8 files changed, 213 insertions, 22 deletions
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index 9a1db5154..4bb00398e 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -51,17 +51,19 @@ cid=$(jq -r '.[0].Id' <<<"$output")
 
 t DELETE libpod/containers/$cid 204
 
-# Ensure that API does not occur: Create Container creates an invalid and the container fails to start
-# https://github.com/containers/libpod/issues/6799
-CNAME=testArgs
-t POST libpod/containers/create?name=${CNAME} Image=${IMAGE} 201 \
+# Issue #6799: it should be possible to start a container, even w/o args.
+t POST libpod/containers/create?name=test_noargs Image=${IMAGE} 201 \
   .Id~[0-9a-f]\\{64\\}
-t GET libpod/containers/json?limit=1 200 \
-  length=1 \
-  .[0].Id~[0-9a-f]\\{64\\}
-cid=$(jq -r '.[0].Id' <<<"$output")
-# This step should start the container properly
-t POST libpod/containers/${cid}/start '' 204
+cid=$(jq -r '.Id' <<<"$output")
+# Prior to the fix in #6835, this would fail 500 "args must not be empty"
+t POST   libpod/containers/${cid}/start '' 204
+# Container should exit almost immediately. Wait for it, confirm successful run
+t POST   libpod/containers/${cid}/wait  '' 200 '0'
+t GET    libpod/containers/${cid}/json 200 \
+  .Id=$cid \
+  .State.Status~\\\(exited\\\|stopped\\\) \
+  .State.Running=false \
+  .State.ExitCode=0
 t DELETE libpod/containers/$cid 204
 
 CNAME=myfoo
@@ -75,7 +77,8 @@ t POST "libpod/commit?container=nonesuch" '' 404
 
 # Comment can only be used with docker format, not OCI
 cparam="repo=newrepo&comment=foo&author=bob"
-t POST "libpod/commit?container=$CNAME&$cparam"  '' 500
+t POST "libpod/commit?container=$CNAME&$cparam"  '' 500 \
+  .cause="messages are only compatible with the docker image format (-f docker)"
 
 # Commit a new image from the container
 t POST "libpod/commit?container=$CNAME" '' 200 \
diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go
index 5e3634435..16bf1c4c9 100644
--- a/test/e2e/pod_inspect_test.go
+++ b/test/e2e/pod_inspect_test.go
@@ -1,8 +1,11 @@
 package integration
 
 import (
+	"encoding/json"
 	"os"
 
+	"github.com/containers/libpod/v2/libpod/define"
+
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -79,4 +82,22 @@ var _ = Describe("Podman pod inspect", func() {
 		index := len(inspectCreateCommand) - len(createCommand)
 		Expect(inspectCreateCommand[index:]).To(Equal(createCommand))
 	})
+
+	It("podman pod inspect outputs port bindings", func() {
+		podName := "testPod"
+		create := podmanTest.Podman([]string{"pod", "create", "--name", podName, "-p", "8080:80"})
+		create.WaitWithDefaultTimeout()
+		Expect(create.ExitCode()).To(Equal(0))
+
+		inspectOut := podmanTest.Podman([]string{"pod", "inspect", podName})
+		inspectOut.WaitWithDefaultTimeout()
+		Expect(inspectOut.ExitCode()).To(Equal(0))
+
+		inspectJSON := new(define.InspectPodData)
+		err := json.Unmarshal(inspectOut.Out.Contents(), inspectJSON)
+		Expect(err).To(BeNil())
+		Expect(inspectJSON.InfraConfig).To(Not(BeNil()))
+		Expect(len(inspectJSON.InfraConfig.PortBindings["80/tcp"])).To(Equal(1))
+		Expect(inspectJSON.InfraConfig.PortBindings["80/tcp"][0].HostPort).To(Equal("8080"))
+	})
 })
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 5a463d46f..467d0c5ef 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -88,6 +88,20 @@ var _ = Describe("Podman run networking", func() {
 		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
 	})
 
+	It("podman run -p 8080:80/TCP", func() {
+		name := "testctr"
+		// "TCP" in upper characters
+		session := podmanTest.Podman([]string{"create", "-t", "-p", "8080:80/TCP", "--name", name, ALPINE, "/bin/sh"})
+		session.WaitWithDefaultTimeout()
+		inspectOut := podmanTest.InspectContainer(name)
+		Expect(len(inspectOut)).To(Equal(1))
+		Expect(len(inspectOut[0].NetworkSettings.Ports)).To(Equal(1))
+		// "tcp" in lower characters
+		Expect(len(inspectOut[0].NetworkSettings.Ports["80/tcp"])).To(Equal(1))
+		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Equal("8080"))
+		Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
+	})
+
 	It("podman run -p 80/udp", func() {
 		name := "testctr"
 		session := podmanTest.Podman([]string{"create", "-t", "-p", "80/udp", "--name", name, ALPINE, "/bin/sh"})
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index bc6347012..13fec20ad 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -242,4 +242,46 @@ echo $rand        |   0 | $rand
     run_podman rmi myi
 }
 
+# #6735 : complex interactions with multiple user namespaces
+# The initial report has to do with bind mounts, but that particular
+# symptom only manifests on a fedora container image -- we have no
+# reproducer on alpine. Checking directory ownership is good enough.
+@test "podman run : user namespace preserved root ownership" {
+    for priv in "" "--privileged"; do
+        for user in "--user=0" "--user=100"; do
+            for keepid in "" "--userns=keep-id"; do
+                opts="$priv $user $keepid"
+
+                for dir in /etc /usr;do
+                    run_podman run --rm $opts $IMAGE stat -c '%u:%g:%n' $dir
+                    remove_same_dev_warning      # grumble
+                    is "$output" "0:0:$dir" "run $opts ($dir)"
+                done
+            done
+        done
+    done
+}
+
+# #6829 : add username to /etc/passwd inside container if --userns=keep-id
+@test "podman run : add username to /etc/passwd if --userns=keep-id" {
+    # Default: always run as root
+    run_podman run --rm $IMAGE id -un
+    is "$output" "root" "id -un on regular container"
+
+    # This would always work on root, but is new behavior on rootless: #6829
+    # adds a user entry to /etc/passwd
+    run_podman run --rm --userns=keep-id $IMAGE id -un
+    is "$output" "$(id -un)" "username on container with keep-id"
+
+    # --privileged should make no difference
+    run_podman run --rm --privileged --userns=keep-id $IMAGE id -un
+    remove_same_dev_warning      # grumble
+    is "$output" "$(id -un)" "username on container with keep-id"
+
+    # ...but explicitly setting --user should override keep-id
+    run_podman run --rm --privileged --userns=keep-id --user=0 $IMAGE id -un
+    remove_same_dev_warning      # grumble
+    is "$output" "root" "--user=0 overrides keep-id"
+}
+
 # vim: filetype=sh
diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats
index f8c7f2766..945bcfa2d 100644
--- a/test/system/075-exec.bats
+++ b/test/system/075-exec.bats
@@ -6,8 +6,6 @@
 load helpers
 
 @test "podman exec - basic test" {
-    skip_if_remote
-
     rand_filename=$(random_string 20)
     rand_content=$(random_string 50)
 
@@ -80,4 +78,24 @@ load helpers
     run_podman rm $cid
 }
 
+# #6829 : add username to /etc/passwd inside container if --userns=keep-id
+# #6593 : doesn't actually work with podman exec
+@test "podman exec - with keep-id" {
+    skip "Please enable once #6593 is fixed"
+
+    run_podman run -d --userns=keep-id $IMAGE sh -c \
+               "echo READY;while [ ! -f /stop ]; do sleep 1; done"
+    cid="$output"
+    wait_for_ready $cid
+
+    run_podman exec $cid id -un
+    is "$output" "$(id -un)" "container is running as current user"
+
+    # Until #6593 gets fixed, this just hangs. The server process barfs with:
+    #   unable to find user <username>: no matching entries in passwd file
+    run_podman exec --user=$(id -un) $cid touch /stop
+    run_podman wait $cid
+    run_podman rm $cid
+}
+
 # vim: filetype=sh
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index 1769730f0..497e29b3e 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -19,15 +19,8 @@ function check_label() {
 
     # FIXME: on some CI systems, 'run --privileged' emits a spurious
     # warning line about dup devices. Ignore it.
+    remove_same_dev_warning
     local context="$output"
-    if [ ${#lines[@]} -gt 1 ]; then
-        if expr "${lines[0]}" : "WARNING: .* type, major" >/dev/null; then
-            echo "# ${lines[0]} [ignored]" >&3
-            context="${lines[1]}"
-        else
-            die "FAILED: too much output, expected one single line"
-        fi
-    fi
 
     is "$context" ".*_u:system_r:.*" "SELinux role should always be system_r"
 
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 5301644d6..4239ef876 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -392,5 +392,37 @@ function find_exec_pid_files() {
         find $storage_path -type f -iname 'exec_pid_*'
     fi
 }
+
+
+#############################
+#  remove_same_dev_warning  #  Filter out useless warning from output
+#############################
+#
+# On some CI systems, 'podman run --privileged' emits a useless warning:
+#
+#    WARNING: The same type, major and minor should not be used for multiple devices.
+#
+# This obviously screws us up when we look at output results.
+#
+# This function removes the warning from $output and $lines
+#
+function remove_same_dev_warning() {
+    # No input arguments. We operate in-place on $output and $lines
+
+    local i=0
+    local -a new_lines=()
+    while [[ $i -lt ${#lines[@]} ]]; do
+        if expr "${lines[$i]}" : 'WARNING: .* same type, major.* multiple' >/dev/null; then
+            :
+        else
+            new_lines+=("${lines[$i]}")
+        fi
+        i=$(( i + 1 ))
+    done
+
+    lines=("${new_lines[@]}")
+    output=$(printf '%s\n' "${lines[@]}")
+}
+
 # END   miscellaneous tools
 ###############################################################################
diff --git a/test/system/helpers.t b/test/system/helpers.t
index 7b4e48a84..a022f11c4 100755
--- a/test/system/helpers.t
+++ b/test/system/helpers.t
@@ -23,7 +23,8 @@ rc=0
 function check_result {
     testnum=$(expr $testnum + 1)
     if [ "$1" = "$2" ]; then
-        echo "ok $testnum $3 = $1"
+        # Multi-level echo flattens newlines, makes success messages readable
+        echo $(echo "ok $testnum $3 = $1")
     else
         echo "not ok $testnum $3"
         echo "#  expected: $2"
@@ -141,5 +142,72 @@ done < <(parse_table "$table")
 
 # END   dprint
 ###############################################################################
+# BEGIN remove_same_dev_warning
+
+# Test-helper function: runs remove_same_dev_warning, compares resulting
+# value of $lines and $output to expected values given on command line
+function check_same_dev() {
+    local testname="$1"; shift
+    local -a expect_lines=("$@")
+    local nl="
+"
+
+    remove_same_dev_warning
+
+    # After processing, check the expected number of lines
+    check_result "${#lines[@]}" "${#@}" "$testname: expected # of lines"
+
+    # ...and each expected line
+    local expect_output=""
+    local i=0
+    while [ $i -lt ${#expect_lines[@]} ]; do
+        check_result "${lines[$i]}" "${expect_lines[$i]}" "$testname: line $i"
+        expect_output+="${expect_lines[$i]}$nl"
+        i=$(( i + 1 ))
+    done
+
+    # ...and the possibly-multi-line $output
+    check_result "$output" "${expect_output%%$nl}"  "$testname: output"
+}
+
+# Simplest case: nothing removed.
+declare -a lines=("a b c" "d" "e f")
+check_same_dev "abc" "a b c" "d" "e f"
+
+# Confirm that the warning message is removed from the beginning
+declare -a lines=(
+    "WARNING: The same type, major and minor should not be used for multiple devices."
+    "a"
+    "b"
+    "c"
+)
+check_same_dev "warning is removed" a b c
+
+# ...and from the middle (we do not expect to see this)
+declare -a lines=(
+    "WARNING: The same type, major and minor should not be used for multiple devices."
+    "a"
+    "b"
+    "WARNING: The same type, major and minor should not be used for multiple devices."
+    "c"
+)
+check_same_dev "multiple warnings removed" a b c
+
+# Corner case: two lines of output, only one of which we care about
+declare -a lines=(
+    "WARNING: The same type, major and minor should not be used for multiple devices."
+    "this is the only line we care about"
+)
+check_same_dev "one-line output" "this is the only line we care about"
+
+# Corner case: one line of output, but we expect zero.
+declare -a lines=(
+    "WARNING: The same type, major and minor should not be used for multiple devices."
+)
+check_same_dev "zero-line output"
+
+
+# END   remove_same_dev_warning
+###############################################################################
 
 exit $rc