From 36b6bf119ed6c2a88bd40fb92fdbd7a30e7a0daa Mon Sep 17 00:00:00 2001
From: Ed Santiago <santiago@redhat.com>
Date: Mon, 15 Nov 2021 07:01:22 -0700
Subject: [PATCH 1/3] Network test: fix podman-remote-rootless corner case

[Backport of #12297 into v3.4, to fix gating-test failures]

Followup to #12229, in which I added a podman unshare for
flake debugging. Turns out that doesn't work in podman-remote.
It was not caught because CI doesn't run podman-remote rootless.

Signed-off-by: Ed Santiago <santiago@redhat.com>
---
 test/system/500-networking.bats | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 3263f3c820..bffd21b192 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -169,7 +169,7 @@ load helpers
 
     # FIXME: debugging for #11871
     run_podman exec $cid cat /etc/resolv.conf
-    if is_rootless; then
+    if is_rootless && ! is_remote; then
         run_podman unshare --rootless-cni cat /etc/resolv.conf
     fi
     ps uxww

From 2d265da0ec6d88c0644d96c8077fe15b3ac64ea0 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 17 Nov 2021 10:06:26 +0100
Subject: [PATCH 2/3] utils: use podman-pause-$RANDOM.scope name

[Backport of #12323 into v3.4, to fix gating-test flakes]

we try hard to re-use the existing podman-pause.scope name when it
already exists, causing any sort of race errors when the already
existing scope is terminating.

There is no such a requirement though, so just try with a random
name.

Closes: https://github.com/containers/podman/issues/12065

[NO NEW TESTS NEEDED] it fixes a race in the CI

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 utils/utils.go           | 12 +++++++++++-
 utils/utils_supported.go |  9 ---------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/utils/utils.go b/utils/utils.go
index 109ae088b9..f2e7beef90 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"math/rand"
 	"os"
 	"os/exec"
 	"strconv"
@@ -203,7 +204,16 @@ func moveProcessToScope(pidPath, slice, scope string) error {
 // MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to
 // a separate scope.
 func MovePauseProcessToScope(pausePidPath string) {
-	err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope")
+	var err error
+
+	for i := 0; i < 3; i++ {
+		r := rand.Int()
+		err = moveProcessToScope(pausePidPath, "user.slice", fmt.Sprintf("podman-pause-%d.scope", r))
+		if err == nil {
+			return
+		}
+	}
+
 	if err != nil {
 		unified, err2 := cgroups.IsCgroup2UnifiedMode()
 		if err2 != nil {
diff --git a/utils/utils_supported.go b/utils/utils_supported.go
index 1404e31941..0f0c9a9ba0 100644
--- a/utils/utils_supported.go
+++ b/utils/utils_supported.go
@@ -44,15 +44,6 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error {
 	ch := make(chan string)
 	_, err = conn.StartTransientUnit(unitName, "replace", properties, ch)
 	if err != nil {
-		// On errors check if the cgroup already exists, if it does move the process there
-		if props, err := conn.GetUnitTypeProperties(unitName, "Scope"); err == nil {
-			if cgroup, ok := props["ControlGroup"].(string); ok && cgroup != "" {
-				if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err == nil {
-					return nil
-				}
-				// On errors return the original error message we got from StartTransientUnit.
-			}
-		}
 		return err
 	}
 

From fe30b30458098c2d4f97e3cf5513870a6bac8e06 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <rothberg@redhat.com>
Date: Thu, 18 Nov 2021 14:12:10 +0100
Subject: [PATCH 3/3] fix CI

[Backport #12343, which fixes the change in fedora-minimal image]

Our fedora-minimal image on Quay bases on fedora-minimal:latest which
starting with F35 removed a number of binaries that our CI depends on.
Fix that by pulling `fedora-minimal:34` from the Fedora registry
directly.

Once the build bot on Quay has been disabled, we move the image over
there to make sure that it will not change over time.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
---
 contrib/fedora-minimal/Dockerfile | 1 -
 contrib/fedora-minimal/README.md  | 4 ----
 test/e2e/config.go                | 2 +-
 test/e2e/images_test.go           | 2 +-
 test/e2e/run_test.go              | 2 +-
 5 files changed, 3 insertions(+), 8 deletions(-)
 delete mode 100644 contrib/fedora-minimal/Dockerfile
 delete mode 100644 contrib/fedora-minimal/README.md

diff --git a/contrib/fedora-minimal/Dockerfile b/contrib/fedora-minimal/Dockerfile
deleted file mode 100644
index a051b32041..0000000000
--- a/contrib/fedora-minimal/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-FROM registry.fedoraproject.org/fedora-minimal:latest
diff --git a/contrib/fedora-minimal/README.md b/contrib/fedora-minimal/README.md
deleted file mode 100644
index 52bf94b539..0000000000
--- a/contrib/fedora-minimal/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-This dockerfile exists so that the container image can be "mirrored"
-onto quay.io automatically, so automated testing can be more resilient.
-
-https://quay.io/repository/libpod/fedora-minimal?tab=builds
diff --git a/test/e2e/config.go b/test/e2e/config.go
index 2552595ad9..9c810575b6 100644
--- a/test/e2e/config.go
+++ b/test/e2e/config.go
@@ -2,7 +2,7 @@ package integration
 
 var (
 	redis             = "quay.io/libpod/redis:alpine"
-	fedoraMinimal     = "quay.io/libpod/fedora-minimal:latest"
+	fedoraMinimal     = "registry.fedoraproject.org/fedora-minimal:34"
 	ALPINE            = "quay.io/libpod/alpine:latest"
 	ALPINELISTTAG     = "quay.io/libpod/alpine:3.10.2"
 	ALPINELISTDIGEST  = "quay.io/libpod/alpine@sha256:fa93b01658e3a5a1686dc3ae55f170d8de487006fb53a28efcd12ab0710a2e5f"
diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go
index b4ec7447e0..3a9f3f513a 100644
--- a/test/e2e/images_test.go
+++ b/test/e2e/images_test.go
@@ -144,7 +144,7 @@ var _ = Describe("Podman images", func() {
 		result := podmanTest.Podman([]string{"images", "-q", "-f", "reference=quay.io*"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
-		Expect(len(result.OutputToStringArray())).To(Equal(8))
+		Expect(len(result.OutputToStringArray())).To(Equal(7))
 
 		retalpine := podmanTest.Podman([]string{"images", "-f", "reference=a*pine"})
 		retalpine.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index ca39989cda..8f640eacfa 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -1457,7 +1457,7 @@ USER mail`, BB)
 	})
 
 	It("podman run --privileged and --group-add", func() {
-		groupName := "kvm"
+		groupName := "mail"
 		session := podmanTest.Podman([]string{"run", "-t", "-i", "--group-add", groupName, "--privileged", fedoraMinimal, "groups"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))