diff --git a/.packit.yaml b/.packit.yaml
index b4170f5925..911e57228d 100644
--- a/.packit.yaml
+++ b/.packit.yaml
@@ -5,6 +5,27 @@
 downstream_package_name: podman
 upstream_tag_template: v{version}
 
+# These files get synced from upstream to downstream (Fedora / CentOS Stream) on every
+# propose-downstream job. This is done so tests maintained upstream can be run
+# downstream in Zuul CI and Bodhi.
+# Ref: https://packit.dev/docs/configuration#files_to_sync
+files_to_sync:
+  - src: rpm/gating.yaml
+    dest: gating.yaml
+    delete: true
+  - src: plans/
+    dest: plans/
+    delete: true
+    mkpath: true
+  - src: test/tmt/
+    dest: test/tmt/
+    delete: true
+    mkpath: true
+  - src: .fmf/
+    dest: .fmf/
+    delete: true
+  - .packit.yaml
+
 packages:
   podman-fedora:
     pkg_tool: fedpkg
@@ -80,6 +101,17 @@ jobs:
     project: podman-next
     enable_net: true
 
+  # Tests on Fedora
+  - job: tests
+    trigger: pull_request
+    packages: [podman-fedora]
+    notifications: *packit_generic_failure_notification
+    targets:
+      - fedora-rawhide
+      - fedora-42
+      - fedora-41
+    tmt_plan: "/plans/system/*"
+
   - job: tests
     identifier: cockpit-revdeps
     trigger: pull_request
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c39aa733f0..2404bf35c6 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -21,6 +21,7 @@ repos:
       - id: check-executables-have-shebangs
       - id: check-merge-conflict
       - id: check-yaml
+        exclude: rpm/gating.yaml
   - repo: https://github.com/codespell-project/codespell
     # Configuration for codespell is in .codespellrc
     rev: v2.4.1
diff --git a/plans/system.fmf b/plans/system.fmf
new file mode 100644
index 0000000000..e41ffb805c
--- /dev/null
+++ b/plans/system.fmf
@@ -0,0 +1,59 @@
+discover:
+    how: fmf
+
+execute:
+    how: tmt
+
+prepare:
+    - how: shell
+      script: modprobe null_blk nr_devices=1
+      order: 5
+    - when: distro == centos-stream or distro == rhel
+      how: shell
+      script: |
+        dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm
+        dnf -y config-manager --set-enabled epel
+      order: 10
+    - when: initiator == packit
+      how: shell
+      script: |
+        COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo"
+        if compgen -G $COPR_REPO_FILE > /dev/null; then
+            sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE
+        fi
+        dnf -y upgrade --allowerasing
+      order: 20
+
+adjust+:
+    - enabled: false
+      when: revdeps == yes
+
+provision:
+    how: artemis
+    hardware:
+        memory: ">= 16 GB"
+        cpu:
+            cores: ">= 4"
+            threads: ">=8"
+        disk:
+            - size: ">= 512 GB"
+
+/local-root:
+    summary: Local rootful tests
+    discover+:
+        filter: 'tag:local & tag:root'
+
+/local-rootless:
+    summary: Local rootless tests
+    discover+:
+        filter: 'tag:local & tag:rootless'
+
+/remote-root:
+    summary: Remote rootful tests
+    discover+:
+        filter: 'tag:remote & tag:root'
+
+/remote-rootless:
+    summary: Remote rootless tests
+    discover+:
+        filter: 'tag:remote & tag:rootless'
diff --git a/plans/tmt.fmf b/plans/tmt.fmf
new file mode 100644
index 0000000000..1589b5ce68
--- /dev/null
+++ b/plans/tmt.fmf
@@ -0,0 +1,21 @@
+summary: Run tmt container provision test (downstream only)
+
+enabled: false
+adjust+:
+    - enabled: true
+      when: initiator != packit and distro != rhel
+
+discover:
+    how: fmf
+    filter: 'tag:tmt & tag:downstream'
+
+execute:
+    how: tmt
+
+prepare:
+    - when: distro == centos-stream or distro == rhel
+      how: shell
+      script: |
+        dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm
+        dnf -y config-manager --set-enabled epel
+      order: 10
diff --git a/plans/toolbox.fmf b/plans/toolbox.fmf
new file mode 100644
index 0000000000..0aceed010f
--- /dev/null
+++ b/plans/toolbox.fmf
@@ -0,0 +1,29 @@
+summary: Run toolbox tests (downstream only)
+
+enabled: false
+adjust+:
+    - enabled: true
+      when: initiator != packit and distro == fedora
+
+provision:
+    how: artemis
+    hardware:
+        memory: ">= 16 GB"
+        cpu:
+            cores: ">= 4"
+            threads: ">=8"
+        disk:
+            - size: ">= 512 GB"
+
+prepare:
+    - name: packages
+      how: install
+      package: [toolbox-tests]
+
+discover:
+    how: fmf
+    url: https://src.fedoraproject.org/rpms/toolbox
+    ref: "rawhide"
+
+execute:
+    how: tmt
diff --git a/rpm/gating.yaml b/rpm/gating.yaml
new file mode 100644
index 0000000000..92c7dc46fe
--- /dev/null
+++ b/rpm/gating.yaml
@@ -0,0 +1,17 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_contexts:
+  - bodhi_update_push_stable
+  - bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+# recipients: jnovy, lsm5, santiago
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
diff --git a/rpm/podman.spec b/rpm/podman.spec
index 71fd740e61..7de7f569bd 100644
--- a/rpm/podman.spec
+++ b/rpm/podman.spec
@@ -13,6 +13,8 @@
 %define build_with_btrfs 1
 # qemu-system* isn't packageed for CentOS Stream / RHEL
 %define qemu 1
+# bats is included in the default repos (No epel/copr etc.)
+%define distro_bats 1
 %endif
 
 %if %{defined copr_username}
@@ -139,7 +141,7 @@ pages and %{name}.
 Summary: Tests for %{name}
 
 Requires: %{name} = %{epoch}:%{version}-%{release}
-%if %{defined fedora}
+%if %{defined distro_bats}
 Requires: bats
 %endif
 Requires: attr
@@ -157,7 +159,8 @@ Requires: xfsprogs
 %description tests
 %{summary}
 
-This package contains system tests for %{name}
+This package contains system tests for %{name}. Only intended to be used for
+gating tests. Not supported for end users / customers.
 
 %package remote
 Summary: (Experimental) Remote client for managing %{name} containers
diff --git a/test/tmt/system.fmf b/test/tmt/system.fmf
new file mode 100644
index 0000000000..916c15f37a
--- /dev/null
+++ b/test/tmt/system.fmf
@@ -0,0 +1,48 @@
+require:
+    - podman-tests
+    - psmisc
+
+environment:
+    # PODMAN_TESTING envvar is set in system.sh
+    PODMAN: /usr/bin/podman
+    QUADLET: /usr/libexec/podman/quadlet
+    ROOTLESS_USER: "fedora"
+adjust+:
+    - when: distro == centos-stream
+      environment+:
+        ROOTLESS_USER: "ec2-user"
+    - when: distro == rhel
+      environment+:
+        ROOTLESS_USER: "cloud-user"
+
+/local-root:
+    tag: [ local, root ]
+    summary: local rootful test
+    test: bash ./system.sh
+    duration: 30m
+
+/local-rootless:
+    tag: [ local, rootless ]
+    summary: rootless test
+    test: bash ./system.sh rootless
+    duration: 30m
+
+/remote-root:
+    tag: [ remote, root ]
+    summary: remote rootful test
+    test: bash ./system.sh
+    duration: 30m
+    environment+:
+        PODMAN: /usr/bin/podman-remote
+    require+:
+        - podman-remote
+
+/remote-rootless:
+    tag: [ remote, rootless ]
+    summary: remote rootless test
+    test: bash ./system.sh rootless
+    duration: 30m
+    environment+:
+        PODMAN: /usr/bin/podman-remote
+    require+:
+        - podman-remote
diff --git a/test/tmt/system.sh b/test/tmt/system.sh
new file mode 100644
index 0000000000..3cd29dae03
--- /dev/null
+++ b/test/tmt/system.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+uname -r
+
+loginctl enable-linger "$ROOTLESS_USER"
+
+rpm -q \
+    aardvark-dns \
+    buildah \
+    conmon \
+    container-selinux \
+    containers-common \
+    criu \
+    crun \
+    netavark \
+    passt \
+    podman \
+    podman-tests \
+    skopeo \
+    slirp4netns \
+    systemd
+
+export system_service_cmd="/usr/bin/podman system service --timeout=0 &"
+export test_cmd="whoami && cd /usr/share/podman/test/system && PODMAN_TESTING=/usr/bin/podman-testing bats ."
+
+if [[ -z $1 ]]; then
+    if [[ $PODMAN == "/usr/bin/podman-remote" ]]; then
+        eval "$system_service_cmd"
+    fi
+    eval "$test_cmd"
+elif [[ $1 == "rootless" ]]; then
+    if [[ $PODMAN == "/usr/bin/podman-remote" ]]; then
+        su - "$ROOTLESS_USER" -c "eval $system_service_cmd"
+    fi
+    su - "$ROOTLESS_USER" -c "eval $test_cmd"
+fi
+
+# Kill all podman processes for remote tests
+if [[ $PODMAN == "/usr/bin/podman-remote" ]]; then
+    killall -q podman
+fi
+exit 0
diff --git a/test/tmt/tmt.fmf b/test/tmt/tmt.fmf
new file mode 100644
index 0000000000..f016947cc0
--- /dev/null
+++ b/test/tmt/tmt.fmf
@@ -0,0 +1,13 @@
+enabled: false
+adjust:
+    enabled: true
+    when: initiator != packit && distro != rhel
+summary: Make sure that TMT container provision works
+tag: [downstream]
+require:
+  - tmt+provision-container
+test:
+    tmt run --verbose --remove
+        provision --how container --image fedora
+        login --command 'cat /etc/os-release'
+        finish