5 files changed, 68 insertions, 23 deletions

diff --git a/test/system/010-images.bats b/test/system/010-images.bats
index 352c3aa95..257508418 100644
--- a/test/system/010-images.bats
+++ b/test/system/010-images.bats
@@ -312,15 +312,4 @@ Deleted: $pauseID"
     is "$output" ""
 }
 
-@test "podman images --size" {
-    run_podman images
-    is "${lines[0]}" "REPOSITORY.*TAG.*IMAGE ID.*CREATED.*SIZE"
-    run_podman images --noheading --format "{{.Size}}"
-    is "$output" ".* MB"
-    run_podman images --size=false
-    is "${lines[0]}" "REPOSITORY.*TAG.*IMAGE ID.*CREATED"
-    run_podman images --noheading --format "{{.Size}}" --size=false
-    is "$output" "0 B"
-}
-
 # vim: filetype=sh
diff --git a/test/system/015-help.bats b/test/system/015-help.bats
index a87081687..4eeea85bf 100644
--- a/test/system/015-help.bats
+++ b/test/system/015-help.bats
@@ -68,9 +68,10 @@ function check_help() {
             if [ "$cmd" != "help" ]; then
                 dprint "$command_string invalid-arg"
                 run_podman '?' "$@" $cmd invalid-arg
-                is "$status" 125 "'$command_string invalid-arg' - exit status"
+                is "$status" 125 \
+                   "'$usage' indicates that the command takes no arguments. I invoked it with 'invalid-arg' and expected an error status"
                 is "$output" "Error: .* takes no arguments" \
-                   "'$command_string' with extra (invalid) arguments"
+                   "'$usage' indicates that the command takes no arguments. I invoked it with 'invalid-arg' and expected the following error message"
             fi
             found[takes_no_args]=1
         fi
@@ -115,9 +116,10 @@ function check_help() {
             # try to read username/password from stdin.
             dprint "$command_string (without required args)"
             run_podman '?' "$@" $cmd </dev/null
-            is "$status" 125 "'$command_string' with no arguments - exit status"
+            is "$status" 125 \
+               "'$usage' indicates at least one required arg. I invoked it with no args and expected an error exit code"
             is "$output" "Error:.* \(require\|specif\|must\|provide\|need\|choose\|accepts\)" \
-               "'$command_string' without required arg"
+               "'$usage' indicates at least one required arg. I invoked it with no args and expected one of these error messages"
 
             found[required_args]=1
         fi
@@ -138,9 +140,10 @@ function check_help() {
                 local n_args=$(wc -w <<<"$rhs")
 
                 run_podman '?' "$@" $cmd $(seq --format='x%g' 0 $n_args)
-                is "$status" 125 "'$command_string' with >$n_args arguments - exit status"
+                is "$status" 125 \
+                   "'$usage' indicates a maximum of $n_args args. I invoked it with more, and expected this exit status"
                 is "$output" "Error:.* \(takes no arguments\|requires exactly $n_args arg\|accepts at most\|too many arguments\|accepts $n_args arg(s), received\|accepts between .* and .* arg(s), received \)" \
-                   "'$command_string' with >$n_args arguments"
+                   "'$usage' indicates a maximum of $n_args args. I invoked it with more, and expected one of these error messages"
 
                 found[fixed_args]=1
             fi
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 72e4a2bc8..aba18badb 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -821,4 +821,28 @@ EOF
     run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
     is "$output" "$current_oom_score_adj" "different oom_score_adj in the container"
 }
+
+# CVE-2022-1227 : podman top joins container mount NS and uses nsenter from image
+@test "podman top does not use nsenter from image" {
+    tmpdir=$PODMAN_TMPDIR/build-test
+    mkdir -p $tmpdir
+    tmpbuilddir=$tmpdir/build
+    mkdir -p $tmpbuilddir
+    dockerfile=$tmpbuilddir/Dockerfile
+    cat >$dockerfile <<EOF
+FROM $IMAGE
+RUN rm /usr/bin/nsenter; \
+echo -e "#!/bin/sh\nfalse" >> /usr/bin/nsenter; \
+chmod +x /usr/bin/nsenter
+EOF
+
+    test_image="cve_2022_1227_test"
+    run_podman build -t $test_image $tmpbuilddir
+    run_podman run -d --userns=keep-id $test_image top
+    ctr="$output"
+    run_podman top $ctr huser,user
+    run_podman rm -f -t0 $ctr
+    run_podman rmi $test_image
+}
+
 # vim: filetype=sh
diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats
index db50c8f8c..e38cdb383 100644
--- a/test/system/035-logs.bats
+++ b/test/system/035-logs.bats
@@ -30,6 +30,34 @@ load helpers
     run_podman rm $cid
 }
 
+function _log_test_tail() {
+    local driver=$1
+
+    run_podman run -d --log-driver=$driver $IMAGE sh -c "echo test1; echo test2"
+    cid="$output"
+
+    run_podman logs --tail 1 $cid
+    is "$output" "test2"  "logs should only show last line"
+
+    run_podman restart $cid
+
+    run_podman logs --tail 1 $cid
+    is "$output" "test2"  "logs should only show last line after restart"
+
+    run_podman rm $cid
+}
+
+@test "podman logs - tail test, k8s-file" {
+    _log_test_tail k8s-file
+}
+
+@test "podman logs - tail test, journald" {
+    # We can't use journald on RHEL as rootless: rhbz#1895105
+    skip_if_journald_unavailable
+
+    _log_test_tail journald
+}
+
 function _additional_events_backend() {
     local driver=$1
     # Since PR#10431, 'logs -f' with journald driver is only supported with journald events backend.
diff --git a/test/system/045-start.bats b/test/system/045-start.bats
index 2ea057cd3..31e924ca5 100644
--- a/test/system/045-start.bats
+++ b/test/system/045-start.bats
@@ -41,18 +41,19 @@ load helpers
 @test "podman start --filter - start only containers that match the filter" {
     run_podman run -d $IMAGE /bin/true
     cid="$output"
-    run_podman start --filter restart-policy=always $cid "CID of restart-policy=always container"
-    is "$output" ""
+    run_podman start --filter restart-policy=always $cid
+    is "$output" "" "CID of restart-policy=always container"
 
-    run_podman start --filter restart-policy=none $cid "CID of restart-policy=none container"
-    is "$output" "$cid"
+    run_podman start --filter restart-policy=none $cid
+    is "$output" "$cid" "CID of restart-policy=none container"
 }
 
 @test "podman start --filter invalid-restart-policy - return error" {
     run_podman run -d $IMAGE /bin/true
     cid="$output"
-    run_podman 125 start --filter restart-policy=fakepolicy $cid "CID of restart-policy=<not-exists> container"
-    is "$output" "Error: fakepolicy invalid restart policy"
+    run_podman 125 start --filter restart-policy=fakepolicy $cid
+    is "$output" "Error: fakepolicy invalid restart policy" \
+       "CID of restart-policy=<not-exists> container"
 }
 
 @test "podman start --all --filter" {