Merge pull request #27827 from lsm5/podman6-no-cni

Podman6: Remove CNI
2026-02-05 15:45:08 +01:00 · 2026-01-28 10:20:56 -06:00
parent 963d025612 721e889476
commit b60d234da4
34 changed files with 88 additions and 322 deletions
--- a/test/README.md
+++ b/test/README.md
@@ -86,7 +86,6 @@ The following environment variables are supported by the test setup:
 - `QUADLET_BINARY`: path to the quadlet binary, defaults to `bin/quadlet` in the repository root.
 - `CONMON_BINARY`: path to th conmon binary, defaults to `/usr/libexec/podman/conmon`.
 - `OCI_RUNTIME`: which oci runtime to use, defaults to `crun`.
- - `NETWORK_BACKEND`: the network backend, either `netavark` (default) or `cni`.
 - `PODMAN_DB`: the database backend `sqlite` (default) or `boltdb`.
 - `PODMAN_TEST_IMAGE_CACHE_DIR`: path were the container images should be cached, defaults to `/tmp`.

--- a/test/apiv2/python/rest_api/test_v2_0_0_network.py
+++ b/test/apiv2/python/rest_api/test_v2_0_0_network.py
@@ -22,21 +22,6 @@ class NetworkTestCase(APITestCase):
                "Cmd": ["top"],
                "Image": "alpine:latest",
                "NetworkDisabled": False,
-                # FIXME adding these 2 lines cause: (This is sampled from docker-py)
-                #   "network already exists","message":"container
-                #  01306e499df5441560d70071a54342611e422a94de20865add50a9565fd79fb9 is already connected to CNI
-                #  network \"TestDefaultNetwork\": network already exists"
-                # "HostConfig": {"NetworkMode": "TestDefaultNetwork"},
-                # "NetworkingConfig": {"EndpointsConfig": {"TestDefaultNetwork": None}},
-                # FIXME These two lines cause:
-                # CNI network \"TestNetwork\" not found","message":"error configuring network namespace for container
-                # 369ddfa7d3211ebf1fbd5ddbff91bd33fa948858cea2985c133d6b6507546dff: CNI network \"TestNetwork\" not
-                # found"
-                # "HostConfig": {"NetworkMode": "TestNetwork"},
-                # "NetworkingConfig": {"EndpointsConfig": {"TestNetwork": None}},
-                # FIXME no networking defined cause: (note this error is from the container inspect below)
-                # "internal libpod error","message":"network inspection mismatch: asked to join 2 CNI network(s) [
-                # TestDefaultNetwork podman], but have information on 1 network(s): internal libpod error"
            },
        )
        self.assertEqual(create.status_code, 201, create.text)
--- a/test/e2e/checkpoint_test.go
+++ b/test/e2e/checkpoint_test.go
@@ -341,7 +341,6 @@ var _ = Describe("Podman checkpoint", func() {
 			Fail("Container failed to get ready")
 		}

-		// clunky format needed because CNI uses dashes in net names
 		IP := podmanTest.Podman([]string{"inspect", cid, fmt.Sprintf("--format={{(index .NetworkSettings.Networks \"%s\").IPAddress}}", netname)})
 		IP.WaitWithDefaultTimeout()
 		Expect(IP).Should(ExitCleanly())
@@ -491,7 +490,6 @@ var _ = Describe("Podman checkpoint", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(ExitCleanly())

-		// clunky format needed because CNI uses dashes in net names
 		IPBefore := podmanTest.Podman([]string{"inspect", "test_name", fmt.Sprintf("--format={{(index .NetworkSettings.Networks \"%s\").IPAddress}}", netname)})
 		IPBefore.WaitWithDefaultTimeout()
 		Expect(IPBefore).Should(ExitCleanly())
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -331,20 +331,11 @@ func PodmanTestCreateUtil(tempDir string, target PodmanTestCreateUtilTarget) *Po

 	dbBackend := "sqlite"

-	networkBackend := Netavark
 	networkConfigDir := "/etc/containers/networks"
 	if isRootless() {
 		networkConfigDir = filepath.Join(root, "etc", "networks")
 	}

-	if strings.ToLower(os.Getenv("NETWORK_BACKEND")) == "cni" {
-		networkBackend = CNI
-		networkConfigDir = "/etc/cni/net.d"
-		if isRootless() {
-			networkConfigDir = filepath.Join(os.Getenv("HOME"), ".config/cni/net.d")
-		}
-	}
-
 	if err := os.MkdirAll(root, 0o755); err != nil {
 		panic(err)
 	}
@@ -378,7 +369,6 @@ func PodmanTestCreateUtil(tempDir string, target PodmanTestCreateUtilTarget) *Po
 			RemoteTest:         target != PodmanTestCreateUtilTargetLocal,
 			ImageCacheFS:       storageFs,
 			ImageCacheDir:      ImageCacheDir,
-			NetworkBackend:     networkBackend,
 			DatabaseBackend:    dbBackend,
 		},
 		ConmonBinary:        conmonBinary,
@@ -753,10 +743,9 @@ func GetPortLock(port string) *lockfile.LockFile {
 // Used by tests which want to use "--ip SOMETHING-SAFE". Picking at random
 // just doesn't work: we get occasional collisions. Our current approach
 // allocates a /24 subnet for each ginkgo process, starting at .128.x, see
-// BeforeEach() above. Unfortunately, CNI remembers each address assigned
-// and assigns <previous+1> by default -- so other parallel jobs may
-// get IPs in our block. The +10 leaves a gap for that. (Netavark works
-// differently, allocating sequentially from .0.0, hence our .128.x).
+// BeforeEach() above. Netavark allocates sequentially from .0.0, hence
+// our .128.x starting point leaves room for parallel test execution.
+// The +10 leaves a gap for other parallel jobs that may get IPs in our block.
 // This heuristic will fail if run in parallel on >127 processors or if
 // one test calls us more than 25 times or if some other test runs more
 // than ten networked containers at the same time as any test that
@@ -1220,18 +1209,6 @@ func SkipIfNotActive(unit string, reason string) {
 	Skip(fmt.Sprintf("[systemd]: unit %s is not active (%v): %s", unit, err, reason))
 }

-func SkipIfCNI(p *PodmanTestIntegration) {
-	if p.NetworkBackend == CNI {
-		Skip("this test is not compatible with the CNI network backend")
-	}
-}
-
-func SkipIfNetavark(p *PodmanTestIntegration) {
-	if p.NetworkBackend == Netavark {
-		Skip("This test is not compatible with the netavark network backend")
-	}
-}
-
 // PodmanAsUser is the exec call to podman on the filesystem with the specified uid/gid and environment
 func (p *PodmanTestIntegration) PodmanAsUser(args []string, uid, gid uint32, cwd string, env []string) *PodmanSessionIntegration {
 	podmanSession := p.PodmanExecBaseWithOptions(args, PodmanExecOptions{
@@ -1347,8 +1324,8 @@ func (p *PodmanTestIntegration) makeOptions(args []string, options PodmanExecOpt
 		eventsType = "none"
 	}

-	podmanOptions := strings.Split(fmt.Sprintf("%s--root %s --runroot %s --runtime %s --conmon %s --network-config-dir %s --network-backend %s --cgroup-manager %s --tmpdir %s --events-backend %s",
-		debug, p.Root, p.RunRoot, p.OCIRuntime, p.ConmonBinary, p.NetworkConfigDir, p.NetworkBackend.ToString(), p.CgroupManager, p.TmpDir, eventsType), " ")
+	podmanOptions := strings.Split(fmt.Sprintf("%s--root %s --runroot %s --runtime %s --conmon %s --network-config-dir %s --cgroup-manager %s --tmpdir %s --events-backend %s",
+		debug, p.Root, p.RunRoot, p.OCIRuntime, p.ConmonBinary, p.NetworkConfigDir, p.CgroupManager, p.TmpDir, eventsType), " ")

 	podmanOptions = append(podmanOptions, strings.Split(p.StorageOptions, " ")...)
 	if !options.NoCache {
@@ -1381,45 +1358,13 @@ func removeConf(confPath string) {
 	}
 }

-// generateNetworkConfig generates a CNI or Netavark config with a random name
+// generateNetworkConfig generates a Netavark config with a random name
 // it returns the network name and the filepath
 func generateNetworkConfig(p *PodmanTestIntegration) (string, string) {
-	var (
-		path string
-		conf string
-	)
 	// generate a random name to prevent conflicts with other tests
 	name := "net" + stringid.GenerateRandomID()
-	if p.NetworkBackend != Netavark {
-		path = filepath.Join(p.NetworkConfigDir, fmt.Sprintf("%s.conflist", name))
-		conf = fmt.Sprintf(`{
-		"cniVersion": "0.3.0",
-		"name": "%s",
-		"plugins": [
-		  {
-			"type": "bridge",
-			"bridge": "cni1",
-			"isGateway": true,
-			"ipMasq": true,
-			"ipam": {
-				"type": "host-local",
-				"subnet": "10.99.0.0/16",
-				"routes": [
-					{ "dst": "0.0.0.0/0" }
-				]
-			}
-		  },
-		  {
-			"type": "portmap",
-			"capabilities": {
-			  "portMappings": true
-			}
-		  }
-		]
-	}`, name)
-	} else {
-		path = filepath.Join(p.NetworkConfigDir, fmt.Sprintf("%s.json", name))
-		conf = fmt.Sprintf(`
+	path := filepath.Join(p.NetworkConfigDir, fmt.Sprintf("%s.json", name))
+	conf := fmt.Sprintf(`
 {
     "name": "%s",
     "id": "e1ef2749024b88f5663ca693a9118e036d6bfc48bcfe460faf45e9614a513e5c",
@@ -1440,7 +1385,6 @@ func generateNetworkConfig(p *PodmanTestIntegration) (string, string) {
     }
 }
 `, name)
-	}
 	writeConf([]byte(conf), path)
 	return name, path
 }
--- a/test/e2e/inspect_test.go
+++ b/test/e2e/inspect_test.go
@@ -445,7 +445,7 @@ var _ = Describe("Podman inspect", func() {
 	})

 	It("Verify container inspect has default network", func() {
-		SkipIfRootless("Requires root CNI networking")
+		SkipIfRootless("Requires root networking")
 		ctrName := "testctr"
 		session := podmanTest.Podman([]string{"run", "-d", "--name", ctrName, ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
@@ -457,7 +457,7 @@ var _ = Describe("Podman inspect", func() {
 	})

 	It("Verify stopped container still has default network in inspect", func() {
-		SkipIfRootless("Requires root CNI networking")
+		SkipIfRootless("Requires root networking")
 		ctrName := "testctr"
 		session := podmanTest.Podman([]string{"create", "--name", ctrName, ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
--- a/test/e2e/libpod_suite_remote_test.go
+++ b/test/e2e/libpod_suite_remote_test.go
@@ -122,8 +122,8 @@ func (p *PodmanTestIntegration) StopRemoteService() {
 // getRemoteOptions assembles all the podman main options
 func getRemoteOptions(p *PodmanTestIntegration, args []string) []string {
 	networkDir := p.NetworkConfigDir
-	podmanOptions := strings.Split(fmt.Sprintf("--root %s --runroot %s --runtime %s --conmon %s --network-config-dir %s --network-backend %s --cgroup-manager %s --tmpdir %s --events-backend %s",
-		p.Root, p.RunRoot, p.OCIRuntime, p.ConmonBinary, networkDir, p.NetworkBackend.ToString(), p.CgroupManager, p.TmpDir, "file"), " ")
+	podmanOptions := strings.Split(fmt.Sprintf("--root %s --runroot %s --runtime %s --conmon %s --network-config-dir %s --cgroup-manager %s --tmpdir %s --events-backend %s",
+		p.Root, p.RunRoot, p.OCIRuntime, p.ConmonBinary, networkDir, p.CgroupManager, p.TmpDir, "file"), " ")

 	podmanOptions = append(podmanOptions, strings.Split(p.StorageOptions, " ")...)
 	podmanOptions = append(podmanOptions, args...)
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@@ -11,7 +11,6 @@ import (
 	. "github.com/containers/podman/v6/test/utils"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	. "github.com/onsi/gomega/gexec"
 	"go.podman.io/common/libnetwork/types"
 	"go.podman.io/storage/pkg/stringid"
 )
@@ -66,7 +65,6 @@ var _ = Describe("Podman network create", func() {
 	})

 	It("podman network create with name and subnet and static route", func() {
-		SkipIfCNI(podmanTest)
 		netName := "subnet-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{
 			"network",
@@ -106,7 +104,6 @@ var _ = Describe("Podman network create", func() {
 	})

 	It("podman network create with name and subnet and static route and metric", func() {
-		SkipIfCNI(podmanTest)
 		netName := "subnet-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{
 			"network",
@@ -146,7 +143,6 @@ var _ = Describe("Podman network create", func() {
 	})

 	It("podman network create with name and subnet and two static routes", func() {
-		SkipIfCNI(podmanTest)
 		netName := "subnet-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{
 			"network",
@@ -192,7 +188,6 @@ var _ = Describe("Podman network create", func() {
 	})

 	It("podman network create with name and subnet and static route (ipv6)", func() {
-		SkipIfCNI(podmanTest)
 		netName := "subnet-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{
 			"network",
@@ -232,7 +227,6 @@ var _ = Describe("Podman network create", func() {
 	})

 	It("podman network create with name and subnet with --opt no_default_route=1", func() {
-		SkipIfCNI(podmanTest)
 		netName := "subnet-" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{
 			"network",
@@ -523,27 +517,7 @@ var _ = Describe("Podman network create", func() {
 		Expect(nc).To(ExitWithError(125, "unsupported bridge network option foo"))
 	})

-	It("podman CNI network create with internal should not have dnsname", func() {
-		SkipIfNetavark(podmanTest)
-		net := "internal-test" + stringid.GenerateRandomID()
-		nc := podmanTest.Podman([]string{"network", "create", "--internal", net})
-		nc.WaitWithDefaultTimeout()
-		defer podmanTest.removeNetwork(net)
-		// Cannot ExitCleanly(): "dnsname and internal networks are incompatible"
-		Expect(nc).Should(Exit(0))
-		// Not performing this check on remote tests because it is a logrus error which does
-		// not come back via stderr on the remote client.
-		if !IsRemote() {
-			Expect(nc.ErrorToString()).To(ContainSubstring("dnsname and internal networks are incompatible"))
-		}
-		nc = podmanTest.Podman([]string{"network", "inspect", net})
-		nc.WaitWithDefaultTimeout()
-		Expect(nc).Should(ExitCleanly())
-		Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname"))
-	})
-
 	It("podman Netavark network create with internal should have dnsname", func() {
-		SkipIfCNI(podmanTest)
 		net := "internal-test" + stringid.GenerateRandomID()
 		nc := podmanTest.Podman([]string{"network", "create", "--internal", net})
 		nc.WaitWithDefaultTimeout()
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"net"
-	"path/filepath"
 	"time"

 	"github.com/containers/podman/v6/pkg/domain/entities"
@@ -18,16 +17,6 @@ import (
 )

 var _ = Describe("Podman network", func() {
-	It("podman --cni-config-dir backwards compat", func() {
-		SkipIfRemote("--cni-config-dir only works locally")
-		netDir := filepath.Join(podmanTest.TempDir, "networks123")
-		session := podmanTest.Podman([]string{"--cni-config-dir", netDir, "network", "ls", "--noheading"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(ExitCleanly())
-		// default network always exists
-		Expect(session.OutputToStringArray()).To(HaveLen(1))
-	})
-
 	It("podman network list", func() {
 		name, path := generateNetworkConfig(podmanTest)
 		defer removeConf(path)
@@ -154,20 +143,17 @@ var _ = Describe("Podman network", func() {

 	It("podman network ID test", func() {
 		net := "networkIDTest"
-		// the network id should be the sha256 hash of the network name
-		netID := "6073aefe03cdf8f29be5b23ea9795c431868a3a22066a6290b187691614fee84"
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()
 		defer podmanTest.removeNetwork(net)
 		Expect(session).Should(ExitCleanly())

-		if podmanTest.NetworkBackend == Netavark {
-			// netavark uses a different algo for determining the id and it is not repeatable
-			getid := podmanTest.Podman([]string{"network", "inspect", net, "--format", "{{.ID}}"})
-			getid.WaitWithDefaultTimeout()
-			Expect(getid).Should(ExitCleanly())
-			netID = getid.OutputToString()
-		}
+		// Get the network ID
+		getid := podmanTest.Podman([]string{"network", "inspect", net, "--format", "{{.ID}}"})
+		getid.WaitWithDefaultTimeout()
+		Expect(getid).Should(ExitCleanly())
+		netID := getid.OutputToString()
+
 		// Tests Default Table Output
 		session = podmanTest.Podman([]string{"network", "ls", "--filter", "id=" + netID})
 		session.WaitWithDefaultTimeout()
@@ -247,7 +233,6 @@ var _ = Describe("Podman network", func() {

 		expectedNetworks := []string{name}
 		if !isRootless() {
-			// rootful image contains "podman/cni/87-podman-bridge.conflist" for "podman" network
 			expectedNetworks = append(expectedNetworks, "podman")
 		}
 		session := podmanTest.Podman(append([]string{"network", "inspect"}, expectedNetworks...))
@@ -266,7 +251,7 @@ var _ = Describe("Podman network", func() {
 		Expect(session.OutputToString()).To(ContainSubstring("bridge"))
 	})

-	It("podman inspect container single CNI network", func() {
+	It("podman inspect container single network", func() {
 		netName := "net-" + stringid.GenerateRandomID()
 		network := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.50.0/24", netName})
 		network.WaitWithDefaultTimeout()
@@ -294,7 +279,7 @@ var _ = Describe("Podman network", func() {
 		Expect(net).To(HaveField("IPPrefixLen", 24))
 		Expect(net.IPAddress).To(HavePrefix("10.50.50."))

-		// Necessary to ensure the CNI network is removed cleanly
+		// Necessary to ensure the network is removed cleanly
 		rmAll := podmanTest.Podman([]string{"rm", "-t", "0", "-f", ctrName})
 		rmAll.WaitWithDefaultTimeout()
 		Expect(rmAll).Should(ExitCleanly())
@@ -321,7 +306,7 @@ var _ = Describe("Podman network", func() {
 		}
 	})

-	It("podman inspect container two CNI networks (container not running)", func() {
+	It("podman inspect container two networks (container not running)", func() {
 		netName1 := "net1-" + stringid.GenerateRandomID()
 		network1 := podmanTest.Podman([]string{"network", "create", netName1})
 		network1.WaitWithDefaultTimeout()
@@ -360,13 +345,13 @@ var _ = Describe("Podman network", func() {
 		net2 := conData[0].NetworkSettings.Networks[netName2]
 		Expect(net2).To(HaveField("NetworkID", netID2))

-		// Necessary to ensure the CNI network is removed cleanly
+		// Necessary to ensure the network is removed cleanly
 		rmAll := podmanTest.Podman([]string{"rm", "-t", "0", "-f", ctrName})
 		rmAll.WaitWithDefaultTimeout()
 		Expect(rmAll).Should(ExitCleanly())
 	})

-	It("podman inspect container two CNI networks", func() {
+	It("podman inspect container two networks", func() {
 		netName1 := "net1-" + stringid.GenerateRandomID()
 		network1 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.0/25", netName1})
 		network1.WaitWithDefaultTimeout()
@@ -409,7 +394,7 @@ var _ = Describe("Podman network", func() {
 		Expect(net2).To(HaveField("IPPrefixLen", 26))
 		Expect(net2.IPAddress).To(HavePrefix("10.50.51."))

-		// Necessary to ensure the CNI network is removed cleanly
+		// Necessary to ensure the network is removed cleanly
 		rmAll := podmanTest.Podman([]string{"rm", "-t", "0", "-f", ctrName})
 		rmAll.WaitWithDefaultTimeout()
 		Expect(rmAll).Should(ExitCleanly())
--- a/test/e2e/run_aardvark_test.go
+++ b/test/e2e/run_aardvark_test.go
@@ -12,10 +12,6 @@ import (
 )

 var _ = Describe("Podman run networking", func() {
-	BeforeEach(func() {
-		SkipIfCNI(podmanTest)
-	})
-
 	It("Aardvark Test 1: One container", func() {
 		netName := createNetworkName("Test")
 		session := podmanTest.Podman([]string{"network", "create", netName})
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -28,7 +28,6 @@ var _ = Describe("Podman run networking", func() {

 	It("podman verify network scoped DNS server and also verify updating network dns server", func() {
 		// Following test is only functional with netavark and aardvark
-		SkipIfCNI(podmanTest)
 		net := createNetworkName("IntTest")
 		session := podmanTest.Podman([]string{"network", "create", net, "--dns", "1.1.1.1"})
 		session.WaitWithDefaultTimeout()
@@ -75,7 +74,6 @@ var _ = Describe("Podman run networking", func() {

 	It("podman network dns multiple servers", func() {
 		// Following test is only functional with netavark and aardvark
-		SkipIfCNI(podmanTest)
 		net := createNetworkName("IntTest")
 		session := podmanTest.Podman([]string{"network", "create", net, "--dns", "1.1.1.1,8.8.8.8", "--dns", "8.4.4.8"})
 		session.WaitWithDefaultTimeout()
@@ -164,7 +162,6 @@ var _ = Describe("Podman run networking", func() {
 	It("podman verify resolv.conf with --dns + --network", func() {
 		// Following test is only functional with netavark and aardvark
 		// since new behaviour depends upon output from of statusBlock
-		SkipIfCNI(podmanTest)
 		net := createNetworkName("IntTest")
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()
@@ -1020,7 +1017,7 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 		Expect(session).To(ExitWithError(125, "faccessat /run/netns/xxy: no such file or directory"))
 	})

-	It("podman run in custom CNI network with --static-ip", func() {
+	It("podman run in custom network with --static-ip", func() {
 		netName := stringid.GenerateRandomID()
 		ipAddr := "10.25.30.128"
 		create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName})
@@ -1134,7 +1131,6 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 	})

 	It("podman run check dns", func() {
-		SkipIfCNI(podmanTest)
 		pod := "testpod"
 		session := podmanTest.Podman([]string{"pod", "create", "--name", pod})
 		session.WaitWithDefaultTimeout()
--- a/test/system/005-info.bats
+++ b/test/system/005-info.bats
@@ -85,8 +85,7 @@ host.slirp4netns.executable | $expr_path
@test "podman info - confirm desired network backend" {
    if [[ -z "$CI_DESIRED_NETWORK" ]]; then
        # When running on RHEL, CI_DESIRED_NETWORK *must* be defined
-        # in gating.yaml because some versions of RHEL use CNI, some
-        # use netavark.
+        # in gating.yaml for RHEL testing.
        local osrelease=/etc/os-release
        if [[ -e $osrelease ]]; then
            local osname=$(source $osrelease; echo $NAME)
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -286,7 +286,7 @@ load helpers.network
    # FIXME: debugging for #11871
    run_podman exec $cid cat /etc/resolv.conf
    if is_rootless && ! is_remote; then
-        run_podman unshare --rootless-cni cat /etc/resolv.conf
+        run_podman unshare --rootless-netns cat /etc/resolv.conf
    fi
    ps uxww

@@ -430,15 +430,15 @@ load helpers.network
 }

 # bats test_tags=ci:parallel
-@test "podman rootless cni adds /usr/sbin to PATH" {
+@test "podman rootless adds /usr/sbin to PATH" {
    is_rootless || skip "only meaningful for rootless"

    local mynetname=testnet-$(safename)
    run_podman --noout network create $mynetname
    is "$output" "" "output should be empty"

-    # Test that rootless cni adds /usr/sbin to $PATH
-    # iptables is located under /usr/sbin and is needed for the CNI plugins.
+    # Test that rootless podman adds /usr/sbin to $PATH
+    # nftables is located under /usr/sbin and is needed for netavark.
    # Debian doesn't add /usr/sbin to $PATH for rootless users so we have to add it.
    PATH=/usr/local/bin:/usr/bin run_podman run --rm --network $mynetname $IMAGE ip addr
    is "$output" ".*eth0.*" "Interface eth0 not found in ip addr output"
@@ -473,7 +473,7 @@ load helpers.network
        assert "$output" =~ "$ipv6_regex" "resolv.conf should contain ipv6 nameserver"
    fi

-    # ipv4 cni
+    # ipv4 network
    local mysubnet=$(random_rfc1918_subnet)
    local netname=testnet1-$(safename)

@@ -485,7 +485,7 @@ load helpers.network

    run_podman network rm -t 0 -f $netname

-    # ipv6 cni
+    # ipv6 network
    mysubnet=fd00:4:4:4:4::/64
    netname=testnet2-$(safename)

--- a/test/upgrade/README.md
+++ b/test/upgrade/README.md
@@ -67,13 +67,6 @@ I realize that it's kind of stupid not to test 1.6, since that's
 precisely the test that would've caught #8613 early, but I just
 don't think it's worth the hassle of setting up cgroupsv1 VMs.

-For posterity, in an earlier incantation of this script I tried
-booting f32 into cgroupsv1 and ran into the following warnings
-when running new-podman on old-containers:
-```
-ERRO[0000] error joining network namespace for container 322b66d94640e31b2e6921565445cf0dade4ec13cabc16ee5f29292bdc038341: error retrieving network namespace at /var/run/netns/cni-577e2289-2c05-2e28-3c3d-002a5596e7da: failed to Statfs "/var/run/netns/cni-577e2289
-```
-
 Where To Go From Here
 =====================

--- a/test/upgrade/test-upgrade.bats
+++ b/test/upgrade/test-upgrade.bats
@@ -197,7 +197,7 @@ EOF

@test "info - network" {
    run_podman info --format '{{.Host.NetworkBackend}}'
-    assert "$output" = "netavark" "As of Feb 2024, CNI will never be default"
+    assert "$output" = "netavark" "Netavark is the only supported network backend"
 }

 # Whichever DB was picked by old_podman, make sure we honor it
--- a/test/utils/utils.go
+++ b/test/utils/utils.go
@@ -19,35 +19,16 @@ import (

 	crypto_rand "crypto/rand"

-	"github.com/sirupsen/logrus"
-
 	. "github.com/onsi/ginkgo/v2"    //nolint:staticcheck // ST1001: should not use dot imports
 	. "github.com/onsi/gomega"       //nolint:staticcheck // ST1001: should not use dot imports
 	. "github.com/onsi/gomega/gexec" //nolint:staticcheck // ST1001: should not use dot imports
 )

-type NetworkBackend int
-
 const (
-	// Container Networking backend
-	CNI NetworkBackend = iota
-	// Netavark network backend
-	Netavark NetworkBackend = iota
 	// Env variable for creating time files.
 	EnvTimeDir = "_PODMAN_TIME_DIR"
 )

-func (n NetworkBackend) ToString() string {
-	switch n {
-	case CNI:
-		return "cni"
-	case Netavark:
-		return "netavark"
-	}
-	logrus.Errorf("unknown network backend: %q", n)
-	return ""
-}
-
 var (
 	DefaultWaitTimeout   = 90
 	OSReleasePath        = "/etc/os-release"
@@ -66,7 +47,6 @@ type PodmanTestCommon interface {
 type PodmanTest struct {
 	ImageCacheDir           string
 	ImageCacheFS            string
-	NetworkBackend          NetworkBackend
 	DatabaseBackend         string
 	PodmanBinary            string
 	PodmanMakeOptions       func(args []string, options PodmanExecOptions) []string