From cfbbc38a5b17ed57bd378b755068a24acbcb33a6 Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Wed, 30 Jun 2021 11:12:48 -0400
Subject: [PATCH 1/3] Workaround host availability of /dev/kvm

This test has been failing for a long time but nobody noticed because CI
doesn't have the device node (nested-VM support was disabled).  After
having enabled nested VM support, tests fail due to some unknown
special-handling of this device.

Fix both problems by removing the `skip()` and switching to a more generic
device which is only present when `--privileged` is used.

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 test/e2e/run_device_test.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go
index 40de1d50d4..e65655e849 100644
--- a/test/e2e/run_device_test.go
+++ b/test/e2e/run_device_test.go
@@ -89,10 +89,7 @@ var _ = Describe("Podman run device", func() {
 	})
 
 	It("podman run device host device with --privileged", func() {
-		if _, err := os.Stat("/dev/kvm"); err != nil {
-			Skip("/dev/kvm not available")
-		}
-		session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "/dev/kvm"})
+		session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "/dev/kmsg"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 	})

From d0e3b3c3a9a9c89cab120a72e55dd22262c1d004 Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Mon, 9 Aug 2021 10:40:58 -0400
Subject: [PATCH 2/3] Enhance priv. dev. check

Update test to confirm the negative-case, proving the `--privileged`
"option is required" for this character device to be present in a
container (including rootless).

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 test/e2e/run_device_test.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go
index e65655e849..064c65ce58 100644
--- a/test/e2e/run_device_test.go
+++ b/test/e2e/run_device_test.go
@@ -89,9 +89,13 @@ var _ = Describe("Podman run device", func() {
 	})
 
 	It("podman run device host device with --privileged", func() {
-		session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "/dev/kmsg"})
+		session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "test", "-c", "/dev/kmsg"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		// verify --privileged is required
+		session2 := podmanTest.Podman([]string{"run", ALPINE, "test", "-c", "/dev/kmsg"})
+		session2.WaitWithDefaultTimeout()
+		Expect(session2).Should((Exit(1)))
 	})
 
 	It("podman run CDI device test", func() {

From 73a755eecbca34fb9ae21550153beb0d5830e1c8 Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Tue, 10 Aug 2021 12:47:35 -0400
Subject: [PATCH 3/3] Fix device tests using ls test files

The `ls` command is not intended for this purpose and may behave in
unexpected ways, leading to false positive or negative results.  Update
the tests to use the purpose built `test` command instead.

Also added several *TODO* comments for possible future testing
enhancements.

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 test/e2e/run_device_test.go | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go
index 064c65ce58..08905aed26 100644
--- a/test/e2e/run_device_test.go
+++ b/test/e2e/run_device_test.go
@@ -41,36 +41,35 @@ var _ = Describe("Podman run device", func() {
 	})
 
 	It("podman run device test", func() {
-		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"})
+		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "test", "-c", "/dev/kmsg"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal("/dev/kmsg"))
 	})
 
 	It("podman run device rename test", func() {
-		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+		// TODO: Confirm absence of /dev/kmsg in container
+		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "test", "-c", "/dev/kmsg1"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
 	})
 
 	It("podman run device permission test", func() {
-		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"})
+		// TODO: Confirm write-permission failure
+		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "test", "-r", "/dev/kmsg"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal("/dev/kmsg"))
 	})
 
 	It("podman run device rename and permission test", func() {
-		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+		// TODO: Confirm write-permission failure
+		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "test", "-r", "/dev/kmsg1"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
 	})
 	It("podman run device rename and bad permission test", func() {
-		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "true"})
 		session.WaitWithDefaultTimeout()
-		Expect(session).To(ExitWithError())
+		Expect(session).Should(Exit(125))
 	})
 
 	It("podman run device host device and container device parameter are directories", func() {
@@ -110,14 +109,13 @@ var _ = Describe("Podman run device", func() {
 		err = cmd.Run()
 		Expect(err).To(BeNil())
 
-		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "myKmsg", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+		session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "myKmsg", ALPINE, "test", "-c", "/dev/kmsg1"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
 	})
 
 	It("podman run --gpus noop", func() {
-		session := podmanTest.Podman([]string{"run", "--gpus", "all", ALPINE, "ls", "/"})
+		session := podmanTest.Podman([]string{"run", "--gpus", "all", ALPINE, "true"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 	})