Merge pull request #6780 from mheon/even_more_201_backports

Even more v2.0.1 backports

13 files changed, 117 insertions, 36 deletions

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index be9861518..44b64f977 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -5,6 +5,7 @@
 - The `podman system connection` command was mistakenly omitted from the 2.0 release, and has been included here.
 - The `podman ps --format=json` command once again includes container's creation time in a human-readable format in the `CreatedAt` key.
 - The `podman inspect` commands on containers now displays forwarded ports in a format compatible with `docker inspect`.
+- The `--log-level=debug` flag to `podman run` and `podman exec` will enable syslog for exit commands, ensuring that debug logs are collected for these otherwise-unlogged commands.
 
 ### Bugfixes
 - Fixed a bug where `podman build` did not properly handle the `--http-proxy` and `--cgroup-manager` flags.
@@ -18,11 +19,19 @@
 - Fixed a bug where SSH agent authentication support was not properly working in the `podman-remote` and `podman --remote` commands.
 - Fixed a bug where the `podman untag` command was not erroring when no matching image was found.
 - Fixed a bug where stop signal for containers was not being set properly if not explicitly provided.
+- Fixed a bug where the `podman ps` command was not showing port mappings for containers which share a network namespace with another container (e.g. are part of a pod).
+- Fixed a bug where the `--remote` flag could unintentionally be forwarded into containers when using `podman-remote`.
+- Fixed a bug where unit files generated for pods by `podman generate systemd` would not allow individual containers to be restarted ([#6770](https://github.com/containers/libpod/issues/6770)).
+- Fixed a bug where the `podman run` and `podman create` commands did not support all transports that `podman pull` does ([#6744](https://github.com/containers/libpod/issues/6744)).
+- Fixed a bug where the `label` option to `--security-opt` would only be shown once in `podman inspect`, even if provided multiple times.
 
 ### API
 - Fixed a bug where network endpoint URLs in the compatability API were mistakenly suffixed with `/json`.
 - Fixed a bug where the Libpod volume creation endpoint returned 200 instead of 201 on success.
 
+### Misc
+- Updated containers/common to v0.14.3
+
 ## 2.0.0
 ### Features
 - The REST API and `podman system service` are no longer experimental, and ready for use!
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 26d18faf0..8c3b10a7c 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -520,7 +520,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 			case "label":
 				// TODO selinux opts and label opts are the same thing
 				s.ContainerSecurityConfig.SelinuxOpts = append(s.ContainerSecurityConfig.SelinuxOpts, con[1])
-				s.Annotations[define.InspectAnnotationLabel] = con[1]
+				s.Annotations[define.InspectAnnotationLabel] = strings.Join(s.ContainerSecurityConfig.SelinuxOpts, ",label=")
 			case "apparmor":
 				s.ContainerSecurityConfig.ApparmorProfile = con[1]
 				s.Annotations[define.InspectAnnotationApparmor] = con[1]
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 45ce00c86..c48a739ff 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -6,11 +6,12 @@ import (
 	"os"
 	"strings"
 
-	"github.com/containers/libpod/libpod/define"
-
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/image/v5/storage"
+	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/libpod/cmd/podman/common"
 	"github.com/containers/libpod/cmd/podman/registry"
+	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/domain/entities"
 	"github.com/containers/libpod/pkg/errorhandling"
 	"github.com/containers/libpod/pkg/specgen"
@@ -108,12 +109,15 @@ func create(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	imageName := args[0]
 	if !cliVals.RootFS {
-		if err := pullImage(args[0]); err != nil {
+		name, err := pullImage(args[0])
+		if err != nil {
 			return err
 		}
+		imageName = name
 	}
-	s := specgen.NewSpecGenerator(args[0], cliVals.RootFS)
+	s := specgen.NewSpecGenerator(imageName, cliVals.RootFS)
 	if err := common.FillOutSpecGen(s, &cliVals, args); err != nil {
 		return err
 	}
@@ -211,30 +215,44 @@ func createInit(c *cobra.Command) error {
 	return nil
 }
 
-func pullImage(imageName string) error {
-	br, err := registry.ImageEngine().Exists(registry.GetContext(), imageName)
-	if err != nil {
-		return err
-	}
+func pullImage(imageName string) (string, error) {
 	pullPolicy, err := config.ValidatePullPolicy(cliVals.Pull)
 	if err != nil {
-		return err
+		return "", err
 	}
-	if !br.Value || pullPolicy == config.PullImageAlways {
+
+	// Check if the image is missing and hence if we need to pull it.
+	imageMissing := true
+	imageRef, err := alltransports.ParseImageName(imageName)
+	switch {
+	case err != nil:
+		// Assume we specified a local image withouth the explicit storage transport.
+		fallthrough
+
+	case imageRef.Transport().Name() == storage.Transport.Name():
+		br, err := registry.ImageEngine().Exists(registry.GetContext(), imageName)
+		if err != nil {
+			return "", err
+		}
+		imageMissing = !br.Value
+	}
+
+	if imageMissing || pullPolicy == config.PullImageAlways {
 		if pullPolicy == config.PullImageNever {
-			return errors.Wrapf(define.ErrNoSuchImage, "unable to find a name and tag match for %s in repotags", imageName)
+			return "", errors.Wrapf(define.ErrNoSuchImage, "unable to find a name and tag match for %s in repotags", imageName)
 		}
-		_, pullErr := registry.ImageEngine().Pull(registry.GetContext(), imageName, entities.ImagePullOptions{
+		pullReport, pullErr := registry.ImageEngine().Pull(registry.GetContext(), imageName, entities.ImagePullOptions{
 			Authfile:     cliVals.Authfile,
 			Quiet:        cliVals.Quiet,
 			OverrideArch: cliVals.OverrideArch,
 			OverrideOS:   cliVals.OverrideOS,
 		})
 		if pullErr != nil {
-			return pullErr
+			return "", pullErr
 		}
+		imageName = pullReport.Images[0]
 	}
-	return nil
+	return imageName, nil
 }
 
 func openCidFile(cidfile string) (*os.File, error) {
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index b9c196b64..a16c2f89d 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -123,10 +123,13 @@ func run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	imageName := args[0]
 	if !cliVals.RootFS {
-		if err := pullImage(args[0]); err != nil {
+		name, err := pullImage(args[0])
+		if err != nil {
 			return err
 		}
+		imageName = name
 	}
 
 	if cliVals.Replace {
@@ -163,7 +166,7 @@ func run(cmd *cobra.Command, args []string) error {
 	}
 	runOpts.Detach = cliVals.Detach
 	runOpts.DetachKeys = cliVals.DetachKeys
-	s := specgen.NewSpecGenerator(args[0], cliVals.RootFS)
+	s := specgen.NewSpecGenerator(imageName, cliVals.RootFS)
 	if err := common.FillOutSpecGen(s, &cliVals, args); err != nil {
 		return err
 	}
@@ -193,7 +196,7 @@ func run(cmd *cobra.Command, args []string) error {
 		return nil
 	}
 	if runRmi {
-		_, rmErrors := registry.ImageEngine().Remove(registry.GetContext(), []string{args[0]}, entities.ImageRemoveOptions{})
+		_, rmErrors := registry.ImageEngine().Remove(registry.GetContext(), []string{imageName}, entities.ImageRemoveOptions{})
 		if len(rmErrors) > 0 {
 			logrus.Errorf("%s", errors.Wrapf(errorhandling.JoinErrors(rmErrors), "failed removing image"))
 		}
diff --git a/cmd/podman/registry/config_tunnel.go b/cmd/podman/registry/config_tunnel.go
index 4f9f51163..bb3da947e 100644
--- a/cmd/podman/registry/config_tunnel.go
+++ b/cmd/podman/registry/config_tunnel.go
@@ -2,13 +2,6 @@
 
 package registry
 
-import (
-	"os"
-)
-
 func init() {
 	abiSupport = false
-
-	// Enforce that podman-remote == podman --remote
-	os.Args = append(os.Args, "--remote")
 }
diff --git a/pkg/api/handlers/compat/exec.go b/pkg/api/handlers/compat/exec.go
index 8f7016903..dae76c061 100644
--- a/pkg/api/handlers/compat/exec.go
+++ b/pkg/api/handlers/compat/exec.go
@@ -62,7 +62,8 @@ func ExecCreateHandler(w http.ResponseWriter, r *http.Request) {
 		utils.InternalServerError(w, err)
 		return
 	}
-	exitCommandArgs, err := generate.CreateExitCommandArgs(storageConfig, runtimeConfig, false, true, true)
+	// Automatically log to syslog if the server has log-level=debug set
+	exitCommandArgs, err := generate.CreateExitCommandArgs(storageConfig, runtimeConfig, logrus.IsLevelEnabled(logrus.DebugLevel), true, true)
 	if err != nil {
 		utils.InternalServerError(w, err)
 		return
diff --git a/pkg/ps/ps.go b/pkg/ps/ps.go
index b07eb7f9a..cbac2cb06 100644
--- a/pkg/ps/ps.go
+++ b/pkg/ps/ps.go
@@ -145,11 +145,15 @@ func ListContainerBatch(rt *libpod.Runtime, ctr *libpod.Container, opts entities
 		}
 		return nil
 	})
-
 	if batchErr != nil {
 		return entities.ListContainer{}, batchErr
 	}
 
+	portMappings, err := ctr.PortMappings()
+	if err != nil {
+		return entities.ListContainer{}, err
+	}
+
 	ps := entities.ListContainer{
 		Command:   conConfig.Command,
 		Created:   conConfig.CreatedTime.Unix(),
@@ -165,7 +169,7 @@ func ListContainerBatch(rt *libpod.Runtime, ctr *libpod.Container, opts entities
 		Names:     []string{conConfig.Name},
 		Pid:       pid,
 		Pod:       conConfig.Pod,
-		Ports:     conConfig.PortMappings,
+		Ports:     portMappings,
 		Size:      size,
 		StartedAt: startedTime.Unix(),
 		State:     conState.String(),
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 2f7100e7e..59414e668 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -110,8 +110,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 	}
 	options = append(options, opts...)
 
-	// TODO: Enable syslog support - we'll need to put this in SpecGen.
-	exitCommandArgs, err := CreateExitCommandArgs(rt.StorageConfig(), rtc, false, s.Remove, false)
+	exitCommandArgs, err := CreateExitCommandArgs(rt.StorageConfig(), rtc, logrus.IsLevelEnabled(logrus.DebugLevel), s.Remove, false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 77b1353c4..03e840ab4 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -129,7 +129,7 @@ type ContainerBasicConfig struct {
 	Sysctl map[string]string `json:"sysctl,omitempty"`
 	// Remove indicates if the container should be removed once it has been started
 	// and exits
-	Remove bool `json:"remove"`
+	Remove bool `json:"remove,omitempty"`
 }
 
 // ContainerStorageConfig contains information on the storage configuration of a
diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go
index bf6cb81b8..333f8ef88 100644
--- a/pkg/systemd/generate/containers.go
+++ b/pkg/systemd/generate/containers.go
@@ -69,8 +69,6 @@ type containerInfo struct {
 
 const containerTemplate = headerTemplate + `
 {{- if .BoundToServices}}
-RefuseManualStart=yes
-RefuseManualStop=yes
 BindsTo={{- range $index, $value := .BoundToServices -}}{{if $index}} {{end}}{{ $value }}.service{{end}}
 After={{- range $index, $value := .BoundToServices -}}{{if $index}} {{end}}{{ $value }}.service{{end}}
 {{- end}}
diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go
index 80f0996a1..e108251ea 100644
--- a/pkg/systemd/generate/containers_test.go
+++ b/pkg/systemd/generate/containers_test.go
@@ -88,8 +88,6 @@ Description=Podman container-foobar.service
 Documentation=man:podman-generate-systemd(1)
 Wants=network.target
 After=network-online.target
-RefuseManualStart=yes
-RefuseManualStop=yes
 BindsTo=a.service b.service c.service pod.service
 After=a.service b.service c.service pod.service
 
diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go
index 0dc8e01af..cfc0a415e 100644
--- a/test/e2e/ps_test.go
+++ b/test/e2e/ps_test.go
@@ -449,4 +449,21 @@ var _ = Describe("Podman ps", func() {
 		Expect(len(output)).To(Equal(1))
 		Expect(output[0]).To(Equal(ctrName))
 	})
+
+	It("podman ps test with port shared with pod", func() {
+		podName := "testPod"
+		pod := podmanTest.Podman([]string{"pod", "create", "-p", "8080:80", "--name", podName})
+		pod.WaitWithDefaultTimeout()
+		Expect(pod.ExitCode()).To(Equal(0))
+
+		ctrName := "testCtr"
+		session := podmanTest.Podman([]string{"run", "--name", ctrName, "-dt", "--pod", podName, ALPINE, "top"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		ps := podmanTest.Podman([]string{"ps", "--filter", fmt.Sprintf("name=%s", ctrName), "--format", "{{.Ports}}"})
+		ps.WaitWithDefaultTimeout()
+		Expect(ps.ExitCode()).To(Equal(0))
+		Expect(ps.OutputToString()).To(ContainSubstring("0.0.0.0:8080->80/tcp"))
+	})
 })
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index aa9ace332..c7a9bf191 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -189,4 +189,45 @@ echo $rand        |   0 | $rand
        "podman will not overwrite existing cidfile"
 }
 
+@test "podman run docker-archive" {
+    # Create an image that, when run, outputs a random magic string
+    expect=$(random_string 20)
+    run_podman run --name myc --entrypoint="[\"/bin/echo\",\"$expect\"]" $IMAGE
+    is "$output" "$expect" "podman run --entrypoint echo-randomstring"
+
+    # Save it as a tar archive
+    run_podman commit myc myi
+    archive=$PODMAN_TMPDIR/archive.tar
+    run_podman save myi -o $archive
+    is "$output" "" "podman save"
+
+    # Clean up image and container from container storage...
+    run_podman rmi myi
+    run_podman rm myc
+
+    # ... then confirm we can run from archive. This re-imports the image
+    # and runs it, producing our random string as the last line.
+    run_podman run docker-archive:$archive
+    is "${lines[0]}" "Getting image source signatures" "podman run docker-archive, first line of output"
+    is "$output" ".*Copying blob"     "podman run docker-archive"
+    is "$output" ".*Copying config"   "podman run docker-archive"
+    is "$output" ".*Writing manifest" "podman run docker-archive"
+    is "${lines[-1]}" "$expect" "podman run docker-archive: expected random string output"
+
+    # Clean up container as well as re-imported image
+    run_podman rm -a
+    run_podman rmi myi
+
+    # Repeat the above, with podman-create and podman-start.
+    run_podman create docker-archive:$archive
+    cid=${lines[-1]}
+
+    run_podman start --attach $cid
+    is "$output" "$expect" "'podman run' of 'podman-create docker-archive'"
+
+    # Clean up.
+    run_podman rm $cid
+    run_podman rmi myi
+}
+
 # vim: filetype=sh