System tests: add test tags

BATS 1.8.0 introduces tags: metadata that can be applied to
a single test or one entire file, then used for filtering
in a test run.

Issue #19299 introduces the possibility of using OpenQA
for podman reverse dependency testing: continuous CI on
all packages that can affect podman, so we don't go two
months with no bodhi builds then get caught by surprise
when systemd or kernel or crun change in ways that break us.

This PR introduces one bats tag, "openqa". The intention
is for OpenQA tests to install the podman-tests package
and run:

    bats --filter-tags openqa /usr/share/podman/test/system

Goal is to keep the test list short and sweet: we do not
need to test command-line option parsing. We *DO* need to
test interactions with systemd, kernel, nethack, and other
critical components.

Signed-off-by: Ed Santiago <santiago@redhat.com>

hack/bats

@@ -83,6 +83,7 @@ for i;do
         --rootless) TEST_ROOT= ;;
         --remote)   REMOTE=remote ;;
         --ts|-T)    bats_opts+=("-T") ;;
+        --tag=*)    bats_filter=("--filter-tags" "$value") ;;
         */*.bats)   TESTS=$i ;;
         *)
             if [[ $i =~ : ]]; then

test/system/075-exec.bats

@@ -5,6 +5,7 @@
 
 load helpers
 
+# bats test_tags=openqa
 @test "podman exec - basic test" {
     rand_filename=$(random_string 20)
     rand_content=$(random_string 50)
@@ -43,6 +44,7 @@ load helpers
     run_podman rm $cid
 }
 
+# bats test_tags=openqa
 @test "podman exec - leak check" {
     skip_if_remote "test is meaningless over remote"
 

test/system/080-pause.bats

@@ -5,6 +5,7 @@
 
 load helpers
 
+# bats test_tags=openqa
 @test "podman pause/unpause" {
     if is_rootless && ! is_cgroupsv2; then
         skip "'podman pause' (rootless) only works with cgroups v2"
@@ -58,6 +59,7 @@ load helpers
     run_podman 125 unpause $cname
 }
 
+# bats test_tags=openqa
 @test "podman unpause --all" {
     if is_rootless && ! is_cgroupsv2; then
         skip "'podman pause' (rootless) only works with cgroups v2"

test/system/090-events.bats

@@ -5,6 +5,7 @@
 
 load helpers
 
+# bats test_tags=openqa
 @test "events with a filter by label" {
     cname=test-$(random_string 30 | tr A-Z a-z)
     labelname=$(random_string 10)
@@ -141,6 +142,7 @@ function _events_disjunctive_filters() {
     _events_disjunctive_filters ""
 }
 
+# bats test_tags=openqa
 @test "events with events_logfile_path in containers.conf" {
     skip_if_remote "remote does not support --events-backend"
     events_file=$PODMAN_TMPDIR/events.log
@@ -162,6 +164,7 @@ function _populate_events_file() {
     done
 }
 
+# bats test_tags=openqa
 @test "events log-file rotation" {
     skip_if_remote "setting CONTAINERS_CONF_OVERRIDE logger options does not affect remote client"
 

test/system/130-kill.bats

@@ -5,6 +5,7 @@
 
 load helpers
 
+# bats test_tags=openqa
 @test "podman kill - test signal handling in containers" {
 
     # Prepare for 'logs -f'

test/system/170-run-userns.bats

@@ -3,6 +3,8 @@
 #
 # Tests for podman build
 #
+# bats file_tags=openqa
+#
 
 load helpers
 

test/system/190-run-ipcns.bats

@@ -3,6 +3,8 @@
 #
 # Tests for podman build
 #
+# bats file_tags=openqa
+#
 
 load helpers
 

test/system/195-run-namesapces.bats → test/system/195-run-namespaces.bats

@@ -5,6 +5,7 @@
 
 load helpers
 
+# bats test_tags=openqa
 @test "podman test all namespaces" {
     # format is nsname | option name
     tests="

test/system/260-sdnotify.bats

@@ -103,6 +103,7 @@ function _assert_mainpid_is_conmon() {
     _stop_socat
 }
 
+# bats test_tags=openqa
 @test "sdnotify : conmon" {
     export NOTIFY_SOCKET=$PODMAN_TMPDIR/conmon.sock
     _start_socat
@@ -141,6 +142,7 @@ READY=1" "sdnotify sent MAINPID and READY"
 
 # These tests can fail in dev. environment because of SELinux.
 # quick fix: chcon -t container_runtime_exec_t ./bin/podman
+# bats test_tags=openqa
 @test "sdnotify : container" {
     _prefetch $SYSTEMD_IMAGE
 
@@ -393,6 +395,7 @@ spec:
 " > $fname
 }
 
+# bats test_tags=openqa
 @test "podman kube play - exit-code propagation" {
     fname=$PODMAN_TMPDIR/$(random_string).yaml
 

test/system/410-selinux.bats

@@ -34,26 +34,32 @@ function check_label() {
 }
 
 
+# bats test_tags=openqa
 @test "podman selinux: confined container" {
     check_label "" "container_t"
 }
 
+# bats test_tags=openqa
 @test "podman selinux: container with label=disable" {
     check_label "--security-opt label=disable" "spc_t"
 }
 
+# bats test_tags=openqa
 @test "podman selinux: privileged container" {
     check_label "--privileged --userns=host" "spc_t"
 }
 
+# bats test_tags=openqa
 @test "podman selinux: init container" {
     check_label "--systemd=always" "container_init_t"
 }
 
+# bats test_tags=openqa
 @test "podman selinux: init container with --security-opt type" {
     check_label "--systemd=always --security-opt=label=type:spc_t" "spc_t"
 }
 
+# bats test_tags=openqa
 @test "podman selinux: init container with --security-opt level&type" {
     check_label "--systemd=always --security-opt=label=level:s0:c1,c2 --security-opt=label=type:spc_t" "spc_t" "s0:c1,c2"
 }
@@ -62,6 +68,7 @@ function check_label() {
     check_label "--systemd=always --security-opt=label=level:s0:c1,c2" "container_init_t"  "s0:c1,c2"
 }
 
+# bats test_tags=openqa
 @test "podman selinux: pid=host" {
     # FIXME this test fails when run rootless with runc:
     #   Error: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: readonly path /proc/asound: operation not permitted: OCI permission denied
@@ -153,6 +160,7 @@ function check_label() {
 }
 
 # pr #7902 - containers in pods should all run under same context
+# bats test_tags=openqa
 @test "podman selinux: containers in pods share full context" {
     skip_if_no_selinux
 
@@ -226,6 +234,7 @@ function check_label() {
     is "$output" "Error.*: $expect" "podman emits useful diagnostic on failure"
 }
 
+# bats test_tags=openqa
 @test "podman selinux: check relabel" {
     skip_if_no_selinux