		session := podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "cat", "/proc/sys/net/ipv4/ping_group_range"})
 		session.WaitWithDefaultTimeout()
--- a/test/e2e/create_staticip_test.go
+++ b/test/e2e/create_staticip_test.go
@ -37,21 +37,19 @@ var _ = Describe("Podman create with --ip flag", func() {
 	})

 	It("Podman create --ip with garbage address", func() {
-		SkipIfRootless()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "114232346", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).To(ExitWithError())
 	})

 	It("Podman create --ip with v6 address", func() {
-		SkipIfRootless()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "2001:db8:bad:beef::1", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).To(ExitWithError())
 	})

 	It("Podman create --ip with non-allocatable IP", func() {
-		SkipIfRootless()
+		SkipIfRootless() // --ip is not supported in rootless mode
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result.ExitCode()).To(Equal(0))
@ -83,7 +81,7 @@ var _ = Describe("Podman create with --ip flag", func() {
 	})

 	It("Podman create two containers with the same IP", func() {
-		SkipIfRootless()
+		SkipIfRootless() // --ip not supported in rootless mode
 		ip := GetRandomIPAddress()
 		result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"})
 		result.WaitWithDefaultTimeout()
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@ -552,7 +552,7 @@ var _ = Describe("Podman create", func() {
 	})

 	It("create container in pod with IP should fail", func() {
-		SkipIfRootless()
+		SkipIfRootless() //Setting IP not supported in rootless mode
 		name := "createwithstaticip"
 		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
 		pod.WaitWithDefaultTimeout()
@ -564,7 +564,7 @@ var _ = Describe("Podman create", func() {
 	})

 	It("create container in pod with mac should fail", func() {
-		SkipIfRootless()
+		SkipIfRootless() //Setting MAC Address not supported in rootless mode
 		name := "createwithstaticmac"
 		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
 		pod.WaitWithDefaultTimeout()
@ -576,7 +576,6 @@ var _ = Describe("Podman create", func() {
 	})

 	It("create container in pod with network should fail", func() {
-		SkipIfRootless()
 		name := "createwithnetwork"
 		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
 		pod.WaitWithDefaultTimeout()
@ -589,19 +588,17 @@ var _ = Describe("Podman create", func() {
 	})

 	It("create container in pod with ports should fail", func() {
-		SkipIfRootless()
 		name := "createwithports"
 		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
 		pod.WaitWithDefaultTimeout()
 		Expect(pod.ExitCode()).To(BeZero())

-		session := podmanTest.Podman([]string{"create", "--pod", name, "-p", "80:80", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"create", "--pod", name, "-p", "8080:80", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).ToNot(BeZero())
 	})

 	It("create container in pod ppublish ports should fail", func() {
-		SkipIfRootless()
 		name := "createwithpublishports"
 		pod := podmanTest.RunTopContainerInPod("", "new:"+name)
 		pod.WaitWithDefaultTimeout()
--- a/test/e2e/events_test.go
+++ b/test/e2e/events_test.go
@ -43,7 +43,6 @@ var _ = Describe("Podman events", func() {
 	// These tests are only known to work on Fedora ATM.  Other distributions
 	// will be skipped.
 	It("podman events", func() {
-		SkipIfRootless()
 		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
@ -53,7 +52,6 @@ var _ = Describe("Podman events", func() {
 	})

 	It("podman events with an event filter", func() {
-		SkipIfRootless()
 		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
@ -65,7 +63,6 @@ var _ = Describe("Podman events", func() {

 	It("podman events with an event filter and container=cid", func() {
 		Skip("Does not work on v2")
-		SkipIfRootless()
 		SkipIfNotFedora()
 		_, ec, cid := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
@ -80,7 +77,6 @@ var _ = Describe("Podman events", func() {
 	})

 	It("podman events with a type and filter container=id", func() {
-		SkipIfRootless()
 		SkipIfNotFedora()
 		_, ec, cid := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
@ -91,7 +87,6 @@ var _ = Describe("Podman events", func() {
 	})

 	It("podman events with a type", func() {
-		SkipIfRootless()
 		SkipIfNotFedora()
 		setup := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:foobarpod", ALPINE, "top"})
 		setup.WaitWithDefaultTimeout()
@ -107,7 +102,6 @@ var _ = Describe("Podman events", func() {
 	})

 	It("podman events --since", func() {
-		SkipIfRootless()
 		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
@ -117,7 +111,6 @@ var _ = Describe("Podman events", func() {
 	})

 	It("podman events --until", func() {
-		SkipIfRootless()
 		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
@ -130,7 +123,6 @@ var _ = Describe("Podman events", func() {
 	})

 	It("podman events format", func() {
-		SkipIfRootless()
 		SkipIfNotFedora()
 		_, ec, _ := podmanTest.RunLsContainer("")
 		Expect(ec).To(Equal(0))
--- a/test/e2e/mount_test.go
+++ b/test/e2e/mount_test.go
@ -189,7 +189,7 @@ var _ = Describe("Podman mount", func() {
 	})

 	It("podman list running container", func() {
-		SkipIfRootless()
+		SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code.

 		setup := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"})
 		setup.WaitWithDefaultTimeout()
@ -212,7 +212,7 @@ var _ = Describe("Podman mount", func() {
 	})

 	It("podman list multiple mounted containers", func() {
-		SkipIfRootless()
+		SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code.

 		setup := podmanTest.Podman([]string{"create", ALPINE, "ls"})
 		setup.WaitWithDefaultTimeout()
@ -257,7 +257,7 @@ var _ = Describe("Podman mount", func() {
 	})

 	It("podman list mounted container", func() {
-		SkipIfRootless()
+		SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code.

 		setup := podmanTest.Podman([]string{"create", ALPINE, "ls"})
 		setup.WaitWithDefaultTimeout()
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@ -178,7 +178,8 @@ var _ = Describe("Podman network create", func() {
 	})

 	It("podman network create with name and IPv6 subnet", func() {
-		SkipIfRootless()
+		SkipIfRootless() // FIXME I believe this should work in rootlessmode
+
 		var (
 			results []network.NcList
 		)
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@ -135,6 +135,7 @@ var _ = Describe("Podman network", func() {
 	})

 	It("podman network rm", func() {
+		SkipIfRootless() // FIXME: This one is definitely broken in rootless mode
 		// Setup, use uuid to prevent conflict with other tests
 		uuid := stringid.GenerateNonCryptoID()
 		secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid))
--- a/test/e2e/pause_test.go
+++ b/test/e2e/pause_test.go
@ -24,7 +24,7 @@ var _ = Describe("Podman pause", func() {
 	createdState := "created"

 	BeforeEach(func() {
-		SkipIfRootless()
+		SkipIfRootlessCgroupsV1() // Pause is not supported in cgroups v1
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
--- a/test/e2e/pod_pause_test.go
+++ b/test/e2e/pod_pause_test.go
@ -18,7 +18,7 @@ var _ = Describe("Podman pod pause", func() {
 	pausedState := "paused"

 	BeforeEach(func() {
-		SkipIfRootless()
+		SkipIfRootlessCgroupsV1() // Pause is not supported in cgroups v1
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
--- a/test/e2e/pod_stats_test.go
+++ b/test/e2e/pod_stats_test.go
@ -175,7 +175,7 @@ var _ = Describe("Podman pod stats", func() {

 	It("podman stats on net=host post", func() {
 		// --net=host not supported for rootless pods at present
-		SkipIfRootless()
+		SkipIfRootlessCgroupsV1() // Pause stats not supported in cgroups v1
 		podName := "testPod"
 		podCreate := podmanTest.Podman([]string{"pod", "create", "--net=host", "--name", podName})
 		podCreate.WaitWithDefaultTimeout()
--- a/test/e2e/ps_test.go
+++ b/test/e2e/ps_test.go
@ -400,18 +400,17 @@ var _ = Describe("Podman ps", func() {
 	})

 	It("podman ps test with port range", func() {
-		SkipIfRootless()
 		session := podmanTest.RunTopContainer("")
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))

-		session = podmanTest.Podman([]string{"run", "-dt", "-p", "1000-1006:1000-1006", ALPINE, "top"})
+		session = podmanTest.Podman([]string{"run", "-dt", "-p", "2000-2006:2000-2006", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))

 		session = podmanTest.Podman([]string{"ps", "--format", "{{.Ports}}"})
 		session.WaitWithDefaultTimeout()
-		Expect(session.OutputToString()).To(ContainSubstring("0.0.0.0:1000-1006"))
+		Expect(session.OutputToString()).To(ContainSubstring("0.0.0.0:2000-2006"))
 	})

 	It("podman ps sync flag", func() {
--- a/test/e2e/push_test.go
+++ b/test/e2e/push_test.go
@ -87,7 +87,7 @@ var _ = Describe("Podman push", func() {
 	})

 	It("podman push to local registry with authorization", func() {
-		SkipIfRootless()
+		SkipIfRootless() // FIXME: Creating content in certs.d we use directories in homedir
 		if podmanTest.Host.Arch == "ppc64le" {
 			Skip("No registry image for ppc64le")
 		}
--- a/test/e2e/run_cgroup_parent_test.go
+++ b/test/e2e/run_cgroup_parent_test.go
@ -18,7 +18,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() {
 	)

 	BeforeEach(func() {
-		SkipIfRootless()
+		SkipIfRootlessCgroupsV1() // cgroup parent is not supported in cgroups v1
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
@ -48,6 +48,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() {
 	})

 	Specify("no --cgroup-parent", func() {
+		SkipIfRootless() // FIXME This seems to be broken in rootless mode
 		cgroup := "/libpod_parent"
 		if !Containerized() && podmanTest.CgroupManager != "cgroupfs" {
 			cgroup = "/machine.slice"
--- a/test/e2e/run_cleanup_test.go
+++ b/test/e2e/run_cleanup_test.go
@ -34,7 +34,7 @@ var _ = Describe("Podman run exit", func() {

 	It("podman run -d mount cleanup test", func() {
 		SkipIfRemote("podman-remote does not support mount")
-		SkipIfRootless()
+		SkipIfRootless() // FIXME podman mount requires podman unshare first

 		result := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"})
 		result.WaitWithDefaultTimeout()
--- a/test/e2e/run_cpu_test.go
+++ b/test/e2e/run_cpu_test.go
@ -18,6 +18,8 @@ var _ = Describe("Podman run cpu", func() {
 	)

 	BeforeEach(func() {
+		SkipIfRootlessCgroupsV1()
+
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
@ -45,13 +47,8 @@ var _ = Describe("Podman run cpu", func() {
 	})

 	It("podman run cpu-period", func() {
-		SkipIfRootless()
-
-		cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
-		Expect(err).To(BeNil())
-
 		var result *PodmanSessionIntegration
-		if cgroupsv2 {
+		if CGROUPSV2 {
 			result = podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"})
 		} else {
 			result = podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_period_us"})
@ -62,14 +59,9 @@ var _ = Describe("Podman run cpu", func() {
 	})

 	It("podman run cpu-quota", func() {
-		SkipIfRootless()
-
-		cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
-		Expect(err).To(BeNil())
-
 		var result *PodmanSessionIntegration

-		if cgroupsv2 {
+		if CGROUPSV2 {
 			result = podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"})
 		} else {
 			result = podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"})
@ -80,12 +72,7 @@ var _ = Describe("Podman run cpu", func() {
 	})

 	It("podman run cpus", func() {
-		SkipIfRootless()
-
-		cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
-		Expect(err).To(BeNil())
-
-		if cgroupsv2 {
+		if CGROUPSV2 {
 			result := podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"})
 			result.WaitWithDefaultTimeout()
 			Expect(result.ExitCode()).To(Equal(0))
@ -104,12 +91,7 @@ var _ = Describe("Podman run cpu", func() {
 	})

 	It("podman run cpu-shares", func() {
-		SkipIfRootless()
-
-		cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
-		Expect(err).To(BeNil())
-
-		if cgroupsv2 {
+		if CGROUPSV2 {
 			// [2-262144] is mapped to [1-10000]
 			result := podmanTest.Podman([]string{"run", "--rm", "--cpu-shares=262144", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.weight"})
 			result.WaitWithDefaultTimeout()
@ -124,14 +106,9 @@ var _ = Describe("Podman run cpu", func() {
 	})

 	It("podman run cpuset-cpus", func() {
-		SkipIfRootless()
-
-		cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
-		Expect(err).To(BeNil())
-
 		var result *PodmanSessionIntegration

-		if cgroupsv2 {
+		if CGROUPSV2 {
 			result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpuset.cpus.effective"})
 		} else {
 			result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.cpus"})
@ -142,14 +119,9 @@ var _ = Describe("Podman run cpu", func() {
 	})

 	It("podman run cpuset-mems", func() {
-		SkipIfRootless()
-
-		cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
-		Expect(err).To(BeNil())
-
 		var result *PodmanSessionIntegration

-		if cgroupsv2 {
+		if CGROUPSV2 {
 			result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpuset.mems.effective"})
 		} else {
 			result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.mems"})
--- a/test/e2e/run_device_test.go
+++ b/test/e2e/run_device_test.go
@ -72,7 +72,7 @@ var _ = Describe("Podman run device", func() {
 	})

 	It("podman run device host device and container device parameter are directories", func() {
-		SkipIfRootless()
+		SkipIfRootless() // Can not create devices in /dev in rootless mode
 		Expect(os.MkdirAll("/dev/foodevdir", os.ModePerm)).To(BeNil())
 		defer os.RemoveAll("/dev/foodevdir")

--- a/test/e2e/run_dns_test.go
+++ b/test/e2e/run_dns_test.go
@ -93,7 +93,6 @@ var _ = Describe("Podman run dns", func() {
 	})

 	It("podman run add hostname sets /etc/hosts", func() {
-		SkipIfRootless()
 		session := podmanTest.Podman([]string{"run", "-t", "-i", "--hostname=foobar", ALPINE, "cat", "/etc/hosts"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
--- a/test/e2e/run_memory_test.go
+++ b/test/e2e/run_memory_test.go
@ -17,6 +17,8 @@ var _ = Describe("Podman run memory", func() {
 	)

 	BeforeEach(func() {
+		SkipIfRootlessCgroupsV1()
+
 		SkipIfRootless()
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@ -55,7 +55,7 @@ var _ = Describe("Podman run networking", func() {
 	})

 	It("podman run network expose port 222", func() {
-		SkipIfRootless()
+		SkipIfRootless() // iptables is not supported for rootless users
 		session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", "-P", ALPINE, "/bin/sh"})
 		session.Wait(30)
 		Expect(session.ExitCode()).To(Equal(0))
@ -252,7 +252,7 @@ var _ = Describe("Podman run networking", func() {
 	})

 	It("podman run network expose host port 80 to container port 8000", func() {
-		SkipIfRootless()
+		SkipIfRootless() // iptables is not supported for rootless users
 		session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"})
 		session.Wait(30)
 		Expect(session.ExitCode()).To(Equal(0))
@ -367,7 +367,7 @@ var _ = Describe("Podman run networking", func() {
 	})

 	It("podman run network expose duplicate host port results in error", func() {
-		SkipIfRootless()
+		SkipIfRootless() // FIXME we should be able to run this test in rootless mode with different ports

 		session := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", "80", ALPINE, "/bin/sh"})
 		session.WaitWithDefaultTimeout()
@ -441,7 +441,6 @@ var _ = Describe("Podman run networking", func() {
 	})

 	It("podman run --net container: copies hosts and resolv", func() {
-		SkipIfRootless()
 		ctrName := "ctr1"
 		ctr1 := podmanTest.RunTopContainer(ctrName)
 		ctr1.WaitWithDefaultTimeout()
@ -479,7 +478,7 @@ var _ = Describe("Podman run networking", func() {
 	})

 	It("podman run network in user created network namespace", func() {
-		SkipIfRootless()
+		SkipIfRootless() // ip netns is not supported for rootless users
 		if Containerized() {
 			Skip("Can not be run within a container.")
 		}
@ -496,7 +495,7 @@ var _ = Describe("Podman run networking", func() {
 	})

 	It("podman run n user created network namespace with resolv.conf", func() {
-		SkipIfRootless()
+		SkipIfRootless() // ip netns is not supported for rootless users
 		if Containerized() {
 			Skip("Can not be run within a container.")
 		}
@ -528,7 +527,7 @@ var _ = Describe("Podman run networking", func() {
 	})

 	It("podman run in custom CNI network with --static-ip", func() {
-		SkipIfRootless()
+		SkipIfRootless() //Rootless mode does not support --ip
 		netName := "podmantestnetwork"
 		ipAddr := "10.25.30.128"
 		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
@ -543,7 +542,7 @@ var _ = Describe("Podman run networking", func() {
 	})

 	It("podman run with new:pod and static-ip", func() {
-		SkipIfRootless()
+		SkipIfRootless() // Rootless does not support --ip
 		netName := "podmantestnetwork2"
 		ipAddr := "10.25.40.128"
 		podname := "testpod"
--- a/test/e2e/run_privileged_test.go
+++ b/test/e2e/run_privileged_test.go
@ -17,17 +17,19 @@ import (
 // available than we are aware of, leading to host=FFF... and ctr=3FF...
 // because the latter is all we request. Accept that.
 func containerCapMatchesHost(ctr_cap string, host_cap string) {
+	if isRootless() {
+		return
+	}
 	ctr_cap_n, err := strconv.ParseUint(ctr_cap, 16, 64)
 	Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", ctr_cap)

 	host_cap_n, err := strconv.ParseUint(host_cap, 16, 64)
 	Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", host_cap)

-	// host caps can never be zero (except rootless, which we don't test).
+	// host caps can never be zero (except rootless).
 	// and host caps must always be a superset (inclusive) of container
 	Expect(host_cap_n).To(BeNumerically(">", 0), "host cap %q should be nonzero", host_cap)
 	Expect(host_cap_n).To(BeNumerically(">=", ctr_cap_n), "host cap %q should never be less than container cap %q", host_cap, ctr_cap)
-
 	host_cap_masked := host_cap_n & (1<<len(capability.List()) - 1)
 	Expect(ctr_cap_n).To(Equal(host_cap_masked), "container cap %q is not a subset of host cap %q", ctr_cap, host_cap)
 }
@ -66,7 +68,6 @@ var _ = Describe("Podman privileged container tests", func() {
 	})

 	It("podman privileged CapEff", func() {
-		SkipIfRootless()
 		host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
 		Expect(host_cap.ExitCode()).To(Equal(0))

@ -78,7 +79,6 @@ var _ = Describe("Podman privileged container tests", func() {
 	})

 	It("podman cap-add CapEff", func() {
-		SkipIfRootless()
 		// Get caps of current process
 		host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
 		Expect(host_cap.ExitCode()).To(Equal(0))
@ -106,7 +106,7 @@ var _ = Describe("Podman privileged container tests", func() {
 	})

 	It("podman privileged should inherit host devices", func() {
-		SkipIfRootless()
+		SkipIfRootless() // FIXME: This seems to be broken for rootless mode, /dev/ is close to the same
 		session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "-l", "/dev"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
--- a/test/e2e/run_selinux_test.go
+++ b/test/e2e/run_selinux_test.go
@ -110,7 +110,6 @@ var _ = Describe("Podman run", func() {
 	})

 	It("podman test selinux label /run/secrets", func() {
-		SkipIfRootless()
 		session := podmanTest.Podman([]string{"run", fedoraMinimal, "ls", "-dZ", "/run/secrets"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
@ -143,7 +142,6 @@ var _ = Describe("Podman run", func() {
 	})

 	It("podman test selinux --privileged label /run/secrets", func() {
-		SkipIfRootless()
 		session := podmanTest.Podman([]string{"run", "--privileged", fedoraMinimal, "ls", "-dZ", "/run/secrets"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
--- a/test/e2e/run_staticip_test.go
+++ b/test/e2e/run_staticip_test.go
@ -19,7 +19,7 @@ var _ = Describe("Podman run with --ip flag", func() {
 	)

 	BeforeEach(func() {
-		SkipIfRootless()
+		SkipIfRootless() //rootless does not support --ip
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@ -227,8 +227,8 @@ var _ = Describe("Podman run with volumes", func() {
 	})

 	It("podman run with tmpfs named volume mounts and unmounts", func() {
+		SkipIfRootless() // FIXME:  rootless podman mount requires you to be in a user namespace
 		SkipIfRemote("podman-remote does not support --volumes this test could be simplified to be tested on Remote.")
-		SkipIfRootless()
 		volName := "testvol"
 		mkVolume := podmanTest.Podman([]string{"volume", "create", "--opt", "type=tmpfs", "--opt", "device=tmpfs", "--opt", "o=nodev", "testvol"})
 		mkVolume.WaitWithDefaultTimeout()
--- a/test/e2e/systemd_test.go
+++ b/test/e2e/systemd_test.go
@ -47,7 +47,7 @@ WantedBy=multi-user.target
 	})

 	It("podman start container by systemd", func() {
-		SkipIfRootless()
+		SkipIfRootless() // rootless can not write to /etc
 		if os.Getenv("SKIP_USERNS") != "" {
 			Skip("Skip userns tests.")
 		}