diff --git a/test/system/150-login.bats b/test/system/150-login.bats
index e682ef5b7f..b05d4e7cdb 100644
--- a/test/system/150-login.bats
+++ b/test/system/150-login.bats
@@ -252,11 +252,6 @@ function _test_skopeo_credential_sharing() {
 }
 
 @test "podman login - shares credentials with skopeo - default auth file" {
-    if is_rootless; then
-        if [ -z "${XDG_RUNTIME_DIR}" ]; then
-            skip "skopeo does not match podman when XDG_RUNTIME_DIR unset; #823"
-        fi
-    fi
     _test_skopeo_credential_sharing
 }
 
diff --git a/test/system/550-pause-process.bats b/test/system/550-pause-process.bats
index 69da5a1d8b..7bd75a38a6 100644
--- a/test/system/550-pause-process.bats
+++ b/test/system/550-pause-process.bats
@@ -16,14 +16,11 @@ function setup_file() {
 }
 
 function _check_pause_process() {
-    pause_pid=
-    if [[ -z "$pause_pid_file" ]]; then
-        return
-    fi
-
+    # do not mark this variable as local; our caller expects it
+    pause_pid_file="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid"
     test -e $pause_pid_file || die "Pause pid file $pause_pid_file missing"
 
-    # do not mark this variable as local; our parent expects it
+    # do not mark this variable as local; our caller expects it
     pause_pid=$(<$pause_pid_file)
     test -d /proc/$pause_pid || die "Pause process $pause_pid (from $pause_pid_file) is not running"
 
@@ -43,13 +40,6 @@ function _check_pause_process() {
     # To prevent any issues we should only ever have a single pause process running,
     # regardless of any --root/-runroot/--tmpdir values.
 
-    # System tests can execute in contexts without XDG; in those, we have to
-    # skip the pause-pid-file checks.
-    local pause_pid_file
-    if [[ -n "$XDG_RUNTIME_DIR" ]]; then
-        pause_pid_file="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid"
-    fi
-
     # Baseline: get the current userns (one will be created on demand)
     local getns="unshare readlink /proc/self/ns/user"
     run_podman $getns
@@ -62,12 +52,10 @@ function _check_pause_process() {
     run_podman system migrate
 
     # After migrate, there must be no pause process
-    if [[ -n "$pause_pid_file" ]]; then
-        test -e $pause_pid_file && die "Pause pid file $pause_pid_file still exists, even after podman system migrate"
+    test -e $pause_pid_file && die "Pause pid file $pause_pid_file still exists, even after podman system migrate"
 
-        run kill -0 $pause_pid
-        test $status -eq 0 && die "Pause process $pause_pid is still running even after podman system migrate"
-    fi
+    run kill -0 $pause_pid
+    test $status -eq 0 && die "Pause process $pause_pid is still running even after podman system migrate"
 
     run_podman $(podman_isolation_opts ${PODMAN_TMPDIR}) $getns
     tmpdir_userns="$output"
@@ -110,13 +98,6 @@ function _check_pause_process() {
     skip_if_not_rootless "pause process is only used as rootless"
     skip_if_remote "unshare not supported via remote"
 
-    # System tests can execute in contexts without XDG; in those, we have to
-    # skip the pause-pid-file checks.
-    if [[ -z "$XDG_RUNTIME_DIR" ]]; then
-        skip "\$XDG_RUNTIME_DIR not defined"
-    fi
-    local pause_pid_file="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid"
-
     # First let's run a container in the background to keep the userns active
     local cname1=c1_$(random_string)
     run_podman run -d --name $cname1 --uidmap 0:100:100 $IMAGE top
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 2370ed0a30..8099260dae 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -41,6 +41,16 @@ if [ $(id -u) -eq 0 ]; then
     _LOG_PROMPT='#'
 fi
 
+# Invocations via su may not set this. Although all container tools make
+# an effort to determine a default if unset, there are corner cases (rootless
+# namespace preservation) that run before the default is set.
+# For purposes of system tests (CI, gating, OpenQA) we force a default early.
+# As of September 2024 we no longer test the default-setting logic in the
+# tools.
+if [[ -z "$XDG_RUNTIME_DIR" ]] && [[ "$(id -u)" -ne 0 ]]; then
+    export XDG_RUNTIME_DIR=/run/user/$(id -u)
+fi
+
 # Used in helpers.network, needed here in teardown
 PORT_LOCK_DIR=$BATS_SUITE_TMPDIR/reserved-ports
 
@@ -119,21 +129,6 @@ function _prefetch() {
     $cmd
 }
 
-
-# Wrapper for skopeo, because skopeo doesn't work rootless if $XDG is unset
-# (as it is in RHEL gating): it defaults to /run/containers/<uid>, which
-# of course is a root-only dir, hence fails with permission denied.
-# -- https://github.com/containers/skopeo/issues/823
-function skopeo() {
-    local xdg=${XDG_RUNTIME_DIR}
-    if [ -z "$xdg" ]; then
-        if is_rootless; then
-            xdg=/run/user/$(id -u)
-        fi
-    fi
-    XDG_RUNTIME_DIR=${xdg} command skopeo "$@"
-}
-
 # END   tools for fetching & caching test images
 ###############################################################################
 # BEGIN setup/teardown tools
diff --git a/test/system/helpers.systemd.bash b/test/system/helpers.systemd.bash
index bda601c153..737a33fd1b 100644
--- a/test/system/helpers.systemd.bash
+++ b/test/system/helpers.systemd.bash
@@ -3,13 +3,6 @@
 # BATS helpers for systemd-related functionality
 #
 
-# podman initializes this if unset, but systemctl doesn't
-if [ -z "$XDG_RUNTIME_DIR" ]; then
-    if is_rootless; then
-        export XDG_RUNTIME_DIR=/run/user/$(id -u)
-    fi
-fi
-
 # For tests which write systemd unit files
 UNIT_DIR="/run/systemd/system"
 _DASHUSER=