From 099876137099eea14174a1eed13a7a6b669023b8 Mon Sep 17 00:00:00 2001
From: Ed Santiago <santiago@redhat.com>
Date: Mon, 15 Nov 2021 07:01:22 -0700
Subject: [PATCH 1/3] Network test: fix podman-remote-rootless corner case

Followup to #12229, in which I added a podman unshare for
flake debugging. Turns out that doesn't work in podman-remote.
It was not caught because CI doesn't run podman-remote rootless.

Signed-off-by: Ed Santiago <santiago@redhat.com>
---
 test/system/500-networking.bats | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 3263f3c820f..bffd21b1925 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -169,7 +169,7 @@ load helpers
 
     # FIXME: debugging for #11871
     run_podman exec $cid cat /etc/resolv.conf
-    if is_rootless; then
+    if is_rootless && ! is_remote; then
         run_podman unshare --rootless-cni cat /etc/resolv.conf
     fi
     ps uxww

From dcc66d59ff536f3def5f6585974ca75bd4ec4f0b Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Wed, 17 Nov 2021 10:06:26 +0100
Subject: [PATCH 2/3] utils: use podman-pause-$RANDOM.scope name

we try hard to re-use the existing podman-pause.scope name when it
already exists, causing any sort of race errors when the already
existing scope is terminating.

There is no such a requirement though, so just try with a random
name.

Closes: https://github.com/containers/podman/issues/12065

[NO NEW TESTS NEEDED] it fixes a race in the CI

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 utils/utils.go           | 12 +++++++++++-
 utils/utils_supported.go |  9 ---------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/utils/utils.go b/utils/utils.go
index 109ae088b95..f2e7beef904 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"math/rand"
 	"os"
 	"os/exec"
 	"strconv"
@@ -203,7 +204,16 @@ func moveProcessToScope(pidPath, slice, scope string) error {
 // MovePauseProcessToScope moves the pause process used for rootless mode to keep the namespaces alive to
 // a separate scope.
 func MovePauseProcessToScope(pausePidPath string) {
-	err := moveProcessToScope(pausePidPath, "user.slice", "podman-pause.scope")
+	var err error
+
+	for i := 0; i < 3; i++ {
+		r := rand.Int()
+		err = moveProcessToScope(pausePidPath, "user.slice", fmt.Sprintf("podman-pause-%d.scope", r))
+		if err == nil {
+			return
+		}
+	}
+
 	if err != nil {
 		unified, err2 := cgroups.IsCgroup2UnifiedMode()
 		if err2 != nil {
diff --git a/utils/utils_supported.go b/utils/utils_supported.go
index 1404e319416..0f0c9a9ba00 100644
--- a/utils/utils_supported.go
+++ b/utils/utils_supported.go
@@ -44,15 +44,6 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error {
 	ch := make(chan string)
 	_, err = conn.StartTransientUnit(unitName, "replace", properties, ch)
 	if err != nil {
-		// On errors check if the cgroup already exists, if it does move the process there
-		if props, err := conn.GetUnitTypeProperties(unitName, "Scope"); err == nil {
-			if cgroup, ok := props["ControlGroup"].(string); ok && cgroup != "" {
-				if err := moveUnderCgroup(cgroup, "", []uint32{uint32(pid)}); err == nil {
-					return nil
-				}
-				// On errors return the original error message we got from StartTransientUnit.
-			}
-		}
 		return err
 	}
 

From 3922e61b323717fee65dd087092553858e4179bf Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <rothberg@redhat.com>
Date: Thu, 18 Nov 2021 14:12:10 +0100
Subject: [PATCH 3/3] fix CI

Our fedora-minimal image on Quay bases on fedora-minimal:latest which
starting with F35 removed a number of binaries that our CI depends on.
Fix that by pulling `fedora-minimal:34` from the Fedora registry
directly.

Once the build bot on Quay has been disabled, we move the image over
there to make sure that it will not change over time.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
---
 contrib/fedora-minimal/Dockerfile | 1 -
 contrib/fedora-minimal/README.md  | 4 ----
 test/e2e/config.go                | 2 +-
 test/e2e/images_test.go           | 2 +-
 test/e2e/run_test.go              | 2 +-
 5 files changed, 3 insertions(+), 8 deletions(-)
 delete mode 100644 contrib/fedora-minimal/Dockerfile
 delete mode 100644 contrib/fedora-minimal/README.md

diff --git a/contrib/fedora-minimal/Dockerfile b/contrib/fedora-minimal/Dockerfile
deleted file mode 100644
index a051b320419..00000000000
--- a/contrib/fedora-minimal/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-FROM registry.fedoraproject.org/fedora-minimal:latest
diff --git a/contrib/fedora-minimal/README.md b/contrib/fedora-minimal/README.md
deleted file mode 100644
index 52bf94b539c..00000000000
--- a/contrib/fedora-minimal/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-This dockerfile exists so that the container image can be "mirrored"
-onto quay.io automatically, so automated testing can be more resilient.
-
-https://quay.io/repository/libpod/fedora-minimal?tab=builds
diff --git a/test/e2e/config.go b/test/e2e/config.go
index 2552595ad99..9c810575b66 100644
--- a/test/e2e/config.go
+++ b/test/e2e/config.go
@@ -2,7 +2,7 @@ package integration
 
 var (
 	redis             = "quay.io/libpod/redis:alpine"
-	fedoraMinimal     = "quay.io/libpod/fedora-minimal:latest"
+	fedoraMinimal     = "registry.fedoraproject.org/fedora-minimal:34"
 	ALPINE            = "quay.io/libpod/alpine:latest"
 	ALPINELISTTAG     = "quay.io/libpod/alpine:3.10.2"
 	ALPINELISTDIGEST  = "quay.io/libpod/alpine@sha256:fa93b01658e3a5a1686dc3ae55f170d8de487006fb53a28efcd12ab0710a2e5f"
diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go
index b4ec7447e04..3a9f3f513a9 100644
--- a/test/e2e/images_test.go
+++ b/test/e2e/images_test.go
@@ -144,7 +144,7 @@ var _ = Describe("Podman images", func() {
 		result := podmanTest.Podman([]string{"images", "-q", "-f", "reference=quay.io*"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).Should(Exit(0))
-		Expect(len(result.OutputToStringArray())).To(Equal(8))
+		Expect(len(result.OutputToStringArray())).To(Equal(7))
 
 		retalpine := podmanTest.Podman([]string{"images", "-f", "reference=a*pine"})
 		retalpine.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index ca39989cdac..8f640eacfa3 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -1457,7 +1457,7 @@ USER mail`, BB)
 	})
 
 	It("podman run --privileged and --group-add", func() {
-		groupName := "kvm"
+		groupName := "mail"
 		session := podmanTest.Podman([]string{"run", "-t", "-i", "--group-add", groupName, "--privileged", fedoraMinimal, "groups"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))