13 files changed, 120 insertions, 13 deletions

diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at
index fff3f3b1f..4c032c072 100644
--- a/test/apiv2/35-networks.at
+++ b/test/apiv2/35-networks.at
@@ -3,6 +3,32 @@
 # network-related tests
 #
 
-t GET /networks/non-existing-network 404
+t GET networks/non-existing-network 404 \
+  .cause='network not found'
+
+if root; then
+  t POST libpod/networks/create?name=network1 '' 200 \
+    .Filename~.*/network1\\.conflist
+
+  # --data '{"Subnet":{"IP":"10.10.254.0","Mask":[255,255,255,0]}}'
+  t POST libpod/networks/create?name=network2 '"Subnet":{"IP":"10.10.254.0","Mask":[255,255,255,0]}' 200 \
+    .Filename~.*/network2\\.conflist
+
+  # test for empty mask
+  t POST libpod/networks/create '"Subnet":{"IP":"10.10.1.0","Mask":[]}' 500 \
+    .cause~'.*cannot be empty'
+  # test for invalid mask
+  t POST libpod/networks/create '"Subnet":{"IP":"10.10.1.0","Mask":[0,255,255,0]}' 500 \
+    .cause~'.*mask is invalid'
+
+  # clean the network
+  t DELETE libpod/networks/network1 200 \
+    .[0].Name~network1 \
+    .[0].Err=null
+  t DELETE libpod/networks/network2 200 \
+    .[0].Name~network2 \
+    .[0].Err=null
+
+fi
 
 # vim: filetype=sh
diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2
index d0bf28b9a..2f01783ff 100755
--- a/test/apiv2/test-apiv2
+++ b/test/apiv2/test-apiv2
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # Usage: test-apiv2 [PORT]
 #
diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
index fcd324cd1..f97e6c1f1 100644
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@@ -178,6 +178,47 @@ var _ = Describe("Podman network create", func() {
 		Expect(subnet.Contains(containerIP)).To(BeTrue())
 	})
 
+	It("podman network create with name and IPv6 subnet", func() {
+		SkipIfRemote()
+		var (
+			results []network.NcList
+		)
+		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:1:2:3:4::/64", "newIPv6network"})
+		nc.WaitWithDefaultTimeout()
+		Expect(nc.ExitCode()).To(BeZero())
+
+		defer podmanTest.removeCNINetwork("newIPv6network")
+
+		// Inspect the network configuration
+		inspect := podmanTest.Podman([]string{"network", "inspect", "newIPv6network"})
+		inspect.WaitWithDefaultTimeout()
+
+		// JSON the network configuration into something usable
+		err := json.Unmarshal([]byte(inspect.OutputToString()), &results)
+		Expect(err).To(BeNil())
+		result := results[0]
+		Expect(result["name"]).To(Equal("newIPv6network"))
+
+		// JSON the bridge info
+		bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge")
+		Expect(err).To(BeNil())
+		Expect(bridgePlugin.IPAM.Routes[0].Dest).To(Equal("::/0"))
+
+		// Once a container executes a new network, the nic will be created. We should clean those up
+		// best we can
+		defer removeNetworkDevice(bridgePlugin.BrName)
+
+		try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newIPv6network", ALPINE, "sh", "-c", "ip addr show eth0 |  grep global | awk ' /inet6 / {print $2}'"})
+		try.WaitWithDefaultTimeout()
+
+		_, subnet, err := net.ParseCIDR("fd00:1:2:3:4::/64")
+		Expect(err).To(BeNil())
+		containerIP, _, err := net.ParseCIDR(try.OutputToString())
+		Expect(err).To(BeNil())
+		// Ensure that the IP the container got is within the subnet the user asked for
+		Expect(subnet.Contains(containerIP)).To(BeTrue())
+	})
+
 	It("podman network create with invalid subnet", func() {
 		nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", "fail"})
 		nc.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index d735217d6..83befe730 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -293,6 +293,22 @@ var _ = Describe("Podman run networking", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 	})
 
+	It("podman run slirp4netns network with different cidr", func() {
+		slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
+		Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))
+
+		networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true"
+		session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"})
+		session.Wait(30)
+
+		if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") {
+			Expect(session.ExitCode()).To(Equal(0))
+		} else {
+			Expect(session.ExitCode()).ToNot(Equal(0))
+			Expect(session.ErrorToString()).To(ContainSubstring("cidr not supported"))
+		}
+	})
+
 	It("podman run network bind to 127.0.0.1", func() {
 		slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"})
 		Expect(slirp4netnsHelp.ExitCode()).To(Equal(0))
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 30e565894..6c65a23e8 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -827,6 +827,15 @@ USER mail`
 		Expect(isSharedOnly).Should(BeTrue())
 	})
 
+	It("podman run --security-opts proc-opts=", func() {
+		session := podmanTest.Podman([]string{"run", "--security-opt", "proc-opts=nosuid,exec", fedoraMinimal, "findmnt", "-noOPTIONS", "/proc"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		output := session.OutputToString()
+		Expect(output).To(ContainSubstring("nosuid"))
+		Expect(output).To(Not(ContainSubstring("exec")))
+	})
+
 	It("podman run --mount type=bind,bind-nonrecursive", func() {
 		SkipIfRootless()
 		session := podmanTest.Podman([]string{"run", "--mount", "type=bind,bind-nonrecursive,slave,src=/,target=/host", fedoraMinimal, "findmnt", "-nR", "/host"})
diff --git a/test/system/110-history.bats b/test/system/110-history.bats
index b83e90fe4..5dc221d61 100644
--- a/test/system/110-history.bats
+++ b/test/system/110-history.bats
@@ -3,8 +3,6 @@
 load helpers
 
 @test "podman history - basic tests" {
-    skip_if_remote "FIXME: pending #7122"
-
     tests="
                                  | .*[0-9a-f]\\\{12\\\} .* CMD .* LABEL
 --format '{{.ID}} {{.Created}}'  | .*[0-9a-f]\\\{12\\\} .* ago
diff --git a/test/system/120-load.bats b/test/system/120-load.bats
index 2fcabcd8a..14dae4c8a 100644
--- a/test/system/120-load.bats
+++ b/test/system/120-load.bats
@@ -26,6 +26,16 @@ verify_iid_and_name() {
     is "$new_img_name" "$1"   "Name & tag of restored image"
 }
 
+@test "podman save to pipe and load" {
+    # We can't use run_podman because that uses the BATS 'run' function
+    # which redirects stdout and stderr. Here we need to guarantee
+    # that podman's stdout is a pipe, not any other form of redirection
+    $PODMAN save --format oci-archive $IMAGE | cat >$PODMAN_TMPDIR/test.tar
+    [ $status -eq 0 ]
+
+    run_podman load -i $PODMAN_TMPDIR/test.tar
+}
+
 
 @test "podman load - by image ID" {
     # FIXME: how to build a simple archive instead?
diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats
index c37eea15a..6bc9fc02e 100644
--- a/test/system/260-sdnotify.bats
+++ b/test/system/260-sdnotify.bats
@@ -12,8 +12,15 @@ _SOCAT_LOG=
 function setup() {
     skip_if_remote
 
-    # TODO: remove this once CI systems have newer crun and container-selinux
-    skip "TEMPORARY SKIP - until CI systems get new crun, container-selinux"
+    # Skip if systemd is not running
+    systemctl list-units &>/dev/null || skip "systemd not available"
+
+    # sdnotify fails with runc 1.0.0-3-dev2 on Ubuntu. Let's just
+    # assume that we work only with crun, nothing else.
+    run_podman info --format '{{ .Host.OCIRuntime.Name }}'
+    if [[ "$output" != "crun" ]]; then
+        skip "this test only works with crun, not '$output'"
+    fi
 
     basic_setup
 }
@@ -107,7 +114,7 @@ function _assert_mainpid_is_conmon() {
 @test "sdnotify : container" {
     # Sigh... we need to pull a humongous image because it has systemd-notify.
     # FIXME: is there a smaller image we could use?
-    _FEDORA=registry.fedoraproject.org/fedora:latest
+    _FEDORA=registry.fedoraproject.org/fedora:31
 
     # Pull that image. Retry in case of flakes.
     run_podman pull $_FEDORA || \
diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats
index 1b2d14554..142d7dcd9 100644
--- a/test/system/400-unprivileged-access.bats
+++ b/test/system/400-unprivileged-access.bats
@@ -23,7 +23,7 @@ load helpers
     # as a user, the parent directory must be world-readable.
     test_script=$PODMAN_TMPDIR/fail-if-writable
     cat >$test_script <<"EOF"
-#!/bin/bash
+#!/usr/bin/env bash
 
 path="$1"
 
diff --git a/test/system/helpers.t b/test/system/helpers.t
index bee09505c..7a331174b 100755
--- a/test/system/helpers.t
+++ b/test/system/helpers.t
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # regression tests for helpers.bash
 #
diff --git a/test/test_podman_baseline.sh b/test/test_podman_baseline.sh
index d205f544a..3624d24c2 100755
--- a/test/test_podman_baseline.sh
+++ b/test/test_podman_baseline.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # test_podman_baseline.sh
 # A script to be run at the command line with Podman installed.
 # This should be run against a new kit to provide base level testing
@@ -215,7 +215,7 @@ podman run $image ls /
 ########
 FILE=./runecho.sh
 /bin/cat <<EOM >$FILE
-#!/bin/bash
+#!/usr/bin/env bash
 for i in {1..9};
 do
     echo "This is a new container pull ipbabble [" \$i "]"
diff --git a/test/test_podman_build.sh b/test/test_podman_build.sh
index e3e53cae6..29b7354b1 100644
--- a/test/test_podman_build.sh
+++ b/test/test_podman_build.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 #
 # test_podman_build.sh
 #
diff --git a/test/test_podman_pods.sh b/test/test_podman_pods.sh
index f2f47f510..c19f4fcab 100755
--- a/test/test_podman_pods.sh
+++ b/test/test_podman_pods.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # test_podman_pods.sh
 # A script to be run at the command line with Podman installed.
 # This should be run against a new kit to provide base level testing