diff --git a/.cirrus.yml b/.cirrus.yml
index e334684d7f..ca874e5ef9 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -33,7 +33,7 @@ env:
     DEBIAN_NAME: "debian-13"
 
     # Image identifiers
-    IMAGE_SUFFIX: "c20240506t132946z-f40f39d13"
+    IMAGE_SUFFIX: "c20240513t140131z-f40f39d13"
 
     # EC2 images
     FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
@@ -111,8 +111,6 @@ build_task:
               CI_DESIRED_RUNTIME: crun
               CI_DESIRED_DATABASE: boltdb
               CI_DESIRED_STORAGE: vfs
-              # Catch invalid "TMPDIR == /tmp" assumptions; PR #19281
-              TMPDIR: /var/tmp
         - env:
               <<: *stdenvars
               DISTRO_NV: ${RAWHIDE_NAME}
@@ -707,25 +705,7 @@ rootless_integration_test_task:
     # Docs: ./contrib/cirrus/CIModes.md
     only_if: *not_tag_branch_build_docs_machine
     depends_on: *build
-    # FIXME: Fails on Debian rootless ref: #22625
-    # matrix: *platform_axis
-    # FIXME: Fails on Debian rootless ref: #22625
-    matrix:  # The following is just like *platform_axis minus Debian
-        - env: *stdenvars
-        - env:
-              DISTRO_NV: ${PRIOR_FEDORA_NAME}
-              VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
-              CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
-              CI_DESIRED_RUNTIME: crun
-              CI_DESIRED_DATABASE: boltdb
-              CI_DESIRED_STORAGE: vfs
-              # Catch invalid "TMPDIR == /tmp" assumptions; PR #19281
-              TMPDIR: /var/tmp
-        - env:
-              <<: *stdenvars
-              DISTRO_NV: ${RAWHIDE_NAME}
-              VM_IMAGE_NAME: ${RAWHIDE_CACHE_IMAGE_NAME}
-              CTR_FQIN: ""
+    matrix: *platform_axis
     gce_instance: *standardvm
     timeout_in: 50m
     env:
diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
index ddb3be8188..e9c0fa6bbd 100755
--- a/contrib/cirrus/runner.sh
+++ b/contrib/cirrus/runner.sh
@@ -144,6 +144,7 @@ exec_container() {
     # shellcheck disable=SC2154
     exec bin/podman run --rm --privileged --net=host --cgroupns=host \
         -v `mktemp -d -p /var/tmp`:/var/tmp:Z \
+        --tmpfs /tmp:mode=1777 \
         -v /dev/fuse:/dev/fuse \
         -v "$GOPATH:$GOPATH:Z" \
         --workdir "$GOSRC" \
@@ -407,8 +408,24 @@ dotest() {
         die "Found fallback podman '$fallback_podman' in \$PATH; tests require none, as a guarantee that we're testing the right binary."
     fi
 
+    # Catch invalid "TMPDIR == /tmp" assumptions; PR #19281
+    TMPDIR=$(mktemp --tmpdir -d CI_XXXX)
+    # tmp dir is commonly 1777 to allow all user to read/write
+    chmod 1777 $TMPDIR
+    export TMPDIR
+    fstype=$(findmnt -n -o FSTYPE --target $TMPDIR)
+    if [[ "$fstype" != "tmpfs" ]]; then
+        die "The CI test TMPDIR is not on a tmpfs mount, we need tmpfs to make the tests faster"
+    fi
+
     showrun make ${localremote}${testsuite} PODMAN_SERVER_LOG=$PODMAN_SERVER_LOG \
         |& logformatter
+
+    # FIXME: https://github.com/containers/podman/issues/22642
+    # Cannot delete this due cleanup errors, as the VM is basically
+    # done after this anyway let's not block on this for now.
+    # rm -rf $TMPDIR
+    # unset TMPDIR
 }
 
 _run_machine-linux() {
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 82ddc5c121..f617c3a586 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -138,16 +138,7 @@ const (
 )
 
 var _ = SynchronizedBeforeSuite(func() []byte {
-	// One global scratch directory under which all test files will live.
-	// The usual case is that these tests are running in CI, on VMs
-	// with limited RAM, so we use /var/tmp.
-	baseTmpDir := "/var/tmp"
-	if os.Getenv("CI") == "" {
-		// Almost certainly a manual run, e.g., a developer with
-		// a hotrod workstation. Assume they know what they're doing.
-		baseTmpDir = ""
-	}
-	globalTmpDir, err := os.MkdirTemp(baseTmpDir, "podman-e2e-")
+	globalTmpDir, err := os.MkdirTemp("", "podman-e2e-")
 	Expect(err).ToNot(HaveOccurred())
 
 	// make cache dir