5 files changed, 372 insertions, 8 deletions

diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 2ea981a85..32fc85c4e 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -600,12 +600,12 @@ json-file | f
     echo "$randomcontent" > $testdir/content
 
     # Workdir does not exist on the image but is volume mounted.
-    run_podman run --rm --workdir /IamNotOnTheImage -v $testdir:/IamNotOnTheImage $IMAGE cat content
+    run_podman run --rm --workdir /IamNotOnTheImage -v $testdir:/IamNotOnTheImage:Z $IMAGE cat content
     is "$output" "$randomcontent" "cat random content"
 
     # Workdir does not exist on the image but is created by the runtime as it's
     # a subdir of a volume.
-    run_podman run --rm --workdir /IamNotOntheImage -v $testdir/content:/IamNotOntheImage/foo $IMAGE cat foo
+    run_podman run --rm --workdir /IamNotOntheImage -v $testdir/content:/IamNotOntheImage/foo:Z $IMAGE cat foo
     is "$output" "$randomcontent" "cat random content"
 
     # Make sure that running on a read-only rootfs works (#9230).
@@ -702,6 +702,8 @@ EOF
     run_podman build -t nomtab $tmpdir
     run_podman run --rm nomtab stat -c %N /etc/mtab
     is "$output" "$expected" "/etc/mtab should be created"
+
+    run_podman rmi nomtab
 }
 
 # vim: filetype=sh
diff --git a/test/system/090-events.bats b/test/system/090-events.bats
index 19bee5506..d889bd7f9 100644
--- a/test/system/090-events.bats
+++ b/test/system/090-events.bats
@@ -6,7 +6,6 @@
 load helpers
 
 @test "events with a filter by label" {
-    skip_if_remote "FIXME: -remote does not include labels in event output"
     cname=test-$(random_string 30 | tr A-Z a-z)
     labelname=$(random_string 10)
     labelvalue=$(random_string 15)
@@ -27,7 +26,7 @@ load helpers
 }
 
 @test "image events" {
-    skip_if_remote "FIXME: remove events on podman-remote seem to be broken"
+    skip_if_remote "remote does not support --events-backend"
     pushedDir=$PODMAN_TMPDIR/dir
     mkdir -p $pushedDir
 
@@ -61,3 +60,30 @@ load helpers
 .*image remove $imageID $tag.*" \
        "podman events"
 }
+
+function _events_disjunctive_filters() {
+    local backend=$1
+
+    # Regression test for #10507: make sure that filters with the same key are
+    # applied in disjunction.
+    t0=$(date --iso-8601=seconds)
+    run_podman $backend run --name foo --rm $IMAGE ls
+    run_podman $backend run --name bar --rm $IMAGE ls
+    run_podman $backend events --stream=false --since=$t0 --filter container=foo --filter container=bar --filter event=start
+    is "$output" ".* container start .* name=foo.*
+.* container start .* name=bar.*"
+}
+
+@test "events with disjunctive filters - file" {
+    skip_if_remote "remote does not support --events-backend"
+    _events_disjunctive_filters --events-backend=file
+}
+
+@test "events with disjunctive filters - journald" {
+    skip_if_remote "remote does not support --events-backend"
+    _events_disjunctive_filters --events-backend=journald
+}
+
+@test "events with disjunctive filters - default" {
+    _events_disjunctive_filters ""
+}
diff --git a/test/system/255-auto-update.bats b/test/system/255-auto-update.bats
new file mode 100644
index 000000000..59f53f775
--- /dev/null
+++ b/test/system/255-auto-update.bats
@@ -0,0 +1,279 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# Tests for automatically update images for containerized services
+#
+
+load helpers
+
+UNIT_DIR="/usr/lib/systemd/system"
+SNAME_FILE=$BATS_TMPDIR/services
+
+function setup() {
+    skip_if_remote "systemd tests are meaningless over remote"
+    skip_if_rootless
+
+    basic_setup
+}
+
+function teardown() {
+    while read line; do
+        if [[ "$line" =~ "podman-auto-update" ]]; then
+            echo "Stop timer: $line.timer"
+            systemctl stop $line.timer
+            systemctl disable $line.timer
+        else
+            systemctl stop $line
+        fi
+        rm -f $UNIT_DIR/$line.{service,timer}
+    done < $SNAME_FILE
+
+    rm -f $SNAME_FILE
+    run_podman ? rmi quay.io/libpod/alpine:latest
+    run_podman ? rmi quay.io/libpod/alpine_nginx:latest
+    run_podman ? rmi quay.io/libpod/localtest:latest
+    basic_teardown
+}
+
+# This functions is used for handle the basic step in auto-update related
+# tests. Including following steps:
+#   1. Generate a random container name and echo it to output.
+#   2. Tag the fake image before test
+#   3. Start a container with io.containers.autoupdate
+#   4. Generate the service file from the container
+#   5. Remove the origin container
+#   6. Start the container from service
+function generate_service() {
+    target_img_basename=$1
+    autoupdate=$2
+
+    # Please keep variable name for cname and ori_image. The
+    # scripts will use them directly in following tests.
+    cname=c_$(random_string)
+    target_img="quay.io/libpod/$target_img_basename:latest"
+    run_podman tag $IMAGE $target_img
+    if [[ -n "$autoupdate" ]]; then
+        label="--label io.containers.autoupdate=$autoupdate"
+    else
+        label=""
+    fi
+    run_podman run -d --name $cname $label $target_img top -d 120
+
+    run_podman generate systemd --new $cname
+    echo "$output" > "$UNIT_DIR/container-$cname.service"
+    echo "container-$cname" >> $SNAME_FILE
+    run_podman rm -f $cname
+
+    systemctl daemon-reload
+    systemctl start container-$cname
+    systemctl status container-$cname
+
+    run_podman inspect --format "{{.Image}}" $cname
+    ori_image=$output
+}
+
+function _wait_service_ready() {
+    local sname=$1
+
+    local timeout=6
+    while [[ $timeout -gt 1 ]]; do
+        run systemctl is-active $sname
+        if [[ $output == "active" ]]; then
+            return
+        fi
+        sleep 1
+        let timeout=$timeout-1
+    done
+
+    # Print serivce status as debug information before failed the case
+    systemctl status $sname
+    die "Timed out waiting for $sname to start"
+}
+
+function _confirm_update() {
+    local sname=$1
+
+    local timeout=6
+    last_log=""
+    while [[ $timeout -gt 1 ]]; do
+        run journalctl -u $sname -n 10
+        if [[ "$output" == "$last_log" ]]; then
+            return
+        fi
+        last_log=$output
+        sleep 1
+        let timeout=$timeout-1
+    done
+
+    die "Timed out waiting for $sname to update"
+}
+
+# This test can fail in dev. environment because of SELinux.
+# quick fix: chcon -t container_runtime_exec_t ./bin/podman
+@test "podman auto-update - label io.containers.autoupdate=image" {
+    run_podman images
+    generate_service alpine image
+
+    _wait_service_ready container-$cname.service
+    run_podman ps -a
+    run_podman auto-update
+    is "$output" "Trying to pull.*" "Image is updated."
+    run_podman ps -a
+    _confirm_update container-$cname.service
+    run_podman inspect --format "{{.Image}}" $cname
+    [[ "$output" != "$ori_image" ]]
+}
+
+@test "podman auto-update - label io.containers.autoupdate=disabled" {
+    generate_service alpine disabled
+
+    _wait_service_ready container-$cname.service
+    run_podman ps -a
+    run_podman auto-update
+    is "$output" "" "Image is not updated with disabled."
+    run_podman ps -a
+    _confirm_update container-$cname.service
+    run_podman inspect --format "{{.Image}}" $cname
+    is "$output" "$ori_image" "Image hash should not changed."
+}
+
+@test "podman auto-update - label io.containers.autoupdate=fakevalue" {
+    fakevalue=$(random_string)
+    generate_service alpine $fakevalue
+
+    _wait_service_ready container-$cname.service
+    run_podman ps -a
+    run_podman ? auto-update
+    is "$output" ".*invalid auto-update policy.*" "invalid policy setup"
+    run_podman ps -a
+    _confirm_update container-$cname.service
+    run_podman inspect --format "{{.Image}}" $cname
+    is "$output" "$ori_image" "Image hash should not changed."
+}
+
+@test "podman auto-update - label io.containers.autoupdate=local" {
+    generate_service localtest local
+    podman commit --change CMD=/bin/bash $cname quay.io/libpod/localtest:latest
+
+    _wait_service_ready container-$cname.service
+    run_podman ps -a
+    run_podman auto-update
+    run_podman ps -a
+    _confirm_update container-$cname.service
+    run_podman inspect --format "{{.Image}}" $cname
+    [[ "$output" != "$ori_image" ]]
+}
+
+@test "podman auto-update with multiple services" {
+    fakevalue=$(random_string)
+    run_podman inspect --format "{{.Id}}" $IMAGE
+    img_id="$output"
+    cnames=()
+    local -A expect_update
+    local -A will_update=([image]=1 [registry]=1 [local]=1)
+
+    for auto_update in image registry "" disabled "''" $fakevalue local
+    do
+        img_base="alpine"
+        if [[ $auto_update == "registry" ]]; then
+            img_base="alpine_nginx"
+        elif [[ $auto_update == "local" ]]; then
+            img_base="localtest"
+        fi
+        generate_service $img_base $auto_update
+        cnames+=($cname)
+        if [[ $auto_update == "local" ]]; then
+            local_cname=$cname
+        fi
+        if [[ -n "$auto_update" && -n "${will_update[$auto_update]}" ]]; then
+            expect_update[$cname]=1
+        fi
+    done
+
+    # Only check the last service is started. Previous services should already actived.
+    _wait_service_ready container-$cname.service
+    run_podman commit --change CMD=/bin/bash $local_cname quay.io/libpod/localtest:latest
+    run_podman ? auto-update
+    update_log=$output
+    for cname in "${cnames[@]}"; do
+        _confirm_update container-$cname.service
+    done
+    count=0
+    while read line; do
+       if [[ "$line" =~ "Trying to pull" ]]; then
+           ((count+=1))
+       fi
+    done <<< "$update_log"
+    is "$update_log" ".*invalid auto-update policy.*" "invalid policy setup"
+    is "$update_log" ".*1 error occurred.*" "invalid policy setup"
+    is "$count" "2" "There are two images being updated from registry."
+
+    for cname in "${!expect_update[@]}"; do
+
+        is "$update_log" ".*$cname.*" "container with auto-update policy image updated"
+    done
+
+    for cname in "${cnames[@]}"; do
+        run_podman inspect --format "{{.Image}}" $cname
+        if [[ -n "${expect_update[$cname]}" ]]; then
+            [[ "$output" != "$img_id" ]]
+        else
+            is "$output" "$img_id" "Image should not be changed."
+        fi
+    done
+}
+
+@test "podman auto-update using systemd" {
+    generate_service alpine image
+
+    cat >$UNIT_DIR/podman-auto-update-$cname.timer <<EOF
+[Unit]
+Description=Podman auto-update testing timer
+
+[Timer]
+OnCalendar=*-*-* *:*:0/2
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+EOF
+    cat >$UNIT_DIR/podman-auto-update-$cname.service <<EOF
+[Unit]
+Description=Podman auto-update testing service
+Documentation=man:podman-auto-update(1)
+Wants=network.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/podman auto-update
+
+[Install]
+WantedBy=multi-user.target default.target
+EOF
+
+    echo "podman-auto-update-$cname" >> $SNAME_FILE
+    systemctl enable --now podman-auto-update-$cname.timer
+    systemctl list-timers --all
+
+    count=0
+    failed_start=1
+    while [ $count -lt 120 ]; do
+        run journalctl -n 15 -u podman-auto-update-$cname.service
+        if [[ "$output" =~ "Finished Podman auto-update testing service" ]]; then
+            failed_start=0
+            break
+        fi
+        ((count+=1))
+        sleep 1
+    done
+    echo $output
+
+    _confirm_update container-$cname.service
+    run_podman inspect --format "{{.Image}}" $cname
+    if [[ $failed_start == 1 ]]; then
+       die "Failed to get podman auto-update service finished"
+    fi
+    [[ "$output" != "$ori_image" ]]
+}
+
+# vim: filetype=sh
diff --git a/test/system/450-interactive.bats b/test/system/450-interactive.bats
index a9bf52ee8..a2db39492 100644
--- a/test/system/450-interactive.bats
+++ b/test/system/450-interactive.bats
@@ -56,8 +56,7 @@ function teardown() {
     stty rows $rows cols $cols <$PODMAN_TEST_PTY
 
     # ...and make sure stty under podman reads that.
-    # FIXME: 'sleep 1' is needed for podman-remote; without it, there's
-    run_podman run -it --name mystty $IMAGE sh -c 'sleep 1;stty size' <$PODMAN_TEST_PTY
+    run_podman run -it --name mystty $IMAGE stty size <$PODMAN_TEST_PTY
     is "$output" "$rows $cols" "stty under podman reads the correct dimensions"
 }
 
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 1cec50827..55ec80bb2 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -34,7 +34,7 @@ load helpers
     # Bind-mount this file with a different name to a container running httpd
     run_podman run -d --name myweb -p "$HOST_PORT:80" \
             --restart always \
-            -v $INDEX1:/var/www/index.txt \
+            -v $INDEX1:/var/www/index.txt:Z \
             -w /var/www \
             $IMAGE /bin/busybox-extras httpd -f -p 80
     cid=$output
@@ -257,7 +257,7 @@ load helpers
     # Bind-mount this file with a different name to a container running httpd
     run_podman run -d --name myweb -p "$HOST_PORT:80" \
             --network $netname \
-            -v $INDEX1:/var/www/index.txt \
+            -v $INDEX1:/var/www/index.txt:Z \
             -w /var/www \
             $IMAGE /bin/busybox-extras httpd -f -p 80
     cid=$output
@@ -329,4 +329,62 @@ load helpers
     run_podman network rm -f $mynetname
 }
 
+@test "podman ipv6 in /etc/resolv.conf" {
+    ipv6_regex='([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{0,4})(%\w+)?'
+
+    # Make sure to read the correct /etc/resolv.conf file in case of systemd-resolved.
+    resolve_file=$(readlink -f /etc/resolv.conf)
+    if [[ "$resolve_file" == "/run/systemd/resolve/stub-resolv.conf" ]]; then
+        resolve_file="/run/systemd/resolve/resolv.conf"
+    fi
+
+    # If the host doesn't have an ipv6 in resolv.conf skip this test.
+    # We should never modify resolv.conf on the host.
+    if ! grep -E "$ipv6_regex" "$resolve_file"; then
+        skip "This test needs an ipv6 nameserver in $resolve_file"
+    fi
+
+    # ipv4 slirp
+    run_podman run --rm --network slirp4netns:enable_ipv6=false $IMAGE cat /etc/resolv.conf
+    if grep -E "$ipv6_regex" <<< $output; then
+        die "resolv.conf contains a ipv6 nameserver"
+    fi
+
+    # ipv6 slirp
+    run_podman run --rm --network slirp4netns:enable_ipv6=true $IMAGE cat /etc/resolv.conf
+    # "is" does not like the ipv6 regex
+    if ! grep -E "$ipv6_regex" <<< $output; then
+        die "resolv.conf does not contain a ipv6 nameserver"
+    fi
+
+    # ipv4 cni
+    local mysubnet=$(random_rfc1918_subnet)
+    local netname=testnet-$(random_string 10)
+
+    run_podman network create --subnet $mysubnet.0/24 $netname
+    is "$output" ".*/cni/net.d/$netname.conflist" "output of 'network create'"
+
+    run_podman run --rm --network $netname $IMAGE cat /etc/resolv.conf
+    if grep -E "$ipv6_regex" <<< $output; then
+        die "resolv.conf contains a ipv6 nameserver"
+    fi
+
+    run_podman network rm -f $netname
+
+    # ipv6 cni
+    mysubnet=fd00:4:4:4:4::/64
+    netname=testnet-$(random_string 10)
+
+    run_podman network create --subnet $mysubnet $netname
+    is "$output" ".*/cni/net.d/$netname.conflist" "output of 'network create'"
+
+    run_podman run --rm --network $netname $IMAGE cat /etc/resolv.conf
+    # "is" does not like the ipv6 regex
+    if ! grep -E "$ipv6_regex" <<< $output; then
+        die "resolv.conf does not contain a ipv6 nameserver"
+    fi
+
+    run_podman network rm -f $netname
+}
+
 # vim: filetype=sh