From: Reinhard Tartler <siretart@tauware.de>
Date: Wed, 10 Jul 2024 20:21:38 -0400
Subject: Skip tests that require root

===================================================================
---
 buildah_test.go                  |  3 +++
 cmd/buildah/common_test.go       |  2 +-
 convertcw_test.go                |  3 +++
 copier/copier_test.go            | 11 ++++++++++-
 internal/open/open_linux_test.go |  4 ++++
 internal/open/open_test.go       |  4 ++++
 6 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/buildah_test.go b/buildah_test.go
index 3ccac64..d79af99 100644
--- a/buildah_test.go
+++ b/buildah_test.go
@@ -52,6 +52,9 @@ func TestOpenBuilderCommonBuildOpts(t *testing.T) {
 		GraphRoot:       t.TempDir(),
 		GraphDriverName: "vfs",
 	})
+	if err != nil {
+		t.Skipf("Not enough permissions to execute test: %s", err)
+	}
 	require.NoError(t, err)
 	t.Cleanup(func() { _, err := store.Shutdown(true); assert.NoError(t, err) })
 	b, err := NewBuilder(ctx, store, BuilderOptions{})
diff --git a/cmd/buildah/common_test.go b/cmd/buildah/common_test.go
index 0645ade..06a8509 100644
--- a/cmd/buildah/common_test.go
+++ b/cmd/buildah/common_test.go
@@ -80,6 +80,6 @@ func failTestIfNotRoot(t *testing.T) {
 	if err != nil {
 		t.Log("Could not determine user.  Running without root may cause tests to fail")
 	} else if u.Uid != "0" {
-		t.Fatal("tests will fail unless run as root")
+		t.Skip("Skip tests that will fail unless run as root")
 	}
 }
diff --git a/convertcw_test.go b/convertcw_test.go
index 1db30ef..6deb347 100644
--- a/convertcw_test.go
+++ b/convertcw_test.go
@@ -84,6 +84,9 @@ func TestCWConvertImage(t *testing.T) {
 						GraphDriverName: "vfs",
 					}
 					store, err := storage.GetStore(storeOptions)
+					if err != nil {
+						t.Skipf("Not enough permissions to run test: %s")
+					}
 					require.NoError(t, err)
 					t.Cleanup(func() {
 						if _, err := store.Shutdown(true); err != nil {
diff --git a/copier/copier_test.go b/copier/copier_test.go
index abc2ead..bf3a76c 100644
--- a/copier/copier_test.go
+++ b/copier/copier_test.go
@@ -204,7 +204,7 @@ var (
 	}{
 		{
 			name:     "regular",
-			rootOnly: false,
+			rootOnly: true,  // some of these tests seem to require real root
 			headers: []tar.Header{
 				{Name: "file-0", Typeflag: tar.TypeReg, Size: 123456789, Mode: 0o600, ModTime: testDate},
 				{Name: "file-a", Typeflag: tar.TypeReg, Size: 23, Mode: 0o600, ModTime: testDate},
@@ -2182,9 +2182,15 @@ func testEnsure(t *testing.T) {
 					ChmodNew:   &ugReadable,
 					ChownNew:   &idtools.IDPair{UID: 1, GID: 1},
 				})
+				if strings.Contains(err.Error(), "operation not permitted") {
+					t.Skipf("Skipping test: %v", err)
+				}
 				require.NoError(t, err, "unexpected error ensuring")
 			}
 			created, noted, err := Ensure(tmpdir, testCases[i].subdir, testCases[i].options)
+			if strings.Contains(err.Error(), "operation not permitted") {
+				t.Skipf("Skipping test: %v", err)
+			}
 			require.NoError(t, err, "unexpected error ensuring")
 			require.EqualValues(t, testCases[i].expectCreated, created, "did not expect to create these")
 			require.Equal(t, len(testCases[i].expectNoted), len(noted), "noticed the wrong number of things")
@@ -2381,6 +2387,9 @@ func testConditionalRemove(t *testing.T) {
 				})
 			}
 			created, _, err := Ensure(tmpdir, testCases[i].subdir, create)
+			if strings.Contains(err.Error(), "operation not permitted") {
+				t.Skipf("Skipping test: %v", err)
+			}
 			require.NoErrorf(t, err, "unexpected error creating %#v", create)
 			remove := testCases[i].remove
 			for _, what := range created {
diff --git a/internal/open/open_linux_test.go b/internal/open/open_linux_test.go
index e64ec6f..4d29c96 100644
--- a/internal/open/open_linux_test.go
+++ b/internal/open/open_linux_test.go
@@ -4,6 +4,7 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
+	"strings"
 
 	"github.com/stretchr/testify/require"
 	"golang.org/x/sys/unix"
@@ -19,6 +20,9 @@ func TestBindFdToPath(t *testing.T) {
 	require.NoError(t, err, "opening descriptor for first directory")
 	second := t.TempDir()
 	err = BindFdToPath(uintptr(fd), second)
+	if strings.Contains(err.Error(), "operation not permitted") {
+		t.Skipf("Skipping test: %v", err)
+	}
 	require.NoError(t, err)
 	t.Cleanup(func() {
 		err := unix.Unmount(second, unix.MNT_DETACH)
diff --git a/internal/open/open_test.go b/internal/open/open_test.go
index 0a24647..222f372 100644
--- a/internal/open/open_test.go
+++ b/internal/open/open_test.go
@@ -4,6 +4,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	"github.com/containers/storage/pkg/reexec"
@@ -53,6 +54,9 @@ func TestOpenInChroot(t *testing.T) {
 			},
 		},
 	})
+	if strings.Contains(result.Err, "operation not permitted") {
+		t.Skipf("Skipping test: %v", result.Err)
+	}
 	require.Empty(t, result.Err, "result from second client")
 	require.Equal(t, 1, len(result.Open), "results from second client")
 	require.Empty(t, result.Open[0].Err, "first (only) result from second client")