10 files changed, 438 insertions, 29 deletions

diff --git a/test/e2e/container_clone_test.go b/test/e2e/container_clone_test.go
new file mode 100644
index 000000000..bebc6872b
--- /dev/null
+++ b/test/e2e/container_clone_test.go
@@ -0,0 +1,187 @@
+package integration
+
+import (
+	"os"
+
+	. "github.com/containers/podman/v4/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega/gexec"
+)
+
+var _ = Describe("Podman container clone", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		SkipIfRemote("podman container clone is not supported in remote")
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+		podmanTest.SeedImages()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+
+	})
+
+	It("podman container clone basic test", func() {
+		SkipIfRootlessCgroupsV1("starting a container with the memory limits not supported")
+		create := podmanTest.Podman([]string{"create", ALPINE})
+		create.WaitWithDefaultTimeout()
+		Expect(create).To(Exit(0))
+		clone := podmanTest.Podman([]string{"container", "clone", create.OutputToString()})
+		clone.WaitWithDefaultTimeout()
+		Expect(clone).To(Exit(0))
+
+		clone = podmanTest.Podman([]string{"container", "clone", clone.OutputToString()})
+		clone.WaitWithDefaultTimeout()
+		Expect(clone).To(Exit(0))
+
+		ctrInspect := podmanTest.Podman([]string{"inspect", clone.OutputToString()})
+		ctrInspect.WaitWithDefaultTimeout()
+		Expect(ctrInspect).To(Exit(0))
+		Expect(ctrInspect.InspectContainerToJSON()[0].Name).To(ContainSubstring("-clone1"))
+
+		ctrStart := podmanTest.Podman([]string{"container", "start", clone.OutputToString()})
+		ctrStart.WaitWithDefaultTimeout()
+		Expect(ctrStart).To(Exit(0))
+	})
+
+	It("podman container clone image test", func() {
+		create := podmanTest.Podman([]string{"create", ALPINE})
+		create.WaitWithDefaultTimeout()
+		Expect(create).To(Exit(0))
+		clone := podmanTest.Podman([]string{"container", "clone", create.OutputToString(), "new_name", fedoraMinimal})
+		clone.WaitWithDefaultTimeout()
+		Expect(clone).To(Exit(0))
+
+		ctrInspect := podmanTest.Podman([]string{"inspect", clone.OutputToString()})
+		ctrInspect.WaitWithDefaultTimeout()
+		Expect(ctrInspect).To(Exit(0))
+		Expect(ctrInspect.InspectContainerToJSON()[0].ImageName).To(Equal(fedoraMinimal))
+		Expect(ctrInspect.InspectContainerToJSON()[0].Name).To(Equal("new_name"))
+	})
+
+	It("podman container clone name test", func() {
+		create := podmanTest.Podman([]string{"create", ALPINE})
+		create.WaitWithDefaultTimeout()
+		Expect(create).To(Exit(0))
+		clone := podmanTest.Podman([]string{"container", "clone", "--name", "testing123", create.OutputToString()})
+		clone.WaitWithDefaultTimeout()
+		Expect(clone).To(Exit(0))
+
+		cloneInspect := podmanTest.Podman([]string{"inspect", clone.OutputToString()})
+		cloneInspect.WaitWithDefaultTimeout()
+		Expect(cloneInspect).To(Exit(0))
+		cloneData := cloneInspect.InspectContainerToJSON()
+		Expect(cloneData[0].Name).To(Equal("testing123"))
+	})
+
+	It("podman container clone resource limits override", func() {
+		create := podmanTest.Podman([]string{"create", "--cpus=5", ALPINE})
+		create.WaitWithDefaultTimeout()
+		Expect(create).To(Exit(0))
+		clone := podmanTest.Podman([]string{"container", "clone", create.OutputToString()})
+		clone.WaitWithDefaultTimeout()
+		Expect(clone).To(Exit(0))
+
+		createInspect := podmanTest.Podman([]string{"inspect", create.OutputToString()})
+		createInspect.WaitWithDefaultTimeout()
+		Expect(createInspect).To(Exit(0))
+		createData := createInspect.InspectContainerToJSON()
+
+		cloneInspect := podmanTest.Podman([]string{"inspect", clone.OutputToString()})
+		cloneInspect.WaitWithDefaultTimeout()
+		Expect(cloneInspect).To(Exit(0))
+		cloneData := cloneInspect.InspectContainerToJSON()
+		Expect(createData[0].HostConfig.NanoCpus).To(Equal(cloneData[0].HostConfig.NanoCpus))
+
+		create = podmanTest.Podman([]string{"create", "--memory=5", ALPINE})
+		create.WaitWithDefaultTimeout()
+		Expect(create).To(Exit(0))
+		clone = podmanTest.Podman([]string{"container", "clone", "--cpus=6", create.OutputToString()})
+		clone.WaitWithDefaultTimeout()
+		Expect(clone).To(Exit(0))
+
+		createInspect = podmanTest.Podman([]string{"inspect", create.OutputToString()})
+		createInspect.WaitWithDefaultTimeout()
+		Expect(createInspect).To(Exit(0))
+		createData = createInspect.InspectContainerToJSON()
+
+		cloneInspect = podmanTest.Podman([]string{"inspect", clone.OutputToString()})
+		cloneInspect.WaitWithDefaultTimeout()
+		Expect(cloneInspect).To(Exit(0))
+		cloneData = cloneInspect.InspectContainerToJSON()
+		Expect(createData[0].HostConfig.MemorySwap).To(Equal(cloneData[0].HostConfig.MemorySwap))
+
+		create = podmanTest.Podman([]string{"create", "--cpus=5", ALPINE})
+		create.WaitWithDefaultTimeout()
+		Expect(create).To(Exit(0))
+		clone = podmanTest.Podman([]string{"container", "clone", "--cpus=4", create.OutputToString()})
+		clone.WaitWithDefaultTimeout()
+		Expect(clone).To(Exit(0))
+
+		var nanoCPUs int64
+		numCpus := 4
+		nanoCPUs = int64(numCpus * 1000000000)
+
+		createInspect = podmanTest.Podman([]string{"inspect", create.OutputToString()})
+		createInspect.WaitWithDefaultTimeout()
+		Expect(createInspect).To(Exit(0))
+		createData = createInspect.InspectContainerToJSON()
+
+		cloneInspect = podmanTest.Podman([]string{"inspect", clone.OutputToString()})
+		cloneInspect.WaitWithDefaultTimeout()
+		Expect(cloneInspect).To(Exit(0))
+		cloneData = cloneInspect.InspectContainerToJSON()
+		Expect(createData[0].HostConfig.NanoCpus).ToNot(Equal(cloneData[0].HostConfig.NanoCpus))
+		Expect(cloneData[0].HostConfig.NanoCpus).To(Equal(nanoCPUs))
+	})
+
+	It("podman container clone in a pod", func() {
+		SkipIfRootlessCgroupsV1("starting a container with the memory limits not supported")
+		run := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:1234", ALPINE, "sleep", "20"})
+		run.WaitWithDefaultTimeout()
+		Expect(run).To(Exit(0))
+		clone := podmanTest.Podman([]string{"container", "clone", run.OutputToString()})
+		clone.WaitWithDefaultTimeout()
+		Expect(clone).To(Exit(0))
+		ctrStart := podmanTest.Podman([]string{"container", "start", clone.OutputToString()})
+		ctrStart.WaitWithDefaultTimeout()
+		Expect(ctrStart).To(Exit(0))
+
+		checkClone := podmanTest.Podman([]string{"ps", "-f", "id=" + clone.OutputToString(), "--ns", "--format", "{{.Namespaces.IPC}} {{.Namespaces.UTS}} {{.Namespaces.NET}}"})
+		checkClone.WaitWithDefaultTimeout()
+		Expect(checkClone).Should(Exit(0))
+		cloneArray := checkClone.OutputToStringArray()
+
+		checkCreate := podmanTest.Podman([]string{"ps", "-f", "id=" + run.OutputToString(), "--ns", "--format", "{{.Namespaces.IPC}} {{.Namespaces.UTS}} {{.Namespaces.NET}}"})
+		checkCreate.WaitWithDefaultTimeout()
+		Expect(checkCreate).Should(Exit(0))
+		createArray := checkCreate.OutputToStringArray()
+
+		Expect(cloneArray).To(ContainElements(createArray[:]))
+
+		ctrInspect := podmanTest.Podman([]string{"inspect", clone.OutputToString()})
+		ctrInspect.WaitWithDefaultTimeout()
+		Expect(ctrInspect).Should(Exit(0))
+
+		runInspect := podmanTest.Podman([]string{"inspect", run.OutputToString()})
+		runInspect.WaitWithDefaultTimeout()
+		Expect(runInspect).Should(Exit(0))
+
+		Expect(ctrInspect.InspectContainerToJSON()[0].Pod).Should(Equal(runInspect.InspectContainerToJSON()[0].Pod))
+		Expect(ctrInspect.InspectContainerToJSON()[0].HostConfig.NetworkMode).Should(Equal(runInspect.InspectContainerToJSON()[0].HostConfig.NetworkMode))
+	})
+
+})
diff --git a/test/e2e/play_build_test.go b/test/e2e/play_build_test.go
index 70e042b4d..849ba7162 100644
--- a/test/e2e/play_build_test.go
+++ b/test/e2e/play_build_test.go
@@ -212,6 +212,53 @@ LABEL marge=mom
 		Expect(inspectData[0].Config.Labels).To(HaveKeyWithValue("marge", "mom"))
 	})
 
+	It("Do not build image at all if --build=false", func() {
+		// Setup
+		yamlDir := filepath.Join(tempdir, RandomString(12))
+		err := os.Mkdir(yamlDir, 0755)
+		Expect(err).To(BeNil(), "mkdir "+yamlDir)
+		err = writeYaml(testYAML, filepath.Join(yamlDir, "top.yaml"))
+		Expect(err).To(BeNil())
+
+		// build an image called foobar but make sure it doesn't have
+		// the same label as the yaml buildfile, so we can check that
+		// the image is NOT rebuilt.
+		err = writeYaml(prebuiltImage, filepath.Join(yamlDir, "Containerfile"))
+		Expect(err).To(BeNil())
+
+		app1Dir := filepath.Join(yamlDir, "foobar")
+		err = os.Mkdir(app1Dir, 0755)
+		Expect(err).To(BeNil())
+		err = writeYaml(playBuildFile, filepath.Join(app1Dir, "Containerfile"))
+		Expect(err).To(BeNil())
+		// Write a file to be copied
+		err = writeYaml(copyFile, filepath.Join(app1Dir, "copyfile"))
+		Expect(err).To(BeNil())
+
+		// Switch to temp dir and restore it afterwards
+		cwd, err := os.Getwd()
+		Expect(err).To(BeNil())
+		Expect(os.Chdir(yamlDir)).To(BeNil())
+		defer func() { (Expect(os.Chdir(cwd)).To(BeNil())) }()
+
+		// Build the image into the local store
+		build := podmanTest.Podman([]string{"build", "-t", "foobar", "-f", "Containerfile"})
+		build.WaitWithDefaultTimeout()
+		Expect(build).Should(Exit(0))
+
+		session := podmanTest.Podman([]string{"play", "kube", "--build=false", "top.yaml"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		inspect := podmanTest.Podman([]string{"container", "inspect", "top_pod-foobar"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect).Should(Exit(0))
+		inspectData := inspect.InspectContainerToJSON()
+		Expect(len(inspectData)).To(BeNumerically(">", 0))
+		Expect(inspectData[0].Config.Labels).To(Not(HaveKey("homer")))
+		Expect(inspectData[0].Config.Labels).To(HaveKeyWithValue("marge", "mom"))
+	})
+
 	It("--build should override image in store", func() {
 		// Setup
 		yamlDir := filepath.Join(tempdir, RandomString(12))
diff --git a/test/e2e/trust_test.go b/test/e2e/trust_test.go
index 251fdbf77..d17e34e9c 100644
--- a/test/e2e/trust_test.go
+++ b/test/e2e/trust_test.go
@@ -39,7 +39,7 @@ var _ = Describe("Podman trust", func() {
 	})
 
 	It("podman image trust show", func() {
-		session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
+		session := podmanTest.Podman([]string{"image", "trust", "show", "-n", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		outArray := session.OutputToStringArray()
@@ -47,21 +47,18 @@ var _ = Describe("Podman trust", func() {
 
 		// Repository order is not guaranteed. So, check that
 		// all expected lines appear in output; we also check total number of lines, so that handles all of them.
-		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^default\s+accept\s*$`))
-		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^docker.io/library/hello-world\s+reject\s*$`))
-		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^registry.access.redhat.com\s+signedBy\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
+		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^all\s+default\s+accept\s*$`))
+		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+docker.io/library/hello-world\s+reject\s*$`))
+		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+registry.access.redhat.com\s+signed\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
 	})
 
 	It("podman image trust set", func() {
-		path, err := os.Getwd()
-		if err != nil {
-			os.Exit(1)
-		}
-		session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", filepath.Join(filepath.Dir(path), "trust_set_test.json"), "-t", "accept", "default"})
+		policyJSON := filepath.Join(podmanTest.TempDir, "trust_set_test.json")
+		session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", policyJSON, "-t", "accept", "default"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		var teststruct map[string][]map[string]string
-		policyContent, err := ioutil.ReadFile(filepath.Join(filepath.Dir(path), "trust_set_test.json"))
+		policyContent, err := ioutil.ReadFile(policyJSON)
 		if err != nil {
 			os.Exit(1)
 		}
@@ -88,25 +85,23 @@ var _ = Describe("Podman trust", func() {
 		}
 		Expect(repoMap).To(Equal(map[string][]map[string]string{
 			"* (default)": {{
+				"type":      "accept",
+				"transport": "all",
 				"name":      "* (default)",
 				"repo_name": "default",
-				"sigstore":  "",
-				"transport": "",
-				"type":      "accept",
 			}},
 			"docker.io/library/hello-world": {{
+				"transport": "repository",
 				"name":      "docker.io/library/hello-world",
 				"repo_name": "docker.io/library/hello-world",
-				"sigstore":  "",
-				"transport": "",
 				"type":      "reject",
 			}},
 			"registry.access.redhat.com": {{
+				"transport": "repository",
 				"name":      "registry.access.redhat.com",
 				"repo_name": "registry.access.redhat.com",
 				"sigstore":  "https://access.redhat.com/webassets/docker/content/sigstore",
-				"transport": "",
-				"type":      "signedBy",
+				"type":      "signed",
 				"gpg_id":    "security@redhat.com, security@redhat.com",
 			}},
 		}))
diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats
index 9b0a71285..582efa058 100644
--- a/test/system/001-basic.bats
+++ b/test/system/001-basic.bats
@@ -33,6 +33,23 @@ function setup() {
     fi
 }
 
+@test "podman info" {
+    # These will be displayed on the test output stream, offering an
+    # at-a-glance overview of important system configuration details
+    local -a want=(
+        'Arch:{{.Host.Arch}}'
+        'OS:{{.Host.Distribution.Distribution}}{{.Host.Distribution.Version}}'
+        'Runtime:{{.Host.OCIRuntime.Name}}'
+        'Rootless:{{.Host.Security.Rootless}}'
+        'Events:{{.Host.EventLogger}}'
+        'Logdriver:{{.Host.LogDriver}}'
+        'Cgroups:{{.Host.CgroupsVersion}}+{{.Host.CgroupManager}}'
+        'Net:{{.Host.NetworkBackend}}'
+    )
+    run_podman info --format "$(IFS='/' echo ${want[@]})"
+    echo "# $output" >&3
+}
+
 
 @test "podman --context emits reasonable output" {
     # All we care about here is that the command passes
@@ -88,7 +105,8 @@ function setup() {
 
     # ...but no matter what, --remote is never allowed after subcommand
     PODMAN="${podman_non_remote} ${podman_args[@]}" run_podman 125 version --remote
-    is "$output" "Error: unknown flag: --remote" "podman version --remote"
+    is "$output" "Error: unknown flag: --remote
+See 'podman version --help'" "podman version --remote"
 }
 
 @test "podman-remote: defaults" {
@@ -108,6 +126,17 @@ function setup() {
     if grep -- " --remote " <<<"$output"; then
         die "podman --help, with CONTAINER_CONNECTION set, is showing --remote"
     fi
+
+    # When it detects --url or --connection, --remote is not an option
+    run_podman --url foobar --help
+    if grep -- " --remote " <<<"$output"; then
+        die "podman --help, with --url set, is showing --remote"
+    fi
+
+    run_podman --connection foobar --help
+    if grep -- " --remote " <<<"$output"; then
+        die "podman --help, with --connection set, is showing --remote"
+    fi
 }
 
 # Check that just calling "podman-remote" prints the usage message even
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index a95acd986..c963d8325 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -1016,6 +1016,27 @@ EOF
     run_podman build -t build_test $tmpdir/link
 }
 
+@test "podman build --volumes-from conflict" {
+    rand_content=$(random_string 50)
+
+    tmpdir=$PODMAN_TMPDIR/build-test
+    mkdir -p $tmpdir
+    dockerfile=$tmpdir/Dockerfile
+    cat >$dockerfile <<EOF
+FROM $IMAGE
+VOLUME /vol
+EOF
+
+    run_podman build -t build_test $tmpdir
+    is "$output" ".*COMMIT" "COMMIT seen in log"
+
+    run_podman run -d --name test_ctr build_test  top
+    run_podman run --rm --volumes-from test_ctr $IMAGE  echo $rand_content
+    is "$output"   "$rand_content"   "No error should be thrown about volume in use"
+
+    run_podman rmi -f build_test
+}
+
 function teardown() {
     # A timeout or other error in 'build' can leave behind stale images
     # that podman can't even see and which will cascade into subsequent
diff --git a/test/system/300-cli-parsing.bats b/test/system/300-cli-parsing.bats
index 92c073102..ec493d3d8 100644
--- a/test/system/300-cli-parsing.bats
+++ b/test/system/300-cli-parsing.bats
@@ -12,4 +12,18 @@ load helpers
     run_podman run --rm --label 'true="false"' $IMAGE true
 }
 
+@test "podman flag error" {
+    local name="podman"
+    if is_remote; then
+        name="podman-remote"
+    fi
+    run_podman 125 run -h
+    is "$output" "Error: flag needs an argument: 'h' in -h
+See '$name run --help'" "expected error output"
+
+    run_podman 125 bad --invalid
+    is "$output" "Error: unknown flag: --invalid
+See '$name --help'" "expected error output"
+}
+
 # vim: filetype=sh
diff --git a/test/system/750-trust.bats b/test/system/750-trust.bats
new file mode 100644
index 000000000..f06df35e7
--- /dev/null
+++ b/test/system/750-trust.bats
@@ -0,0 +1,46 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# tests for podman image trust
+#
+
+load helpers
+
+@test "podman image trust set" {
+      skip_if_remote "trust only works locally"
+      policypath=$PODMAN_TMPDIR/policy.json
+      run_podman 125 image trust set --policypath=$policypath --type=bogus default
+      is "$output" "Error: invalid choice: bogus.*" "error from --type=bogus"
+
+      run_podman image trust set --policypath=$policypath --type=accept default
+      run_podman image trust show --policypath=$policypath
+      is "$output" ".*all  *default  *accept" "default policy should be accept"
+
+      run_podman image trust set --policypath=$policypath --type=reject default
+      run_podman image trust show --policypath=$policypath
+      is "$output" ".*all  *default  *reject" "default policy should be reject"
+
+      run_podman image trust set --policypath=$policypath --type=reject docker.io
+      run_podman image trust show --policypath=$policypath
+      is "$output" ".*all  *default  *reject" "default policy should still be reject"
+      is "$output" ".*repository  *docker.io  *reject" "docker.io should also be reject"
+
+      run_podman image trust show --policypath=$policypath --json
+      subset=$(jq -r '.[0] | .repo_name, .type' <<<"$output" | fmt)
+      is "$subset" "default reject" "--json also shows default"
+      subset=$(jq -r '.[1] | .repo_name, .type' <<<"$output" | fmt)
+      is "$subset" "docker.io reject" "--json also shows docker.io"
+
+      run_podman image trust set --policypath=$policypath --type=accept docker.io
+      run_podman image trust show --policypath=$policypath --json
+      subset=$(jq -r '.[0] | .repo_name, .type' <<<"$output" | fmt)
+      is "$subset" "default reject" "--json, default is still reject"
+      subset=$(jq -r '.[1] | .repo_name, .type' <<<"$output" | fmt)
+      is "$subset" "docker.io accept" "--json, docker.io should now be accept"
+
+      run cat $policypath
+      policy=$output
+      run_podman image trust show --policypath=$policypath --raw
+      is "$output" "$policy" "output should show match content of policy.json"
+}
+
+# vim: filetype=sh
diff --git a/test/system/800-config.bats b/test/system/800-config.bats
new file mode 100644
index 000000000..f5b4e9570
--- /dev/null
+++ b/test/system/800-config.bats
@@ -0,0 +1,80 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# Test specific configuration options and overrides
+#
+
+load helpers
+
+@test "podman CONTAINERS_CONF - CONTAINERS_CONF in conmon" {
+    skip_if_remote "can't check conmon environment over remote"
+
+    # Get the normal runtime for this host
+    run_podman info --format '{{ .Host.OCIRuntime.Name }}'
+    runtime="$output"
+    run_podman info --format "{{ .Host.OCIRuntime.Path }}"
+    ocipath="$output"
+
+    # Make an innocuous containers.conf in a non-standard location
+    conf_tmp="$PODMAN_TMPDIR/containers.conf"
+    cat >$conf_tmp <<EOF
+[engine]
+runtime="$runtime"
+[engine.runtimes]
+$runtime = ["$ocipath"]
+EOF
+    CONTAINERS_CONF="$conf_tmp" run_podman run -d $IMAGE sleep infinity
+    cid="$output"
+
+    CONTAINERS_CONF="$conf_tmp" run_podman inspect "$cid" --format "{{ .State.ConmonPid }}"
+    conmon="$output"
+
+    output="$(tr '\0' '\n' < /proc/$conmon/environ | grep '^CONTAINERS_CONF=')"
+    is "$output" "CONTAINERS_CONF=$conf_tmp"
+
+    # Clean up
+    # Oddly, sleep can't be interrupted with SIGTERM, so we need the
+    # "-f -t 0" to force a SIGKILL
+    CONTAINERS_CONF="$conf_tmp" run_podman rm -f -t 0 "$cid"
+}
+
+@test "podman CONTAINERS_CONF - override runtime name" {
+    skip_if_remote "Can't set CONTAINERS_CONF over remote"
+
+    # Get the path of the normal runtime
+    run_podman info --format "{{ .Host.OCIRuntime.Path }}"
+    ocipath="$output"
+
+    export conf_tmp="$PODMAN_TMPDIR/nonstandard_runtime_name.conf"
+    cat > $conf_tmp <<EOF
+[engine]
+runtime = "nonstandard_runtime_name"
+[engine.runtimes]
+nonstandard_runtime_name = ["$ocipath"]
+EOF
+
+    CONTAINERS_CONF="$conf_tmp" run_podman run -d --rm $IMAGE true
+    cid="$output"
+
+    # We need to wait for the container to finish before we can check
+    # if it was cleaned up properly.  But in the common case that the
+    # container completes fast, and the cleanup *did* happen properly
+    # the container is now gone.  So, we need to ignore "no such
+    # container" errors from podman wait.
+    CONTAINERS_CONF="$conf_tmp" run_podman '?' wait "$cid"
+    if [[ $status != 0 ]]; then
+	is "$output" "Error:.*no such container" "unexpected error from podman wait"
+    fi
+
+    # The --rm option means the container should no longer exist.
+    # However https://github.com/containers/podman/issues/12917 meant
+    # that the container cleanup triggered by conmon's --exit-cmd
+    # could fail, leaving the container in place.
+    #
+    # We verify that the container is indeed gone, by checking that a
+    # podman rm *fails* here - and it has the side effect of cleaning
+    # up in the case this test fails.
+    CONTAINERS_CONF="$conf_tmp" run_podman 1 rm "$cid"
+    is "$output" "Error:.*no such container"
+}
+
+# vim: filetype=sh
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index c622a5172..221315b97 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -37,9 +37,6 @@ fi
 # while retaining the ability to include these if they so desire.
 
 # Some CI systems set this to runc, overriding the default crun.
-# Although it would be more elegant to override options in run_podman(),
-# we instead override $PODMAN itself because some tests (170-run-userns)
-# have to invoke $PODMAN directly.
 if [[ -n $OCI_RUNTIME ]]; then
     if [[ -z $CONTAINERS_CONF ]]; then
         # FIXME: BATS provides no mechanism for end-of-run cleanup[1]; how
@@ -111,6 +108,7 @@ function basic_teardown() {
     echo "# [teardown]" >&2
     run_podman '?' pod rm -t 0 --all --force --ignore
     run_podman '?'     rm -t 0 --all --force --ignore
+    run_podman '?' network prune --force
 
     command rm -rf $PODMAN_TMPDIR
 }
diff --git a/test/trust_set_test.json b/test/trust_set_test.json
deleted file mode 100644
index f1fdf779c..000000000
--- a/test/trust_set_test.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-    "default": [
-        {
-            "type": "insecureAcceptAnything"
-        }
-    ],
-    "transports": null
-}