From eb2496a77efc1d47a93a1b24548e3761ffe99770 Mon Sep 17 00:00:00 2001
From: Ed Santiago <santiago@redhat.com>
Date: Mon, 15 Aug 2022 09:38:57 -0600
Subject: [PATCH] Skip / update some tests under runc

Two fixes done in #14972 (the "oops test under runc again" PR
which was not backported into 4.2):

 - "survive service stop" - skip. Test is only applicable
   under crun.
 - "volume exec/noexec" - update the expected error message

One hail-mary fix for a test failure seen in RHEL87 gating:

 - "nonexistent labels" - slight tweak to expected error message

None of these fixes will actually be tested in CI, because v4.2
does not run any runc tests. We'll have to wait and see what
happens on the next RHEL build.

Signed-off-by: Ed Santiago <santiago@redhat.com>
---
 test/system/160-volumes.bats        | 8 ++++----
 test/system/251-system-service.bats | 4 ++++
 test/system/410-selinux.bats        | 2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats
index dfc1a84137..6829c6a78f 100644
--- a/test/system/160-volumes.bats
+++ b/test/system/160-volumes.bats
@@ -149,16 +149,16 @@ EOF
 
     # By default, volumes are mounted exec, but we have manually added the
     # noexec option. This should fail.
-    # ARGH. Unfortunately, runc (used for cgroups v1) produces a different error
+    # ARGH. Unfortunately, runc (used for cgroups v1) has different exit status
     local expect_rc=126
-    local expect_msg='.* OCI permission denied.*'
     if [[ $(podman_runtime) = "runc" ]]; then
         expect_rc=1
-        expect_msg='.* exec user process caused.*permission denied'
     fi
 
     run_podman ${expect_rc} run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript
-    is "$output" "$expect_msg" "run on volume, noexec"
+    # crun and runc emit different messages, and even runc is inconsistent
+    # with itself (output changed some time in 2022?). Deal with all.
+    assert "$output" =~ 'exec.* permission denied' "run on volume, noexec"
 
     # With the default, it should pass
     run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript
diff --git a/test/system/251-system-service.bats b/test/system/251-system-service.bats
index edee4a28c4..197d1cb18e 100644
--- a/test/system/251-system-service.bats
+++ b/test/system/251-system-service.bats
@@ -17,6 +17,10 @@ function teardown() {
 
 @test "podman-system-service containers survive service stop" {
     skip_if_remote "podman system service unavailable over remote"
+    local runtime=$(podman_runtime)
+    if [[ "$runtime" != "crun" ]]; then
+        skip "survival code only implemented in crun; you're using $runtime"
+    fi
 
     port=$(random_free_port)
     URL=tcp://127.0.0.1:$port
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index d437465a4f..52c428884d 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -209,7 +209,7 @@ function check_label() {
 	# https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e
 	#   from failed to set /proc/self/attr/keycreate on procfs
 	#   to   write /proc/self/attr/keycreate: invalid argument
-	runc) expect="OCI runtime error: .*: \(failed to set|write\) /proc/self/attr/keycreate" ;;
+	runc) expect="OCI runtime error: .*: \(failed to set\|write\) /proc/self/attr/keycreate.*" ;;
 	*)    skip "Unknown runtime '$runtime'";;
     esac