8 files changed, 87 insertions, 29 deletions
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index bc6efc20d..decdc4754 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -203,6 +203,15 @@ t GET 'containers/json?limit=0&all=1' 200 \
   .[0].Id~[0-9a-f]\\{64\\} \
   .[1].Id~[0-9a-f]\\{64\\}
 
+t GET containers/json?limit=2 200 length=2
+
+# Filter with two ids should return both container
+t GET "containers/json?filters=%7B%22id%22%3A%5B%22${cid}%22%2C%22${cid_top}%22%5D%7D&all=1" 200 length=2
+# Filter with two ids and status running should return only 1 container
+t GET "containers/json?filters=%7B%22id%22%3A%5B%22${cid}%22%2C%22${cid_top}%22%5D%2C%22status%22%3A%5B%22running%22%5D%7D&all=1" 200 \
+  length=1 \
+  .[0].Id=${cid_top}
+
 t POST containers/${cid_top}/stop "" 204
 
 t DELETE containers/$cid 204
diff --git a/test/apiv2/45-system.at b/test/apiv2/45-system.at
index 7d14fd4b3..44cd05a13 100644
--- a/test/apiv2/45-system.at
+++ b/test/apiv2/45-system.at
@@ -58,10 +58,10 @@ t GET libpod/system/df 200 '.Volumes | length=3'
 
 # -G --data-urlencode 'volumes=true&filters={"label":["testlabel1=testonly"]}'
 # only foo3 should be pruned because of filter
-t POST 'libpod/system/prune?volumes=true&filters=%7B%22label%22:%5B%22testlabel1=testonly%22%5D%7D' params='' 200 .VolumePruneReport[0].Id=foo3
+t POST 'libpod/system/prune?volumes=true&filters=%7B%22label%22:%5B%22testlabel1=testonly%22%5D%7D' params='' 200 .VolumePruneReports[0].Id=foo3
 # only foo2 should be pruned because of filter
-t POST 'libpod/system/prune?volumes=true&filters=%7B%22label%22:%5B%22testlabel1%22%5D%7D' params='' 200 .VolumePruneReport[0].Id=foo2
+t POST 'libpod/system/prune?volumes=true&filters=%7B%22label%22:%5B%22testlabel1%22%5D%7D' params='' 200 .VolumePruneReports[0].Id=foo2
 # foo1, the last remaining volume should be pruned without any filters applied
-t POST 'libpod/system/prune?volumes=true' params='' 200 .VolumePruneReport[0].Id=foo1
+t POST 'libpod/system/prune?volumes=true' params='' 200 .VolumePruneReports[0].Id=foo1
 
 # TODO add other system prune tests for pods / images
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go
index f61f52589..18737105e 100644
--- a/test/e2e/exec_test.go
+++ b/test/e2e/exec_test.go
@@ -119,6 +119,21 @@ var _ = Describe("Podman exec", func() {
 		Expect(session.ExitCode()).To(Equal(100))
 	})
 
+	It("podman exec --privileged", func() {
+		hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
+		Expect(hostCap.ExitCode()).To(Equal(0))
+
+		setup := podmanTest.RunTopContainer("test-privileged")
+		setup.WaitWithDefaultTimeout()
+		Expect(setup.ExitCode()).To(Equal(0))
+
+		session := podmanTest.Podman([]string{"exec", "--privileged", "test-privileged", "sh", "-c", "grep ^CapEff /proc/self/status | cut -f 2"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		containerCapMatchesHost(session.OutputToString(), hostCap.OutputToString())
+	})
+
 	It("podman exec terminal doesn't hang", func() {
 		setup := podmanTest.Podman([]string{"run", "-dti", "--name", "test1", fedoraMinimal, "sleep", "+Inf"})
 		setup.WaitWithDefaultTimeout()
diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go
index 765844265..3f059300b 100644
--- a/test/e2e/generate_systemd_test.go
+++ b/test/e2e/generate_systemd_test.go
@@ -74,6 +74,9 @@ var _ = Describe("Podman generate systemd", func() {
 
 		found, _ := session.GrepString(" stop -t 1234 ")
 		Expect(found).To(BeTrue())
+
+		found, _ = session.GrepString("TimeoutStopSec=1294")
+		Expect(found).To(BeTrue())
 	})
 
 	It("podman generate systemd", func() {
diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go
index a034ec2d1..287830102 100644
--- a/test/e2e/pod_stats_test.go
+++ b/test/e2e/pod_stats_test.go
@@ -177,8 +177,7 @@ var _ = Describe("Podman pod stats", func() {
 
 	It("podman stats on net=host post", func() {
 		// --net=host not supported for rootless pods at present
-		// problem with sysctls being passed to containers of the pod.
-		SkipIfCgroupV1("Bug: Error: sysctl net.ipv4.ping_group_range is not allowed in the hosts network namespace: OCI runtime error")
+		SkipIfRootlessCgroupsV1("Pause stats not supported in cgroups v1")
 		podName := "testPod"
 		podCreate := podmanTest.Podman([]string{"pod", "create", "--net=host", "--name", podName})
 		podCreate.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go
index 760de55b6..48f9ea76e 100644
--- a/test/e2e/run_privileged_test.go
+++ b/test/e2e/run_privileged_test.go
@@ -16,22 +16,22 @@ import (
 // know about at compile time. That is: the kernel may have more caps
 // available than we are aware of, leading to host=FFF... and ctr=3FF...
 // because the latter is all we request. Accept that.
-func containerCapMatchesHost(ctr_cap string, host_cap string) {
+func containerCapMatchesHost(ctrCap string, hostCap string) {
 	if isRootless() {
 		return
 	}
-	ctr_cap_n, err := strconv.ParseUint(ctr_cap, 16, 64)
-	Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", ctr_cap)
+	ctrCap_n, err := strconv.ParseUint(ctrCap, 16, 64)
+	Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", ctrCap)
 
-	host_cap_n, err := strconv.ParseUint(host_cap, 16, 64)
-	Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", host_cap)
+	hostCap_n, err := strconv.ParseUint(hostCap, 16, 64)
+	Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", hostCap)
 
 	// host caps can never be zero (except rootless).
 	// and host caps must always be a superset (inclusive) of container
-	Expect(host_cap_n).To(BeNumerically(">", 0), "host cap %q should be nonzero", host_cap)
-	Expect(host_cap_n).To(BeNumerically(">=", ctr_cap_n), "host cap %q should never be less than container cap %q", host_cap, ctr_cap)
-	host_cap_masked := host_cap_n & (1<<len(capability.List()) - 1)
-	Expect(ctr_cap_n).To(Equal(host_cap_masked), "container cap %q is not a subset of host cap %q", ctr_cap, host_cap)
+	Expect(hostCap_n).To(BeNumerically(">", 0), "host cap %q should be nonzero", hostCap)
+	Expect(hostCap_n).To(BeNumerically(">=", ctrCap_n), "host cap %q should never be less than container cap %q", hostCap, ctrCap)
+	hostCap_masked := hostCap_n & (1<<len(capability.List()) - 1)
+	Expect(ctrCap_n).To(Equal(hostCap_masked), "container cap %q is not a subset of host cap %q", ctrCap, hostCap)
 }
 
 var _ = Describe("Podman privileged container tests", func() {
@@ -68,38 +68,38 @@ var _ = Describe("Podman privileged container tests", func() {
 	})
 
 	It("podman privileged CapEff", func() {
-		host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
-		Expect(host_cap.ExitCode()).To(Equal(0))
+		hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
+		Expect(hostCap.ExitCode()).To(Equal(0))
 
 		session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 
-		containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString())
+		containerCapMatchesHost(session.OutputToString(), hostCap.OutputToString())
 	})
 
 	It("podman cap-add CapEff", func() {
 		// Get caps of current process
-		host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
-		Expect(host_cap.ExitCode()).To(Equal(0))
+		hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
+		Expect(hostCap.ExitCode()).To(Equal(0))
 
 		session := podmanTest.Podman([]string{"run", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 
-		containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString())
+		containerCapMatchesHost(session.OutputToString(), hostCap.OutputToString())
 	})
 
 	It("podman cap-add CapEff with --user", func() {
 		// Get caps of current process
-		host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
-		Expect(host_cap.ExitCode()).To(Equal(0))
+		hostCap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"})
+		Expect(hostCap.ExitCode()).To(Equal(0))
 
 		session := podmanTest.Podman([]string{"run", "--user=bin", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 
-		containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString())
+		containerCapMatchesHost(session.OutputToString(), hostCap.OutputToString())
 	})
 
 	It("podman cap-drop CapEff", func() {
@@ -110,6 +110,15 @@ var _ = Describe("Podman privileged container tests", func() {
 		Expect("0000000000000000").To(Equal(capEff[1]))
 	})
 
+	It("podman privileged should disable seccomp by default", func() {
+		hostSeccomp := SystemExec("grep", []string{"-Ei", "^Seccomp:\\s+0$", "/proc/self/status"})
+		Expect(hostSeccomp.ExitCode()).To(Equal(0))
+
+		session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "grep", "-Ei", "^Seccomp:\\s+0$", "/proc/self/status"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
 	It("podman non-privileged should have very few devices", func() {
 		session := podmanTest.Podman([]string{"run", "-t", "busybox", "ls", "-l", "/dev"})
 		session.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 4888a676b..92d7d222e 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -1415,4 +1415,12 @@ WORKDIR /madethis`
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.ErrorToString()).To(ContainSubstring("Trying to pull"))
 	})
+
+	It("podman run container with hostname and hostname environment variable", func() {
+		hostnameEnv := "test123"
+		session := podmanTest.Podman([]string{"run", "--hostname", "testctr", "--env", fmt.Sprintf("HOSTNAME=%s", hostnameEnv), ALPINE, "printenv", "HOSTNAME"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring(hostnameEnv))
+	})
 })
diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go
index 48294943b..49ab3b8ed 100644
--- a/test/e2e/systemd_test.go
+++ b/test/e2e/systemd_test.go
@@ -13,10 +13,10 @@ import (
 
 var _ = Describe("Podman systemd", func() {
 	var (
-		tempdir           string
-		err               error
-		podmanTest        *PodmanTestIntegration
-		systemd_unit_file string
+		tempdir         string
+		err             error
+		podmanTest      *PodmanTestIntegration
+		systemdUnitFile string
 	)
 
 	BeforeEach(func() {
@@ -27,7 +27,7 @@ var _ = Describe("Podman systemd", func() {
 		podmanTest = PodmanTestCreate(tempdir)
 		podmanTest.Setup()
 		podmanTest.SeedImages()
-		systemd_unit_file = `[Unit]
+		systemdUnitFile = `[Unit]
 Description=redis container
 [Service]
 Restart=always
@@ -50,7 +50,7 @@ WantedBy=multi-user.target
 		SkipIfRootless("rootless can not write to /etc")
 		SkipIfContainerized("test does not have systemd as pid 1")
 
-		sys_file := ioutil.WriteFile("/etc/systemd/system/redis.service", []byte(systemd_unit_file), 0644)
+		sys_file := ioutil.WriteFile("/etc/systemd/system/redis.service", []byte(systemdUnitFile), 0644)
 		Expect(sys_file).To(BeNil())
 		defer func() {
 			stop := SystemExec("bash", []string{"-c", "systemctl stop redis"})
@@ -131,6 +131,21 @@ WantedBy=multi-user.target
 		Expect(conData[0].Config.SystemdMode).To(BeTrue())
 	})
 
+	It("podman create container with --uidmap and conmon PidFile accessible", func() {
+		ctrName := "testCtrUidMap"
+		run := podmanTest.Podman([]string{"run", "-d", "--uidmap=0:1:1000", "--name", ctrName, ALPINE, "top"})
+		run.WaitWithDefaultTimeout()
+		Expect(run.ExitCode()).To(Equal(0))
+
+		session := podmanTest.Podman([]string{"inspect", "--format", "{{.ConmonPidFile}}", ctrName})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		pidFile := strings.TrimSuffix(session.OutputToString(), "\n")
+		_, err := ioutil.ReadFile(pidFile)
+		Expect(err).To(BeNil())
+	})
+
 	It("podman create container with systemd=always triggers systemd mode", func() {
 		ctrName := "testCtr"
 		run := podmanTest.Podman([]string{"create", "--name", ctrName, "--systemd", "always", ALPINE})