5 files changed, 126 insertions, 44 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 3ee141f5f..29dc95dc3 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -401,7 +401,7 @@ json-file | f
         is "$output" "$driver" "podman inspect: driver"
 
         # If LogPath is non-null, check that it exists and has a valid log
-        run_podman inspect --format '{{.LogPath}}' myctr
+        run_podman inspect --format '{{.HostConfig.LogConfig.Path}}' myctr
         if [[ $do_check != '-' ]]; then
             is "$output" "/.*" "LogPath (driver=$driver)"
             if ! test -e "$output"; then
@@ -415,13 +415,18 @@ json-file | f
         fi
 
         if [[ $driver != 'none' ]]; then
-            run_podman logs myctr
-            is "$output" "$msg" "check that podman logs works as expected"
+            if [[ $driver = 'journald' ]] && journald_unavailable; then
+                # Cannot perform check
+                :
+            else
+                run_podman logs myctr
+                is "$output" "$msg" "podman logs, with driver '$driver'"
+            fi
         else
             run_podman 125 logs myctr
             if ! is_remote; then
                 is "$output" ".*this container is using the 'none' log driver, cannot read logs.*" \
-                   "podman logs does not work with none log driver"
+                   "podman logs, with driver 'none', should fail with error"
             fi
         fi
         run_podman rm myctr
@@ -437,14 +442,7 @@ json-file | f
     skip_if_remote "We cannot read journalctl over remote."
 
     # We can't use journald on RHEL as rootless, either: rhbz#1895105
-    if is_rootless; then
-        run journalctl -n 1
-        if [[ $status -ne 0 ]]; then
-            if [[ $output =~ permission ]]; then
-                skip "Cannot use rootless journald on this system"
-            fi
-        fi
-    fi
+    skip_if_journald_unavailable
 
     msg=$(random_string 20)
     pidfile="${PODMAN_TMPDIR}/$(random_string 20)"
@@ -550,27 +548,33 @@ json-file | f
 }
 
 @test "Verify /run/.containerenv exist" {
-	run_podman run --rm $IMAGE ls -1 /run/.containerenv
-	is "$output" "/run/.containerenv"
-
-	run_podman run --privileged --rm $IMAGE sh -c '. /run/.containerenv; echo $engine'
-	is "$output" ".*podman.*" "failed to identify engine"
-
-	run_podman run --privileged  --name "testcontainerenv" --rm $IMAGE sh -c '. /run/.containerenv; echo $name'
-	is "$output" ".*testcontainerenv.*"
-
-	run_podman run --privileged  --rm $IMAGE sh -c '. /run/.containerenv; echo $image'
-	is "$output" ".*$IMAGE.*" "failed to idenitfy image"
-
-	run_podman run --privileged --rm $IMAGE sh -c '. /run/.containerenv; echo $rootless'
-	# FIXME: on some CI systems, 'run --privileged' emits a spurious
-	# warning line about dup devices. Ignore it.
-	remove_same_dev_warning
-	if is_rootless; then
-		is "$output" "1"
-	else
-		is "$output" "0"
-	fi
+    # Nonprivileged container: file exists, but must be empty
+    run_podman run --rm $IMAGE stat -c '%s' /run/.containerenv
+    is "$output" "0" "file size of /run/.containerenv, nonprivileged"
+
+    # Prep work: get ID of image; make a cont. name; determine if we're rootless
+    run_podman inspect --format '{{.ID}}' $IMAGE
+    local iid="$output"
+
+    random_cname=c$(random_string 15 | tr A-Z a-z)
+    local rootless=0
+    if is_rootless; then
+        rootless=1
+    fi
+
+    run_podman run --privileged --rm --name $random_cname $IMAGE \
+               sh -c '. /run/.containerenv; echo $engine; echo $name; echo $image; echo $id; echo $imageid; echo $rootless'
+
+    # FIXME: on some CI systems, 'run --privileged' emits a spurious
+    # warning line about dup devices. Ignore it.
+    remove_same_dev_warning
+
+    is "${lines[0]}" "podman-.*"      'containerenv : $engine'
+    is "${lines[1]}" "$random_cname"  'containerenv : $name'
+    is "${lines[2]}" "$IMAGE"         'containerenv : $image'
+    is "${lines[3]}" "[0-9a-f]\{64\}" 'containerenv : $id'
+    is "${lines[4]}" "$iid"           'containerenv : $imageid'
+    is "${lines[5]}" "$rootless"      'containerenv : $rootless'
 }
 
 @test "podman run with --net=host and --port prints warning" {
diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats
index a081a7ce1..bac153b8e 100644
--- a/test/system/035-logs.bats
+++ b/test/system/035-logs.bats
@@ -55,14 +55,7 @@ ${cid[0]} d"   "Sequential output from logs"
 
 @test "podman logs over journald" {
     # We can't use journald on RHEL as rootless: rhbz#1895105
-    if is_rootless; then
-        run journalctl -n 1
-        if [[ $status -ne 0 ]]; then
-            if [[ $output =~ permission ]]; then
-                skip "Cannot use rootless journald on this system"
-            fi
-        fi
-    fi
+    skip_if_journald_unavailable
 
     msg=$(random_string 20)
 
diff --git a/test/system/040-ps.bats b/test/system/040-ps.bats
index 1ed2779b2..0447122b1 100644
--- a/test/system/040-ps.bats
+++ b/test/system/040-ps.bats
@@ -82,4 +82,43 @@ load helpers
     run_podman rm -a
 }
 
+@test "podman ps -a --storage" {
+    skip_if_remote "ps --storage does not work over remote"
+
+    # Setup: ensure that we have no hidden storage containers
+    run_podman ps --storage -a
+    is "${#lines[@]}" "1" "setup check: no storage containers at start of test"
+
+    # Force a buildah timeout; this leaves a buildah container behind
+    PODMAN_TIMEOUT=5 run_podman 124 build -t thiswillneverexist - <<EOF
+FROM $IMAGE
+RUN sleep 30
+EOF
+
+    run_podman ps -a
+    is "${#lines[@]}" "1" "podman ps -a does not see buildah container"
+
+    run_podman ps --storage -a
+    is "${#lines[@]}" "2" "podman ps -a --storage sees buildah container"
+    is "${lines[1]}" \
+       "[0-9a-f]\{12\} \+$IMAGE *buildah .* seconds ago .* storage .* ${PODMAN_TEST_IMAGE_NAME}-working-container" \
+       "podman ps --storage"
+
+    cid="${lines[1]:0:12}"
+
+    # 'rm -a' should be a NOP
+    run_podman rm -a
+    run_podman ps --storage -a
+    is "${#lines[@]}" "2" "podman ps -a --storage sees buildah container"
+
+    # This is what deletes the container
+    # FIXME: why doesn't "podman rm --storage $cid" do anything?
+    run_podman rm -f "$cid"
+
+    run_podman ps --storage -a
+    is "${#lines[@]}" "1" "storage container has been removed"
+}
+
+
+
 # vim: filetype=sh
diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats
index c99ba4fa6..a5fa0f4e6 100644
--- a/test/system/260-sdnotify.bats
+++ b/test/system/260-sdnotify.bats
@@ -100,8 +100,17 @@ function _assert_mainpid_is_conmon() {
     run_podman logs sdnotify_conmon_c
     is "$output" "READY" "\$NOTIFY_SOCKET in container"
 
+    # The 'echo's help us debug failed runs
     run cat $_SOCAT_LOG
-    is "${lines[-1]}" "READY=1" "final output from sdnotify"
+    echo "socat log:"
+    echo "$output"
+
+    # ARGH! 'READY=1' should always be the last output line. But sometimes,
+    # for reasons unknown, we get an extra MAINPID=xxx after READY=1 (#8718).
+    # Who knows if this is a systemd bug, or conmon, or what. I don't
+    # even know where to begin asking. So, to eliminate the test flakes,
+    # we look for READY=1 _anywhere_ in the output, not just the last line.
+    is "$output" ".*READY=1.*" "sdnotify sent READY=1"
 
     _assert_mainpid_is_conmon "${lines[0]}"
 
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 6a7c6cc42..a4b89ec99 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -168,8 +168,11 @@ function run_podman() {
 
     if [ "$status" -eq 124 ]; then
         if expr "$output" : ".*timeout: sending" >/dev/null; then
-            echo "*** TIMED OUT ***"
-            false
+            # It's possible for a subtest to _want_ a timeout
+            if [[ "$expected_rc" != "124" ]]; then
+                echo "*** TIMED OUT ***"
+                false
+            fi
         fi
     fi
 
@@ -259,6 +262,31 @@ function is_cgroupsv2() {
     test "$cgroup_type" = "cgroup2fs"
 }
 
+# rhbz#1895105: rootless journald is unavailable except to users in
+# certain magic groups; which our testuser account does not belong to
+# (intentional: that is the RHEL default, so that's the setup we test).
+function journald_unavailable() {
+    if ! is_rootless; then
+        # root must always have access to journal
+        return 1
+    fi
+
+    run journalctl -n 1
+    if [[ $status -eq 0 ]]; then
+        return 1
+    fi
+
+    if [[ $output =~ permission ]]; then
+        return 0
+    fi
+
+    # This should never happen; if it does, it's likely that a subsequent
+    # test will fail. This output may help track that down.
+    echo "WEIRD: 'journalctl -n 1' failed with a non-permission error:"
+    echo "$output"
+    return 1
+}
+
 ###########################
 #  _add_label_if_missing  #  make sure skip messages include rootless/remote
 ###########################
@@ -315,6 +343,15 @@ function skip_if_cgroupsv1() {
     fi
 }
 
+##################################
+#  skip_if_journald_unavailable  #  rhbz#1895105: rootless journald permissions
+##################################
+function skip_if_journald_unavailable {
+    if journald_unavailable; then
+        skip "Cannot use rootless journald on this system"
+    fi
+}
+
 #########
 #  die  #  Abort with helpful message
 #########