9 files changed, 98 insertions, 65 deletions

diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index c5b2f5ec1..610d3e36d 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -65,6 +65,16 @@ t GET libpod/containers/json?last=1 200 \
 
 cid=$(jq -r '.[0].Id' <<<"$output")
 
+if root; then
+    t GET libpod/containers/stats?containers='[$cid]' 200
+else
+    if have_cgroupsv2; then
+        t GET libpod/containers/stats?containers='[$cid]' 200
+    else
+        t GET libpod/containers/stats?containers='[$cid]' 409
+    fi
+fi
+
 t DELETE libpod/containers/$cid 204
 
 # Issue #6799: it should be possible to start a container, even w/o args.
diff --git a/test/apiv2/python/rest_api/test_v2_0_0_container.py b/test/apiv2/python/rest_api/test_v2_0_0_container.py
index 30d902d8c..dbad6824f 100644
--- a/test/apiv2/python/rest_api/test_v2_0_0_container.py
+++ b/test/apiv2/python/rest_api/test_v2_0_0_container.py
@@ -36,26 +36,48 @@ class ContainerTestCase(APITestCase):
 
         r = requests.post(
             self.podman_url + "/v1.40/containers/create?name=topcontainer",
-            json={"Healthcheck": {"Test": ["CMD-SHELL", "exit 0"], "Interval":1000, "Timeout":1000, "Retries": 5}, "Cmd": ["top"], "Image": "alpine:latest"},
+            json={"Cmd": ["top"],
+                  "Image": "alpine:latest",
+                  "Healthcheck": {
+                      "Test": ["CMD", "pidof", "top"],
+                      "Interval": 5000000000,
+                      "Timeout": 2000000000,
+                      "Retries": 3,
+                      "StartPeriod": 5000000000
+                  }
+            },
         )
         self.assertEqual(r.status_code, 201, r.text)
         payload = r.json()
         container_id = payload["Id"]
         self.assertIsNotNone(container_id)
 
-        r = requests.get(self.podman_url + f"/v1.40/containers/{payload['Id']}/json")
+        r = requests.get(self.podman_url + f"/v1.40/containers/{container_id}/json")
         self.assertEqual(r.status_code, 200, r.text)
         self.assertId(r.content)
         out = r.json()
-        state = out["State"]["Health"]
-        self.assertIsInstance(state, dict)
-
-        r = requests.get(self.uri(f"/containers/{payload['Id']}/json"))
+        self.assertIsNone(out["State"].get("Health"))
+        self.assertListEqual(["CMD", "pidof", "top"], out["Config"]["Healthcheck"]["Test"])
+        self.assertEqual(5000000000, out["Config"]["Healthcheck"]["Interval"])
+        self.assertEqual(2000000000, out["Config"]["Healthcheck"]["Timeout"])
+        self.assertEqual(3, out["Config"]["Healthcheck"]["Retries"])
+        self.assertEqual(5000000000, out["Config"]["Healthcheck"]["StartPeriod"])
+
+        r = requests.get(self.uri(f"/containers/{container_id}/json"))
         self.assertEqual(r.status_code, 200, r.text)
         self.assertId(r.content)
         out = r.json()
         hc  = out["Config"]["Healthcheck"]["Test"]
-        self.assertListEqual(["CMD-SHELL", "exit 0"], hc)
+        self.assertListEqual(["CMD", "pidof", "top"], hc)
+
+        r = requests.post(self.podman_url + f"/v1.40/containers/{container_id}/start")
+        self.assertEqual(r.status_code, 204, r.text)
+
+        r = requests.get(self.podman_url + f"/v1.40/containers/{container_id}/json")
+        self.assertEqual(r.status_code, 200, r.text)
+        out = r.json()
+        state = out["State"]["Health"]
+        self.assertIsInstance(state, dict)
 
     def test_stats(self):
         r = requests.get(self.uri(self.resolve_container("/containers/{}/stats?stream=false")))
diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go
index 3349b8be3..08fc4e6cc 100644
--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@@ -261,10 +261,16 @@ var _ = Describe("Podman run", func() {
 
 	It("podman run containers.conf timezone", func() {
 		//containers.conf timezone set to Pacific/Honolulu
-		session := podmanTest.Podman([]string{"run", ALPINE, "date", "+'%H %Z'"})
+		session := podmanTest.Podman([]string{"run", "--tz", "", ALPINE, "date", "+'%H %Z'"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		Expect(session.OutputToString()).To(ContainSubstring("HST"))
+
+		// verify flag still overrides
+		session = podmanTest.Podman([]string{"run", "--tz", "EST", ALPINE, "date", "+'%H %Z'"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("EST"))
 	})
 
 	It("podman run containers.conf umask", func() {
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index 4c6788b9d..028689211 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -5,12 +5,9 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"strconv"
 	"strings"
 
-	"github.com/containers/common/pkg/sysinfo"
 	"github.com/containers/podman/v3/pkg/rootless"
-	"github.com/containers/podman/v3/pkg/util"
 	. "github.com/containers/podman/v3/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -519,48 +516,6 @@ ENTRYPOINT ["sleep","99999"]
 		Expect(create).Should(Exit(0))
 	})
 
-	It("podman pod create --cpus", func() {
-		podName := "testPod"
-		numCPU := float64(sysinfo.NumCPU())
-		period, quota := util.CoresToPeriodAndQuota(numCPU)
-		numCPUStr := strconv.Itoa(int(numCPU))
-		podCreate := podmanTest.Podman([]string{"pod", "create", "--cpus", numCPUStr, "--name", podName})
-		podCreate.WaitWithDefaultTimeout()
-		Expect(podCreate).Should(Exit(0))
-
-		contCreate := podmanTest.Podman([]string{"container", "create", "--pod", podName, "alpine"})
-		contCreate.WaitWithDefaultTimeout()
-		Expect(podCreate).Should(Exit(0))
-
-		podInspect := podmanTest.Podman([]string{"pod", "inspect", podName})
-		podInspect.WaitWithDefaultTimeout()
-		Expect(podInspect).Should(Exit(0))
-		podJSON := podInspect.InspectPodToJSON()
-		Expect(podJSON.CPUPeriod).To(Equal(period))
-		Expect(podJSON.CPUQuota).To(Equal(quota))
-	})
-
-	It("podman pod create --cpuset-cpus", func() {
-		podName := "testPod"
-		ctrName := "testCtr"
-		numCPU := float64(sysinfo.NumCPU())
-		numCPUStr := strconv.Itoa(int(numCPU))
-		in := "0-" + numCPUStr
-		podCreate := podmanTest.Podman([]string{"pod", "create", "--cpuset-cpus", in, "--name", podName})
-		podCreate.WaitWithDefaultTimeout()
-		Expect(podCreate).Should(Exit(0))
-
-		contCreate := podmanTest.Podman([]string{"container", "create", "--name", ctrName, "--pod", podName, "alpine"})
-		contCreate.WaitWithDefaultTimeout()
-		Expect(podCreate).Should(Exit(0))
-
-		podInspect := podmanTest.Podman([]string{"pod", "inspect", podName})
-		podInspect.WaitWithDefaultTimeout()
-		Expect(podInspect).Should(Exit(0))
-		podJSON := podInspect.InspectPodToJSON()
-		Expect(podJSON.CPUSetCPUs).To(Equal(in))
-	})
-
 	It("podman pod create --pid", func() {
 		podName := "pidPod"
 		ns := "ns:/proc/self/ns/"
diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go
index 300c3a8e0..3e261961b 100644
--- a/test/e2e/run_cgroup_parent_test.go
+++ b/test/e2e/run_cgroup_parent_test.go
@@ -2,6 +2,7 @@ package integration
 
 import (
 	"fmt"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -80,7 +81,21 @@ var _ = Describe("Podman run with --cgroup-parent", func() {
 		exec.WaitWithDefaultTimeout()
 		Expect(exec).Should(Exit(0))
 
-		cgroup := filepath.Dir(strings.TrimRight(strings.Replace(exec.OutputToString(), "0::", "", -1), "\n"))
+		containerCgroup := strings.TrimRight(strings.Replace(exec.OutputToString(), "0::", "", -1), "\n")
+
+		content, err := ioutil.ReadFile(filepath.Join("/sys/fs/cgroup", containerCgroup, "cgroup.procs"))
+		Expect(err).To(BeNil())
+
+		// Move the container process to a sub cgroup
+		subCgroupPath := filepath.Join(filepath.Join("/sys/fs/cgroup", containerCgroup, "old-container"))
+
+		err = os.MkdirAll(subCgroupPath, 0755)
+		Expect(err).To(BeNil())
+
+		err = ioutil.WriteFile(filepath.Join(subCgroupPath, "cgroup.procs"), content, 0644)
+		Expect(err).To(BeNil())
+
+		cgroup := filepath.Dir(containerCgroup)
 
 		run = podmanTest.Podman([]string{"--cgroup-manager=cgroupfs", "run", "-d", fmt.Sprintf("--cgroup-parent=%s", cgroup), fedoraMinimal, "sleep", "100"})
 		run.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 80a82ea05..92388b099 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -685,13 +685,6 @@ var _ = Describe("Podman run networking", func() {
 		Expect(podrm).Should(Exit(0))
 	})
 
-	It("podman run net=host adds entry to /etc/hosts", func() {
-		run := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/etc/hosts"})
-		run.WaitWithDefaultTimeout()
-		Expect(run).Should(Exit(0))
-		Expect(strings.Contains(run.OutputToString(), "127.0.1.1")).To(BeTrue())
-	})
-
 	It("podman run with --net=host and --hostname sets correct hostname", func() {
 		hostname := "testctr"
 		run := podmanTest.Podman([]string{"run", "--net=host", "--hostname", hostname, ALPINE, "hostname"})
@@ -731,10 +724,6 @@ var _ = Describe("Podman run networking", func() {
 		ping_test("--net=none")
 	})
 
-	It("podman attempt to ping container name and hostname --net=host", func() {
-		ping_test("--net=host")
-	})
-
 	It("podman attempt to ping container name and hostname --net=private", func() {
 		ping_test("--net=private")
 	})
diff --git a/test/system/005-info.bats b/test/system/005-info.bats
index 4b419841e..96ca2c1bd 100644
--- a/test/system/005-info.bats
+++ b/test/system/005-info.bats
@@ -33,16 +33,21 @@ cgroupVersion: v[12]
     expr_nvr="[a-z0-9-]\\\+-[a-z0-9.]\\\+-[a-z0-9]\\\+\."
     expr_path="/[a-z0-9\\\/.-]\\\+\\\$"
 
+    # FIXME: if we're ever able to get package versions on Debian,
+    #        add '-[0-9]' to all '*.package' queries below.
     tests="
 host.buildahVersion       | [0-9.]
 host.conmon.path          | $expr_path
+host.conmon.package       | .*conmon.*
 host.cgroupManager        | \\\(systemd\\\|cgroupfs\\\)
 host.cgroupVersion        | v[12]
 host.ociRuntime.path      | $expr_path
+host.ociRuntime.package   | .*\\\(crun\\\|runc\\\).*
 store.configFile          | $expr_path
 store.graphDriverName     | [a-z0-9]\\\+\\\$
 store.graphRoot           | $expr_path
 store.imageStore.number   | 1
+host.slirp4netns.executable | $expr_path
 "
 
     parse_table "$tests" | while read field expect; do
diff --git a/test/system/080-pause.bats b/test/system/080-pause.bats
index ea4c85f8f..1eb47dcfb 100644
--- a/test/system/080-pause.bats
+++ b/test/system/080-pause.bats
@@ -57,4 +57,23 @@ load helpers
     run_podman 125 unpause $cname
 }
 
+@test "podman unpause --all" {
+    if is_rootless && ! is_cgroupsv2; then
+        skip "'podman pause' (rootless) only works with cgroups v2"
+    fi
+
+    cname=$(random_string 10)
+    run_podman create --name notrunning $IMAGE
+    run_podman run -d --name $cname $IMAGE sleep 100
+    cid="$output"
+    run_podman pause $cid
+    run_podman inspect --format '{{.State.Status}}' $cid
+    is "$output" "paused" "podman inspect .State.Status"
+    run_podman unpause --all
+    is "$output" "$cid" "podman unpause output"
+    run_podman ps --format '{{.ID}} {{.Names}} {{.Status}}'
+    is "$output" "${cid:0:12} $cname Up.*" "podman ps on resumed container"
+    run_podman rm -f $cname
+    run_podman rm -f notrunning
+}
 # vim: filetype=sh
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index 4ef9c8b30..5ee0e0715 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -50,6 +50,18 @@ function check_label() {
     check_label "--systemd=always" "container_init_t"
 }
 
+@test "podman selinux: init container with --security-opt type" {
+    check_label "--systemd=always --security-opt=label=type:spc_t" "spc_t"
+}
+
+@test "podman selinux: init container with --security-opt level&type" {
+    check_label "--systemd=always --security-opt=label=level:s0:c1,c2 --security-opt=label=type:spc_t" "spc_t" "s0:c1,c2"
+}
+
+@test "podman selinux: init container with --security-opt level" {
+    check_label "--systemd=always --security-opt=label=level:s0:c1,c2" "container_init_t"  "s0:c1,c2"
+}
+
 @test "podman selinux: pid=host" {
     # FIXME this test fails when run rootless with runc:
     #   Error: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: readonly path /proc/asound: operation not permitted: OCI permission denied