Merge pull request #7054 from mheon/backports_203

Backports and Release Notes for v2.0.3

16 files changed, 420 insertions, 65 deletions

diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 6633f3a53..acd28170b 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -591,3 +591,7 @@ func SkipIfNotFedora() {
 		ginkgo.Skip("Test can only run on Fedora")
 	}
 }
+
+func isRootless() bool {
+	return os.Geteuid() != 0
+}
diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go
index 995193a7d..261792a39 100644
--- a/test/e2e/create_staticip_test.go
+++ b/test/e2e/create_staticip_test.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"time"
 
+	"github.com/containers/libpod/v2/pkg/rootless"
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -19,7 +20,6 @@ var _ = Describe("Podman create with --ip flag", func() {
 	)
 
 	BeforeEach(func() {
-		SkipIfRootless()
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
@@ -39,18 +39,21 @@ var _ = Describe("Podman create with --ip flag", func() {
 	})
 
 	It("Podman create --ip with garbage address", func() {
+		SkipIfRootless()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "114232346", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).To(ExitWithError())
 	})
 
 	It("Podman create --ip with v6 address", func() {
+		SkipIfRootless()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "2001:db8:bad:beef::1", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).To(ExitWithError())
 	})
 
 	It("Podman create --ip with non-allocatable IP", func() {
+		SkipIfRootless()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result.ExitCode()).To(Equal(0))
@@ -64,19 +67,25 @@ var _ = Describe("Podman create with --ip flag", func() {
 		ip := GetRandomIPAddress()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", ip, ALPINE, "ip", "addr"})
 		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
+		// Rootless static ip assignment should error
+		if rootless.IsRootless() {
+			Expect(result.ExitCode()).To(Equal(125))
+		} else {
+			Expect(result.ExitCode()).To(Equal(0))
 
-		result = podmanTest.Podman([]string{"start", "test"})
-		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
+			result = podmanTest.Podman([]string{"start", "test"})
+			result.WaitWithDefaultTimeout()
+			Expect(result.ExitCode()).To(Equal(0))
 
-		result = podmanTest.Podman([]string{"logs", "test"})
-		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
-		Expect(result.OutputToString()).To(ContainSubstring(ip + "/16"))
+			result = podmanTest.Podman([]string{"logs", "test"})
+			result.WaitWithDefaultTimeout()
+			Expect(result.ExitCode()).To(Equal(0))
+			Expect(result.OutputToString()).To(ContainSubstring(ip + "/16"))
+		}
 	})
 
 	It("Podman create two containers with the same IP", func() {
+		SkipIfRootless()
 		ip := GetRandomIPAddress()
 		result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"})
 		result.WaitWithDefaultTimeout()
diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go
index 93af5ab10..33675d607 100644
--- a/test/e2e/create_staticmac_test.go
+++ b/test/e2e/create_staticmac_test.go
@@ -1,10 +1,9 @@
-// +build !remoteclient
-
 package integration
 
 import (
 	"os"
 
+	"github.com/containers/libpod/v2/pkg/rootless"
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -18,7 +17,6 @@ var _ = Describe("Podman run with --mac-address flag", func() {
 	)
 
 	BeforeEach(func() {
-		SkipIfRootless()
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
@@ -40,7 +38,11 @@ var _ = Describe("Podman run with --mac-address flag", func() {
 	It("Podman run --mac-address", func() {
 		result := podmanTest.Podman([]string{"run", "--mac-address", "92:d0:c6:0a:29:34", ALPINE, "ip", "addr"})
 		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
-		Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:0a:29:34"))
+		if rootless.IsRootless() {
+			Expect(result.ExitCode()).To(Equal(125))
+		} else {
+			Expect(result.ExitCode()).To(Equal(0))
+			Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:0a:29:34"))
+		}
 	})
 })
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go
index 5a519413e..736376207 100644
--- a/test/e2e/exec_test.go
+++ b/test/e2e/exec_test.go
@@ -98,7 +98,6 @@ var _ = Describe("Podman exec", func() {
 
 	It("podman exec os.Setenv env", func() {
 		// remote doesn't properly interpret os.Setenv
-		SkipIfRemote()
 		setup := podmanTest.RunTopContainer("test1")
 		setup.WaitWithDefaultTimeout()
 		Expect(setup.ExitCode()).To(Equal(0))
diff --git a/test/e2e/info_test.go b/test/e2e/info_test.go
index e38ace53f..8aa9712fd 100644
--- a/test/e2e/info_test.go
+++ b/test/e2e/info_test.go
@@ -11,6 +11,7 @@ import (
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega/gexec"
 )
 
 var _ = Describe("Podman Info", func() {
@@ -35,11 +36,30 @@ var _ = Describe("Podman Info", func() {
 		processTestResult(f)
 	})
 
-	It("podman info json output", func() {
-		session := podmanTest.Podman([]string{"info", "--format=json"})
-		session.WaitWithDefaultTimeout()
-		Expect(session.ExitCode()).To(Equal(0))
-
+	It("podman info --format json", func() {
+		tests := []struct {
+			input    string
+			success  bool
+			exitCode int
+		}{
+			{"json", true, 0},
+			{" json", true, 0},
+			{"json ", true, 0},
+			{"  json   ", true, 0},
+			{"{{json .}}", true, 0},
+			{"{{ json .}}", true, 0},
+			{"{{json .   }}", true, 0},
+			{"  {{  json .    }}   ", true, 0},
+			{"{{json }}", false, 125},
+			{"{{json .", false, 125},
+			{"json . }}", false, 0}, // Note: this does NOT fail but produces garbage
+		}
+		for _, tt := range tests {
+			session := podmanTest.Podman([]string{"info", "--format", tt.input})
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(Exit(tt.exitCode))
+			Expect(session.IsJSONOutputValid()).To(Equal(tt.success))
+		}
 	})
 
 	It("podman info --format GO template", func() {
diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go
index cb1bae16d..ad0f8023b 100644
--- a/test/e2e/libpod_suite_remote_test.go
+++ b/test/e2e/libpod_suite_remote_test.go
@@ -28,11 +28,6 @@ func SkipIfRootless() {
 		ginkgo.Skip("This function is not enabled for rootless podman")
 	}
 }
-func SkipIfRootlessV2() {
-	if os.Geteuid() != 0 {
-		ginkgo.Skip("This function is not enabled for v2 rootless podman")
-	}
-}
 
 // Podman is the exec call to podman on the filesystem
 func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration {
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 63d5eff21..b1844b917 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 	"text/template"
 
 	. "github.com/containers/libpod/v2/test/utils"
@@ -50,6 +51,10 @@ spec:
     {{ range .Cmd }}
     - {{.}}
     {{ end }}
+    args:
+    {{ range .Arg }}
+    - {{.}}
+    {{ end }}
     env:
     - name: PATH
       value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -129,6 +134,10 @@ spec:
         {{ range .Cmd }}
         - {{.}}
         {{ end }}
+        args:
+        {{ range .Arg }}
+        - {{.}}
+        {{ end }}
         env:
         - name: PATH
           value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -171,6 +180,7 @@ spec:
 var (
 	defaultCtrName        = "testCtr"
 	defaultCtrCmd         = []string{"top"}
+	defaultCtrArg         = []string{"-d", "1.5"}
 	defaultCtrImage       = ALPINE
 	defaultPodName        = "testPod"
 	defaultDeploymentName = "testDeployment"
@@ -322,6 +332,7 @@ type Ctr struct {
 	Name            string
 	Image           string
 	Cmd             []string
+	Arg             []string
 	SecurityContext bool
 	Caps            bool
 	CapAdd          []string
@@ -332,7 +343,7 @@ type Ctr struct {
 // getCtr takes a list of ctrOptions and returns a Ctr with sane defaults
 // and the configured options
 func getCtr(options ...ctrOption) *Ctr {
-	c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, true, false, nil, nil, ""}
+	c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, defaultCtrArg, true, false, nil, nil, ""}
 	for _, option := range options {
 		option(&c)
 	}
@@ -347,6 +358,12 @@ func withCmd(cmd []string) ctrOption {
 	}
 }
 
+func withArg(arg []string) ctrOption {
+	return func(c *Ctr) {
+		c.Arg = arg
+	}
+}
+
 func withImage(img string) ctrOption {
 	return func(c *Ctr) {
 		c.Image = img
@@ -438,14 +455,50 @@ var _ = Describe("Podman generate kube", func() {
 		kube.WaitWithDefaultTimeout()
 		Expect(kube.ExitCode()).To(Equal(0))
 
-		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod)})
+		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Cmd }}'"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+		// Use the defined command to override the image's command
+		correctCmd := "[" + strings.Join(defaultCtrCmd, " ") + " " + strings.Join(defaultCtrArg, " ")
+		Expect(inspect.OutputToString()).To(ContainSubstring(correctCmd))
+	})
+
+	It("podman play kube test correct command with only set command in yaml file", func() {
+		pod := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg(nil))))
+		err := generatePodKubeYaml(pod, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+
+		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Cmd }}'"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+		// Use the defined command to override the image's command, and don't set the args
+		// so the full command in result should not contains the image's command
+		Expect(inspect.OutputToString()).To(ContainSubstring(`[echo hello]`))
+	})
+
+	It("podman play kube test correct command with only set args in yaml file", func() {
+		pod := getPod(withCtr(getCtr(withImage(redis), withCmd(nil), withArg([]string{"echo", "hello"}))))
+		err := generatePodKubeYaml(pod, kubeYaml)
+		Expect(err).To(BeNil())
+
+		kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+		kube.WaitWithDefaultTimeout()
+		Expect(kube.ExitCode()).To(Equal(0))
+
+		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Cmd }}'"})
 		inspect.WaitWithDefaultTimeout()
 		Expect(inspect.ExitCode()).To(Equal(0))
-		Expect(inspect.OutputToString()).To(ContainSubstring(defaultCtrCmd[0]))
+		// this image's ENTRYPOINT is called `docker-entrypoint.sh`
+		// so result should be `docker-entrypoint.sh + withArg(...)`
+		Expect(inspect.OutputToString()).To(ContainSubstring(`[docker-entrypoint.sh echo hello]`))
 	})
 
 	It("podman play kube test correct output", func() {
-		p := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}))))
+		p := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg([]string{"world"}))))
 
 		err := generatePodKubeYaml(p, kubeYaml)
 		Expect(err).To(BeNil())
@@ -457,12 +510,12 @@ var _ = Describe("Podman generate kube", func() {
 		logs := podmanTest.Podman([]string{"logs", getCtrNameInPod(p)})
 		logs.WaitWithDefaultTimeout()
 		Expect(logs.ExitCode()).To(Equal(0))
-		Expect(logs.OutputToString()).To(ContainSubstring("hello"))
+		Expect(logs.OutputToString()).To(ContainSubstring("hello world"))
 
 		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(p), "--format", "'{{ .Config.Cmd }}'"})
 		inspect.WaitWithDefaultTimeout()
 		Expect(inspect.ExitCode()).To(Equal(0))
-		Expect(inspect.OutputToString()).To(ContainSubstring("hello"))
+		Expect(inspect.OutputToString()).To(ContainSubstring(`[echo hello world]`))
 	})
 
 	It("podman play kube test hostname", func() {
@@ -498,7 +551,7 @@ var _ = Describe("Podman generate kube", func() {
 
 	It("podman play kube cap add", func() {
 		capAdd := "CAP_SYS_ADMIN"
-		ctr := getCtr(withCapAdd([]string{capAdd}), withCmd([]string{"cat", "/proc/self/status"}))
+		ctr := getCtr(withCapAdd([]string{capAdd}), withCmd([]string{"cat", "/proc/self/status"}), withArg(nil))
 
 		pod := getPod(withCtr(ctr))
 		err := generatePodKubeYaml(pod, kubeYaml)
@@ -556,7 +609,7 @@ var _ = Describe("Podman generate kube", func() {
 		}
 
 		ctrAnnotation := "container.seccomp.security.alpha.kubernetes.io/" + defaultCtrName
-		ctr := getCtr(withCmd([]string{"pwd"}))
+		ctr := getCtr(withCmd([]string{"pwd"}), withArg(nil))
 
 		pod := getPod(withCtr(ctr), withAnnotation(ctrAnnotation, "localhost/"+filepath.Base(jsonFile)))
 		err = generatePodKubeYaml(pod, kubeYaml)
@@ -582,7 +635,7 @@ var _ = Describe("Podman generate kube", func() {
 		}
 		defer os.Remove(jsonFile)
 
-		ctr := getCtr(withCmd([]string{"pwd"}))
+		ctr := getCtr(withCmd([]string{"pwd"}), withArg(nil))
 
 		pod := getPod(withCtr(ctr), withAnnotation("seccomp.security.alpha.kubernetes.io/pod", "localhost/"+filepath.Base(jsonFile)))
 		err = generatePodKubeYaml(pod, kubeYaml)
@@ -734,10 +787,12 @@ spec:
 		Expect(kube.ExitCode()).To(Equal(0))
 
 		podNames := getPodNamesInDeployment(deployment)
-		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(&podNames[0])})
+		inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(&podNames[0]), "--format", "'{{ .Config.Cmd }}'"})
 		inspect.WaitWithDefaultTimeout()
 		Expect(inspect.ExitCode()).To(Equal(0))
-		Expect(inspect.OutputToString()).To(ContainSubstring(defaultCtrCmd[0]))
+		// yaml's command shuold override the image's Entrypoint
+		correctCmd := "[" + strings.Join(defaultCtrCmd, " ") + " " + strings.Join(defaultCtrArg, " ")
+		Expect(inspect.OutputToString()).To(ContainSubstring(correctCmd))
 	})
 
 	It("podman play kube deployment more than 1 replica test correct command", func() {
@@ -752,11 +807,12 @@ spec:
 		Expect(kube.ExitCode()).To(Equal(0))
 
 		podNames := getPodNamesInDeployment(deployment)
+		correctCmd := "[" + strings.Join(defaultCtrCmd, " ") + " " + strings.Join(defaultCtrArg, " ")
 		for i = 0; i < numReplicas; i++ {
-			inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(&podNames[i])})
+			inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(&podNames[i]), "--format", "'{{ .Config.Cmd }}'"})
 			inspect.WaitWithDefaultTimeout()
 			Expect(inspect.ExitCode()).To(Equal(0))
-			Expect(inspect.OutputToString()).To(ContainSubstring(defaultCtrCmd[0]))
+			Expect(inspect.OutputToString()).To(ContainSubstring(correctCmd))
 		}
 	})
 })
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index 57737ad59..016eaaa99 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/containers/libpod/v2/pkg/rootless"
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -238,17 +239,20 @@ var _ = Describe("Podman pod create", func() {
 	})
 
 	It("podman create pod with IP address", func() {
-		SkipIfRootless()
 		name := "test"
 		ip := GetRandomIPAddress()
 		podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name})
 		podCreate.WaitWithDefaultTimeout()
-		Expect(podCreate.ExitCode()).To(Equal(0))
-
-		podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
-		podResolvConf.WaitWithDefaultTimeout()
-		Expect(podResolvConf.ExitCode()).To(Equal(0))
-		Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue())
+		// Rootless should error
+		if rootless.IsRootless() {
+			Expect(podCreate.ExitCode()).To(Equal(125))
+		} else {
+			Expect(podCreate.ExitCode()).To(Equal(0))
+			podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
+			podResolvConf.WaitWithDefaultTimeout()
+			Expect(podResolvConf.ExitCode()).To(Equal(0))
+			Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue())
+		}
 	})
 
 	It("podman create pod with IP address and no infra should fail", func() {
@@ -262,17 +266,20 @@ var _ = Describe("Podman pod create", func() {
 
 	It("podman create pod with MAC address", func() {
 		SkipIfRemote()
-		SkipIfRootless()
 		name := "test"
 		mac := "92:d0:c6:0a:29:35"
 		podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name})
 		podCreate.WaitWithDefaultTimeout()
-		Expect(podCreate.ExitCode()).To(Equal(0))
-
-		podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
-		podResolvConf.WaitWithDefaultTimeout()
-		Expect(podResolvConf.ExitCode()).To(Equal(0))
-		Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue())
+		// Rootless should error
+		if rootless.IsRootless() {
+			Expect(podCreate.ExitCode()).To(Equal(125))
+		} else {
+			Expect(podCreate.ExitCode()).To(Equal(0))
+			podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
+			podResolvConf.WaitWithDefaultTimeout()
+			Expect(podResolvConf.ExitCode()).To(Equal(0))
+			Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue())
+		}
 	})
 
 	It("podman create pod with MAC address and no infra should fail", func() {
diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go
index 5e3634435..16bf1c4c9 100644
--- a/test/e2e/pod_inspect_test.go
+++ b/test/e2e/pod_inspect_test.go
@@ -1,8 +1,11 @@
 package integration
 
 import (
+	"encoding/json"
 	"os"
 
+	"github.com/containers/libpod/v2/libpod/define"
+
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -79,4 +82,22 @@ var _ = Describe("Podman pod inspect", func() {
 		index := len(inspectCreateCommand) - len(createCommand)
 		Expect(inspectCreateCommand[index:]).To(Equal(createCommand))
 	})
+
+	It("podman pod inspect outputs port bindings", func() {
+		podName := "testPod"
+		create := podmanTest.Podman([]string{"pod", "create", "--name", podName, "-p", "8080:80"})
+		create.WaitWithDefaultTimeout()
+		Expect(create.ExitCode()).To(Equal(0))
+
+		inspectOut := podmanTest.Podman([]string{"pod", "inspect", podName})
+		inspectOut.WaitWithDefaultTimeout()
+		Expect(inspectOut.ExitCode()).To(Equal(0))
+
+		inspectJSON := new(define.InspectPodData)
+		err := json.Unmarshal(inspectOut.Out.Contents(), inspectJSON)
+		Expect(err).To(BeNil())
+		Expect(inspectJSON.InfraConfig).To(Not(BeNil()))
+		Expect(len(inspectJSON.InfraConfig.PortBindings["80/tcp"])).To(Equal(1))
+		Expect(inspectJSON.InfraConfig.PortBindings["80/tcp"][0].HostPort).To(Equal("8080"))
+	})
 })
diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go
new file mode 100644
index 000000000..344309b93
--- /dev/null
+++ b/test/e2e/run_apparmor_test.go
@@ -0,0 +1,158 @@
+// +build !remote
+
+package integration
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/containers/common/pkg/apparmor"
+	. "github.com/containers/libpod/v2/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+func skipIfAppArmorEnabled() {
+	if apparmor.IsEnabled() {
+		Skip("Apparmor is enabled")
+	}
+}
+func skipIfAppArmorDisabled() {
+	if !apparmor.IsEnabled() {
+		Skip("Apparmor is not enabled")
+	}
+}
+
+var _ = Describe("Podman run", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+		podmanTest.SeedImages()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+
+	})
+
+	It("podman run apparmor default", func() {
+		skipIfAppArmorDisabled()
+		session := podmanTest.Podman([]string{"create", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		cid := session.OutputToString()
+		// Verify that apparmor.Profile is being set
+		inspect := podmanTest.InspectContainer(cid)
+		Expect(inspect[0].AppArmorProfile).To(Equal(apparmor.Profile))
+	})
+
+	It("podman run no apparmor --privileged", func() {
+		skipIfAppArmorDisabled()
+		session := podmanTest.Podman([]string{"create", "--privileged", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		cid := session.OutputToString()
+		// Verify that apparmor.Profile is being set
+		inspect := podmanTest.InspectContainer(cid)
+		Expect(inspect[0].AppArmorProfile).To(Equal(""))
+	})
+
+	It("podman run no apparmor --security-opt=apparmor.Profile --privileged", func() {
+		skipIfAppArmorDisabled()
+		session := podmanTest.Podman([]string{"create", "--security-opt", fmt.Sprintf("apparmor=%s", apparmor.Profile), "--privileged", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		cid := session.OutputToString()
+		// Verify that apparmor.Profile is being set
+		inspect := podmanTest.InspectContainer(cid)
+		Expect(inspect[0].AppArmorProfile).To(Equal(apparmor.Profile))
+	})
+
+	It("podman run apparmor aa-test-profile", func() {
+		skipIfAppArmorDisabled()
+		aaProfile := `
+#include <tunables/global>
+profile aa-test-profile flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
+  deny mount,
+  deny /sys/[^f]*/** wklx,
+  deny /sys/f[^s]*/** wklx,
+  deny /sys/fs/[^c]*/** wklx,
+  deny /sys/fs/c[^g]*/** wklx,
+  deny /sys/fs/cg[^r]*/** wklx,
+  deny /sys/firmware/efi/efivars/** rwklx,
+  deny /sys/kernel/security/** rwklx,
+}
+`
+		aaFile := filepath.Join(os.TempDir(), "aaFile")
+		Expect(ioutil.WriteFile(aaFile, []byte(aaProfile), 0755)).To(BeNil())
+		parse := SystemExec("apparmor_parser", []string{"-Kr", aaFile})
+		Expect(parse.ExitCode()).To(Equal(0))
+
+		session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=aa-test-profile", "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		cid := session.OutputToString()
+		// Verify that apparmor.Profile is being set
+		inspect := podmanTest.InspectContainer(cid)
+		Expect(inspect[0].AppArmorProfile).To(Equal("aa-test-profile"))
+	})
+
+	It("podman run apparmor invalid", func() {
+		skipIfAppArmorDisabled()
+		session := podmanTest.Podman([]string{"run", "--security-opt", "apparmor=invalid", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).ToNot(Equal(0))
+	})
+
+	It("podman run apparmor unconfined", func() {
+		skipIfAppArmorDisabled()
+		session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=unconfined", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		cid := session.OutputToString()
+		// Verify that apparmor.Profile is being set
+		inspect := podmanTest.InspectContainer(cid)
+		Expect(inspect[0].AppArmorProfile).To(Equal("unconfined"))
+	})
+
+	It("podman run apparmor disabled --security-opt apparmor fails", func() {
+		skipIfAppArmorEnabled()
+		// Should fail if user specifies apparmor on disabled system
+		session := podmanTest.Podman([]string{"create", "--security-opt", fmt.Sprintf("apparmor=%s", apparmor.Profile), ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).ToNot(Equal(0))
+	})
+
+	It("podman run apparmor disabled no default", func() {
+		skipIfAppArmorEnabled()
+		// Should succeed if user specifies apparmor on disabled system
+		session := podmanTest.Podman([]string{"create", ALPINE, "ls"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		cid := session.OutputToString()
+		// Verify that apparmor.Profile is being set
+		inspect := podmanTest.InspectContainer(cid)
+		Expect(inspect[0].AppArmorProfile).To(Equal(""))
+	})
+})
diff --git a/test/e2e/run_entrypoint_test.go b/test/e2e/run_entrypoint_test.go
index c947fa863..e6604a21e 100644
--- a/test/e2e/run_entrypoint_test.go
+++ b/test/e2e/run_entrypoint_test.go
@@ -101,6 +101,11 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"]
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.LineInOuputStartsWith("Linux")).To(BeTrue())
+
+		session = podmanTest.Podman([]string{"run", "--entrypoint", "", "foobar.com/entrypoint:latest", "uname"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.LineInOuputStartsWith("Linux")).To(BeTrue())
 	})
 
 	It("podman run user entrypoint with command overrides image entrypoint and image cmd", func() {
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 6c049c5c1..9357145ab 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -88,6 +88,20 @@ var _ = Describe("Podman run networking", func() {
 		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
 	})
 
+	It("podman run -p 8080:80/TCP", func() {
+		name := "testctr"
+		// "TCP" in upper characters
+		session := podmanTest.Podman([]string{"create", "-t", "-p", "8080:80/TCP", "--name", name, ALPINE, "/bin/sh"})
+		session.WaitWithDefaultTimeout()
+		inspectOut := podmanTest.InspectContainer(name)
+		Expect(len(inspectOut)).To(Equal(1))
+		Expect(len(inspectOut[0].NetworkSettings.Ports)).To(Equal(1))
+		// "tcp" in lower characters
+		Expect(len(inspectOut[0].NetworkSettings.Ports["80/tcp"])).To(Equal(1))
+		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Equal("8080"))
+		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
+	})
+
 	It("podman run -p 80/udp", func() {
 		name := "testctr"
 		session := podmanTest.Podman([]string{"create", "-t", "-p", "80/udp", "--name", name, ALPINE, "/bin/sh"})
diff --git a/test/e2e/system_df_test.go b/test/e2e/system_df_test.go
index e882756f9..3d7aaf659 100644
--- a/test/e2e/system_df_test.go
+++ b/test/e2e/system_df_test.go
@@ -60,4 +60,18 @@ var _ = Describe("podman system df", func() {
 		Expect(containers[1]).To(Equal("2"))
 		Expect(volumes[2]).To(Equal("1"))
 	})
+
+	It("podman system df image with no tag", func() {
+		session := podmanTest.PodmanNoCache([]string{"create", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		session = podmanTest.PodmanNoCache([]string{"image", "untag", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		session = podmanTest.PodmanNoCache([]string{"system", "df"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+	})
 })
diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go
index 143b8f59f..05c0d3fd0 100644
--- a/test/e2e/systemd_test.go
+++ b/test/e2e/systemd_test.go
@@ -112,5 +112,40 @@ WantedBy=multi-user.target
 		systemctl.WaitWithDefaultTimeout()
 		Expect(systemctl.ExitCode()).To(Equal(0))
 		Expect(strings.Contains(systemctl.OutputToString(), "State:")).To(BeTrue())
+
+		result := podmanTest.Podman([]string{"inspect", ctrName})
+		result.WaitWithDefaultTimeout()
+		Expect(result.ExitCode()).To(Equal(0))
+		conData := result.InspectContainerToJSON()
+		Expect(len(conData)).To(Equal(1))
+		Expect(conData[0].Config.SystemdMode).To(BeTrue())
+	})
+
+	It("podman create container with systemd entrypoint triggers systemd mode", func() {
+		ctrName := "testCtr"
+		run := podmanTest.Podman([]string{"create", "--name", ctrName, "--entrypoint", "/sbin/init", ubi_init})
+		run.WaitWithDefaultTimeout()
+		Expect(run.ExitCode()).To(Equal(0))
+
+		result := podmanTest.Podman([]string{"inspect", ctrName})
+		result.WaitWithDefaultTimeout()
+		Expect(result.ExitCode()).To(Equal(0))
+		conData := result.InspectContainerToJSON()
+		Expect(len(conData)).To(Equal(1))
+		Expect(conData[0].Config.SystemdMode).To(BeTrue())
+	})
+
+	It("podman create container with systemd=always triggers systemd mode", func() {
+		ctrName := "testCtr"
+		run := podmanTest.Podman([]string{"create", "--name", ctrName, "--systemd", "always", ALPINE})
+		run.WaitWithDefaultTimeout()
+		Expect(run.ExitCode()).To(Equal(0))
+
+		result := podmanTest.Podman([]string{"inspect", ctrName})
+		result.WaitWithDefaultTimeout()
+		Expect(result.ExitCode()).To(Equal(0))
+		conData := result.InspectContainerToJSON()
+		Expect(len(conData)).To(Equal(1))
+		Expect(conData[0].Config.SystemdMode).To(BeTrue())
 	})
 })
diff --git a/test/e2e/version_test.go b/test/e2e/version_test.go
index 775be6511..eb1d1b733 100644
--- a/test/e2e/version_test.go
+++ b/test/e2e/version_test.go
@@ -55,17 +55,29 @@ var _ = Describe("Podman version", func() {
 	})
 
 	It("podman version --format json", func() {
-		session := podmanTest.Podman([]string{"version", "--format", "json"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
-		Expect(session.IsJSONOutputValid()).To(BeTrue())
-	})
-
-	It("podman version --format json", func() {
-		session := podmanTest.Podman([]string{"version", "--format", "{{ json .}}"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
-		Expect(session.IsJSONOutputValid()).To(BeTrue())
+		tests := []struct {
+			input    string
+			success  bool
+			exitCode int
+		}{
+			{"json", true, 0},
+			{" json", true, 0},
+			{"json ", true, 0},
+			{"  json   ", true, 0},
+			{"{{json .}}", true, 0},
+			{"{{ json .}}", true, 0},
+			{"{{json .   }}", true, 0},
+			{"  {{  json .    }}   ", true, 0},
+			{"{{json }}", false, 125},
+			{"{{json .", false, 125},
+			{"json . }}", false, 0}, // Note: this does NOT fail but produces garbage
+		}
+		for _, tt := range tests {
+			session := podmanTest.Podman([]string{"version", "--format", tt.input})
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(Exit(tt.exitCode))
+			Expect(session.IsJSONOutputValid()).To(Equal(tt.success))
+		}
 	})
 
 	It("podman version --format GO template", func() {
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index 9a6b39057..478ff06bb 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -153,9 +153,13 @@ function random_ip() {
     # Create a pod with all the desired options
     # FIXME: --ip=$ip fails:
     #      Error adding network: failed to allocate all requested IPs
+    local mac_option="--mac-address=$mac"
+    if is_rootless; then
+        mac_option=
+    fi
     run_podman pod create --name=mypod                   \
                --pod-id-file=$pod_id_file                \
-               --mac-address=$mac                        \
+               $mac_option                               \
                --hostname=$hostname                      \
                --add-host   "$add_host_n:$add_host_ip"   \
                --dns        "$dns_server"                \
@@ -168,7 +172,7 @@ function random_ip() {
     is "$(<$pod_id_file)" "$pod_id" "contents of pod-id-file"
 
     # Check each of the options
-    if ! is_rootless; then
+    if [ -n "$mac_option" ]; then
         run_podman run --rm --pod mypod $IMAGE ip link show
         # 'ip' outputs hex in lower-case, ${expr,,} converts UC to lc
         is "$output" ".* link/ether ${mac,,} " "requested MAC address was set"