9 files changed, 282 insertions, 34 deletions
diff --git a/test/buildah-bud/apply-podman-deltas b/test/buildah-bud/apply-podman-deltas
index 18b3d56f9..44a33b0b8 100755
--- a/test/buildah-bud/apply-podman-deltas
+++ b/test/buildah-bud/apply-podman-deltas
@@ -165,14 +165,6 @@ skip "FIXME FIXME FIXME: this passes on Ed's laptop, fails in CI??" \
 skip "buildah runs with --cgroup-manager=cgroupfs, podman with systemd" \
      "bud with --cgroup-parent"
 
-# see https://github.com/containers/podman/pull/10829
-skip "FIXME FIXME FIXME - requires updated CI images (#10829)" \
-     "bud with --runtime and --runtime-flag"
-
-###############################################################################
-# BEGIN tests which are skipped due to actual podman bugs.
-
-
 ###############################################################################
 # BEGIN tests which are skipped because they make no sense under podman-remote
 
diff --git a/test/compose/mount_and_label/docker-compose.yml b/test/compose/mount_and_label/docker-compose.yml
index 112d7e134..81fda2512 100644
--- a/test/compose/mount_and_label/docker-compose.yml
+++ b/test/compose/mount_and_label/docker-compose.yml
@@ -6,5 +6,7 @@ services:
       - '5000:5000'
     volumes:
       - /tmp/data:/data:ro
+    security_opt:
+      - label=disable
     labels:
       - "io.podman=the_best"
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 2e48e1763..6b97c4162 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -645,9 +645,13 @@ func isRootless() bool {
 	return os.Geteuid() != 0
 }
 
+func isCgroupsV1() bool {
+	return !CGROUPSV2
+}
+
 func SkipIfCgroupV1(reason string) {
 	checkReason(reason)
-	if !CGROUPSV2 {
+	if isCgroupsV1() {
 		Skip(reason)
 	}
 }
@@ -841,3 +845,18 @@ func (p *PodmanTestIntegration) buildImage(dockerfile, imageName string, layers
 	output := session.OutputToStringArray()
 	return output[len(output)-1]
 }
+
+func writeYaml(content string, fileName string) error {
+	f, err := os.Create(fileName)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	_, err = f.WriteString(content)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go
index 7ad1fc1f2..d8ca9cbd9 100644
--- a/test/e2e/login_logout_test.go
+++ b/test/e2e/login_logout_test.go
@@ -79,9 +79,9 @@ var _ = Describe("Podman login and logout", func() {
 
 		session = podmanTest.Podman([]string{"run", "-d", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"),
 			"-e", strings.Join([]string{"REGISTRY_HTTP_ADDR=0.0.0.0", strconv.Itoa(port)}, ":"), "--name", "registry", "-v",
-			strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
+			strings.Join([]string{authPath, "/auth:Z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
 			"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
-			"-v", strings.Join([]string{certPath, "/certs"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
+			"-v", strings.Join([]string{certPath, "/certs:Z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
 			"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
@@ -235,10 +235,13 @@ var _ = Describe("Podman login and logout", func() {
 		setup.WaitWithDefaultTimeout()
 		defer os.RemoveAll(certDir)
 
+		// N/B: This second registry container shares the same auth and cert dirs
+		//      as the registry started from BeforeEach().  Since this one starts
+		//      second, re-labeling the volumes should keep SELinux happy.
 		session := podmanTest.Podman([]string{"run", "-d", "-p", "9001:9001", "-e", "REGISTRY_HTTP_ADDR=0.0.0.0:9001", "--name", "registry1", "-v",
-			strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
+			strings.Join([]string{authPath, "/auth:z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
 			"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
-			"-v", strings.Join([]string{certPath, "/certs"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
+			"-v", strings.Join([]string{certPath, "/certs:z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
 			"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
diff --git a/test/e2e/play_build_test.go b/test/e2e/play_build_test.go
new file mode 100644
index 000000000..16f2687f3
--- /dev/null
+++ b/test/e2e/play_build_test.go
@@ -0,0 +1,243 @@
+// +build !remote
+
+// build for play kube is not supported on remote yet.
+
+package integration
+
+import (
+	"os"
+	"path/filepath"
+
+	. "github.com/containers/podman/v3/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	. "github.com/onsi/gomega/gexec"
+)
+
+var _ = Describe("Podman play kube with build", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+		podmanTest.SeedImages()
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+
+	})
+
+	var testYAML = `
+apiVersion: v1
+kind: Pod
+metadata:
+  creationTimestamp: "2021-08-05T17:55:51Z"
+  labels:
+    app: foobar
+  name: top_pod
+spec:
+  containers:
+  - command:
+    - top
+    env:
+    - name: PATH
+      value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    - name: TERM
+      value: xterm
+    - name: container
+      value: podman
+    image: foobar
+    name: foobar
+    resources: {}
+    securityContext:
+      allowPrivilegeEscalation: true
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_NET_RAW
+        - CAP_AUDIT_WRITE
+      privileged: false
+      readOnlyRootFilesystem: false
+      seLinuxOptions: {}
+    tty: true
+    workingDir: /
+  dnsConfig: {}
+status: {}
+`
+
+	var playBuildFile = `
+FROM quay.io/libpod/alpine_nginx:latest
+RUN apk update && apk add strace
+LABEL homer=dad
+`
+	var prebuiltImage = `
+FROM quay.io/libpod/alpine_nginx:latest
+RUN apk update && apk add strace
+LABEL marge=mom
+`
+	It("Check that image is built using Dockerfile", func() {
+		// Setup
+		yamlDir := filepath.Join(tempdir, RandomString(12))
+		err := os.Mkdir(yamlDir, 0755)
+		err = writeYaml(testYAML, filepath.Join(yamlDir, "top.yaml"))
+		Expect(err).To(BeNil())
+		app1Dir := filepath.Join(yamlDir, "foobar")
+		err = os.Mkdir(app1Dir, 0755)
+		Expect(err).To(BeNil())
+		err = writeYaml(playBuildFile, filepath.Join(app1Dir, "Dockerfile"))
+		Expect(err).To(BeNil())
+
+		// Switch to temp dir and restore it afterwards
+		cwd, err := os.Getwd()
+		Expect(err).To(BeNil())
+		Expect(os.Chdir(yamlDir)).To(BeNil())
+		defer func() { (Expect(os.Chdir(cwd)).To(BeNil())) }()
+
+		session := podmanTest.Podman([]string{"play", "kube", "top.yaml"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		exists := podmanTest.Podman([]string{"image", "exists", "foobar"})
+		exists.WaitWithDefaultTimeout()
+		Expect(exists).Should(Exit(0))
+
+		inspect := podmanTest.Podman([]string{"container", "inspect", "top_pod-foobar"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect).Should(Exit(0))
+		inspectData := inspect.InspectContainerToJSON()
+		Expect(len(inspectData)).To(BeNumerically(">", 0))
+		Expect(inspectData[0].Config.Labels["homer"]).To(Equal("dad"))
+	})
+
+	It("Check that image is built using Containerfile", func() {
+		// Setup
+		yamlDir := filepath.Join(tempdir, RandomString(12))
+		err := os.Mkdir(yamlDir, 0755)
+		err = writeYaml(testYAML, filepath.Join(yamlDir, "top.yaml"))
+		Expect(err).To(BeNil())
+		app1Dir := filepath.Join(yamlDir, "foobar")
+		err = os.Mkdir(app1Dir, 0755)
+		Expect(err).To(BeNil())
+		err = writeYaml(playBuildFile, filepath.Join(app1Dir, "Containerfile"))
+		Expect(err).To(BeNil())
+
+		// Switch to temp dir and restore it afterwards
+		cwd, err := os.Getwd()
+		Expect(err).To(BeNil())
+		Expect(os.Chdir(yamlDir)).To(BeNil())
+		defer func() { (Expect(os.Chdir(cwd)).To(BeNil())) }()
+
+		session := podmanTest.Podman([]string{"play", "kube", "top.yaml"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		exists := podmanTest.Podman([]string{"image", "exists", "foobar"})
+		exists.WaitWithDefaultTimeout()
+		Expect(exists).Should(Exit(0))
+
+		inspect := podmanTest.Podman([]string{"container", "inspect", "top_pod-foobar"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect).Should(Exit(0))
+		inspectData := inspect.InspectContainerToJSON()
+		Expect(len(inspectData)).To(BeNumerically(">", 0))
+		Expect(inspectData[0].Config.Labels["homer"]).To(Equal("dad"))
+	})
+
+	It("Do not build image if already in the local store", func() {
+		// Setup
+		yamlDir := filepath.Join(tempdir, RandomString(12))
+		err := os.Mkdir(yamlDir, 0755)
+		err = writeYaml(testYAML, filepath.Join(yamlDir, "top.yaml"))
+		Expect(err).To(BeNil())
+
+		// build an image called foobar but make sure it doesnt have
+		// the same label as the yaml buildfile, so we can check that
+		// the image is NOT rebuilt.
+		err = writeYaml(prebuiltImage, filepath.Join(yamlDir, "Containerfile"))
+		Expect(err).To(BeNil())
+
+		app1Dir := filepath.Join(yamlDir, "foobar")
+		err = os.Mkdir(app1Dir, 0755)
+		Expect(err).To(BeNil())
+		err = writeYaml(playBuildFile, filepath.Join(app1Dir, "Containerfile"))
+		Expect(err).To(BeNil())
+
+		// Switch to temp dir and restore it afterwards
+		cwd, err := os.Getwd()
+		Expect(err).To(BeNil())
+		Expect(os.Chdir(yamlDir)).To(BeNil())
+		defer func() { (Expect(os.Chdir(cwd)).To(BeNil())) }()
+
+		// Build the image into the local store
+		build := podmanTest.Podman([]string{"build", "-t", "foobar", "-f", "Containerfile"})
+		build.WaitWithDefaultTimeout()
+		Expect(build).Should(Exit(0))
+
+		session := podmanTest.Podman([]string{"play", "kube", "top.yaml"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		inspect := podmanTest.Podman([]string{"container", "inspect", "top_pod-foobar"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect).Should(Exit(0))
+		inspectData := inspect.InspectContainerToJSON()
+		Expect(len(inspectData)).To(BeNumerically(">", 0))
+		Expect(inspectData[0].Config.Labels["homer"]).To(Equal(""))
+		Expect(inspectData[0].Config.Labels["marge"]).To(Equal("mom"))
+	})
+
+	It("--build should override image in store", func() {
+		// Setup
+		yamlDir := filepath.Join(tempdir, RandomString(12))
+		err := os.Mkdir(yamlDir, 0755)
+		err = writeYaml(testYAML, filepath.Join(yamlDir, "top.yaml"))
+		Expect(err).To(BeNil())
+
+		// build an image called foobar but make sure it doesnt have
+		// the same label as the yaml buildfile, so we can check that
+		// the image is NOT rebuilt.
+		err = writeYaml(prebuiltImage, filepath.Join(yamlDir, "Containerfile"))
+		Expect(err).To(BeNil())
+
+		app1Dir := filepath.Join(yamlDir, "foobar")
+		err = os.Mkdir(app1Dir, 0755)
+		Expect(err).To(BeNil())
+		err = writeYaml(playBuildFile, filepath.Join(app1Dir, "Containerfile"))
+		Expect(err).To(BeNil())
+
+		// Switch to temp dir and restore it afterwards
+		cwd, err := os.Getwd()
+		Expect(err).To(BeNil())
+		Expect(os.Chdir(yamlDir)).To(BeNil())
+		defer func() { (Expect(os.Chdir(cwd)).To(BeNil())) }()
+
+		// Build the image into the local store
+		build := podmanTest.Podman([]string{"build", "-t", "foobar", "-f", "Containerfile"})
+		build.WaitWithDefaultTimeout()
+		Expect(build).Should(Exit(0))
+
+		session := podmanTest.Podman([]string{"play", "kube", "--build", "top.yaml"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+
+		inspect := podmanTest.Podman([]string{"container", "inspect", "top_pod-foobar"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect).Should(Exit(0))
+		inspectData := inspect.InspectContainerToJSON()
+		Expect(len(inspectData)).To(BeNumerically(">", 0))
+		Expect(inspectData[0].Config.Labels["homer"]).To(Equal("dad"))
+		Expect(inspectData[0].Config.Labels["marge"]).To(Equal(""))
+	})
+
+})
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index e3096d932..eec4b43a5 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -512,21 +512,6 @@ var (
 	defaultSecret = []byte(`{"FOO":"Zm9v","BAR":"YmFy"}`)
 )
 
-func writeYaml(content string, fileName string) error {
-	f, err := os.Create(fileName)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	_, err = f.WriteString(content)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
 // getKubeYaml returns a kubernetes YAML document.
 func getKubeYaml(kind string, object interface{}) (string, error) {
 	var yamlTemplate string
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index d68aa6ac4..1fb1a179a 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -946,7 +946,7 @@ USER mail`, BB)
 		Expect(err).To(BeNil())
 		mountpoint := "/myvol/"
 
-		session := podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint, ALPINE, "cat", mountpoint + filename})
+		session := podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint + ":z", ALPINE, "cat", mountpoint + filename})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		ctrID := session.OutputToString()
diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go
index a0be5d462..c0d56fdbc 100644
--- a/test/e2e/stats_test.go
+++ b/test/e2e/stats_test.go
@@ -22,6 +22,9 @@ var _ = Describe("Podman stats", func() {
 
 	BeforeEach(func() {
 		SkipIfRootlessCgroupsV1("stats not supported on cgroupv1 for rootless users")
+		if isContainerized() {
+			SkipIfCgroupV1("stats not supported inside cgroupv1 container environment")
+		}
 		var err error
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go
index bb51d6ac2..3213a839a 100644
--- a/test/e2e/systemd_test.go
+++ b/test/e2e/systemd_test.go
@@ -6,7 +6,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/containers/podman/v3/pkg/rootless"
 	. "github.com/containers/podman/v3/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -118,11 +117,13 @@ WantedBy=multi-user.target
 		Expect(len(conData)).To(Equal(1))
 		Expect(conData[0].Config.SystemdMode).To(BeTrue())
 
-		if CGROUPSV2 || !rootless.IsRootless() {
-			stats := podmanTest.Podman([]string{"stats", "--no-stream", ctrName})
-			stats.WaitWithDefaultTimeout()
-			Expect(stats).Should(Exit(0))
+		// stats not supported w/ CGv1 rootless or containerized
+		if isCgroupsV1() && (isRootless() || isContainerized()) {
+			return
 		}
+		stats := podmanTest.Podman([]string{"stats", "--no-stream", ctrName})
+		stats.WaitWithDefaultTimeout()
+		Expect(stats).Should(Exit(0))
 	})
 
 	It("podman create container with systemd entrypoint triggers systemd mode", func() {