Merge pull request #14100 from mheon/incremental_backports

[v4.1] Incremental backports

18 files changed, 282 insertions, 111 deletions

diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go
index e43226490..d6f035af9 100644
--- a/libpod/boltdb_state_internal.go
+++ b/libpod/boltdb_state_internal.go
@@ -542,8 +542,12 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
 			ctr.ID(), s.namespace, ctr.config.Namespace)
 	}
 
+	// Set the original networks to nil. We can save some space by not storing it in the config
+	// since we store it in a different mutable bucket anyway.
+	configNetworks := ctr.config.Networks
+	ctr.config.Networks = nil
+
 	// JSON container structs to insert into DB
-	// TODO use a higher-performance struct encoding than JSON
 	configJSON, err := json.Marshal(ctr.config)
 	if err != nil {
 		return errors.Wrapf(err, "error marshalling container %s config to JSON", ctr.ID())
@@ -564,8 +568,8 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
 	}
 
 	// make sure to marshal the network options before we get the db lock
-	networks := make(map[string][]byte, len(ctr.config.Networks))
-	for net, opts := range ctr.config.Networks {
+	networks := make(map[string][]byte, len(configNetworks))
+	for net, opts := range configNetworks {
 		// Check that we don't have any empty network names
 		if net == "" {
 			return errors.Wrapf(define.ErrInvalidArg, "network names cannot be an empty string")
@@ -581,9 +585,6 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error {
 		}
 		networks[net] = optBytes
 	}
-	// Set the original value to nil. We can safe some space by not storing it in the config
-	// since we store it in a different mutable bucket anyway.
-	ctr.config.Networks = nil
 
 	db, err := s.getDBCon()
 	if err != nil {
diff --git a/libpod/container_copy_linux.go b/libpod/container_copy_linux.go
index 91e712c74..7566fbb12 100644
--- a/libpod/container_copy_linux.go
+++ b/libpod/container_copy_linux.go
@@ -48,7 +48,11 @@ func (c *Container) copyFromArchive(path string, chown bool, rename map[string]s
 		if err != nil {
 			return nil, err
 		}
-		unmount = func() { c.unmount(false) }
+		unmount = func() {
+			if err := c.unmount(false); err != nil {
+				logrus.Errorf("Failed to unmount container: %v", err)
+			}
+		}
 	}
 
 	if c.state.State == define.ContainerStateRunning {
@@ -117,7 +121,11 @@ func (c *Container) copyToArchive(path string, writer io.Writer) (func() error,
 		if err != nil {
 			return nil, err
 		}
-		unmount = func() { c.unmount(false) }
+		unmount = func() {
+			if err := c.unmount(false); err != nil {
+				logrus.Errorf("Failed to unmount container: %v", err)
+			}
+		}
 	}
 
 	statInfo, resolvedRoot, resolvedPath, err := c.stat(mountPoint, path)
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 31edff762..4742b22ab 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1180,7 +1180,11 @@ func (c *Container) createCheckpointImage(ctx context.Context, options Container
 		return err
 	}
 	// Clean-up buildah working container
-	defer importBuilder.Delete()
+	defer func() {
+		if err := importBuilder.Delete(); err != nil {
+			logrus.Errorf("Image builder delete failed: %v", err)
+		}
+	}()
 
 	if err := c.prepareCheckpointExport(); err != nil {
 		return err
@@ -1201,7 +1205,9 @@ func (c *Container) createCheckpointImage(ctx context.Context, options Container
 
 	// Copy checkpoint from temporary tar file in the image
 	addAndCopyOptions := buildah.AddAndCopyOptions{}
-	importBuilder.Add("", true, addAndCopyOptions, options.TargetFile)
+	if err := importBuilder.Add("", true, addAndCopyOptions, options.TargetFile); err != nil {
+		return err
+	}
 
 	if err := c.addCheckpointImageMetadata(importBuilder); err != nil {
 		return err
@@ -1543,7 +1549,11 @@ func (c *Container) importCheckpointImage(ctx context.Context, imageID string) e
 	}
 
 	mountPoint, err := img.Mount(ctx, nil, "")
-	defer img.Unmount(true)
+	defer func() {
+		if err := c.unmount(true); err != nil {
+			logrus.Errorf("Failed to unmount container: %v", err)
+		}
+	}()
 	if err != nil {
 		return err
 	}
@@ -2113,15 +2123,9 @@ func (c *Container) makeBindMounts() error {
 			}
 		} else {
 			if !c.config.UseImageResolvConf {
-				newResolv, err := c.generateResolvConf()
-				if err != nil {
+				if err := c.generateResolvConf(); err != nil {
 					return errors.Wrapf(err, "error creating resolv.conf for container %s", c.ID())
 				}
-				err = c.mountIntoRootDirs("/etc/resolv.conf", newResolv)
-
-				if err != nil {
-					return errors.Wrapf(err, "error assigning mounts to container %s", c.ID())
-				}
 			}
 
 			if !c.config.UseImageHosts {
@@ -2278,23 +2282,25 @@ rootless=%d
 }
 
 // generateResolvConf generates a containers resolv.conf
-func (c *Container) generateResolvConf() (string, error) {
+func (c *Container) generateResolvConf() error {
 	var (
 		nameservers          []string
 		networkNameServers   []string
 		networkSearchDomains []string
 	)
 
+	hostns := true
 	resolvConf := "/etc/resolv.conf"
 	for _, namespace := range c.config.Spec.Linux.Namespaces {
 		if namespace.Type == spec.NetworkNamespace {
+			hostns = false
 			if namespace.Path != "" && !strings.HasPrefix(namespace.Path, "/proc/") {
 				definedPath := filepath.Join("/etc/netns", filepath.Base(namespace.Path), "resolv.conf")
 				_, err := os.Stat(definedPath)
 				if err == nil {
 					resolvConf = definedPath
 				} else if !os.IsNotExist(err) {
-					return "", err
+					return err
 				}
 			}
 			break
@@ -2304,17 +2310,17 @@ func (c *Container) generateResolvConf() (string, error) {
 	contents, err := ioutil.ReadFile(resolvConf)
 	// resolv.conf doesn't have to exists
 	if err != nil && !os.IsNotExist(err) {
-		return "", err
+		return err
 	}
 
 	ns := resolvconf.GetNameservers(contents)
 	// check if systemd-resolved is used, assume it is used when 127.0.0.53 is the only nameserver
-	if len(ns) == 1 && ns[0] == "127.0.0.53" {
+	if !hostns && len(ns) == 1 && ns[0] == "127.0.0.53" {
 		// read the actual resolv.conf file for systemd-resolved
 		resolvedContents, err := ioutil.ReadFile("/run/systemd/resolve/resolv.conf")
 		if err != nil {
 			if !os.IsNotExist(err) {
-				return "", errors.Wrapf(err, "detected that systemd-resolved is in use, but could not locate real resolv.conf")
+				return errors.Wrapf(err, "detected that systemd-resolved is in use, but could not locate real resolv.conf")
 			}
 		} else {
 			contents = resolvedContents
@@ -2337,21 +2343,21 @@ func (c *Container) generateResolvConf() (string, error) {
 
 	ipv6, err := c.checkForIPv6(netStatus)
 	if err != nil {
-		return "", err
+		return err
 	}
 
 	// Ensure that the container's /etc/resolv.conf is compatible with its
 	// network configuration.
-	resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, c.config.CreateNetNS)
+	resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, !hostns)
 	if err != nil {
-		return "", errors.Wrapf(err, "error parsing host resolv.conf")
+		return errors.Wrapf(err, "error parsing host resolv.conf")
 	}
 
 	dns := make([]net.IP, 0, len(c.runtime.config.Containers.DNSServers)+len(c.config.DNSServer))
 	for _, i := range c.runtime.config.Containers.DNSServers {
 		result := net.ParseIP(i)
 		if result == nil {
-			return "", errors.Wrapf(define.ErrInvalidArg, "invalid IP address %s", i)
+			return errors.Wrapf(define.ErrInvalidArg, "invalid IP address %s", i)
 		}
 		dns = append(dns, result)
 	}
@@ -2402,20 +2408,15 @@ func (c *Container) generateResolvConf() (string, error) {
 	destPath := filepath.Join(c.state.RunDir, "resolv.conf")
 
 	if err := os.Remove(destPath); err != nil && !os.IsNotExist(err) {
-		return "", errors.Wrapf(err, "container %s", c.ID())
+		return errors.Wrapf(err, "container %s", c.ID())
 	}
 
 	// Build resolv.conf
 	if _, err = resolvconf.Build(destPath, nameservers, search, options); err != nil {
-		return "", errors.Wrapf(err, "error building resolv.conf for container %s", c.ID())
+		return errors.Wrapf(err, "error building resolv.conf for container %s", c.ID())
 	}
 
-	// Relabel resolv.conf for the container
-	if err := c.relabel(destPath, c.config.MountLabel, true); err != nil {
-		return "", err
-	}
-
-	return destPath, nil
+	return c.bindMountRootFile(destPath, "/etc/resolv.conf")
 }
 
 // Check if a container uses IPv6.
@@ -2590,17 +2591,21 @@ func (c *Container) createHosts() error {
 		return err
 	}
 
-	if err := os.Chown(targetFile, c.RootUID(), c.RootGID()); err != nil {
+	return c.bindMountRootFile(targetFile, config.DefaultHostsFile)
+}
+
+// bindMountRootFile will chown and relabel the source file to make it usable in the container.
+// It will also add the path to the container bind mount map.
+// source is the path on the host, dest is the path in the container.
+func (c *Container) bindMountRootFile(source, dest string) error {
+	if err := os.Chown(source, c.RootUID(), c.RootGID()); err != nil {
 		return err
 	}
-	if err := label.Relabel(targetFile, c.MountLabel(), false); err != nil {
+	if err := label.Relabel(source, c.MountLabel(), false); err != nil {
 		return err
 	}
 
-	if err = c.mountIntoRootDirs(config.DefaultHostsFile, targetFile); err != nil {
-		return err
-	}
-	return nil
+	return c.mountIntoRootDirs(dest, source)
 }
 
 // generateGroupEntry generates an entry or entries into /etc/group as
diff --git a/libpod/define/info.go b/libpod/define/info.go
index 713129ada..911fa5c03 100644
--- a/libpod/define/info.go
+++ b/libpod/define/info.go
@@ -1,6 +1,8 @@
 package define
 
-import "github.com/containers/storage/pkg/idtools"
+import (
+	"github.com/containers/storage/pkg/idtools"
+)
 
 // Info is the overall struct that describes the host system
 // running libpod/podman
@@ -31,6 +33,7 @@ type HostInfo struct {
 	CgroupControllers []string         `json:"cgroupControllers"`
 	Conmon            *ConmonInfo      `json:"conmon"`
 	CPUs              int              `json:"cpus"`
+	CPUUtilization    *CPUUsage        `json:"cpuUtilization"`
 	Distribution      DistributionInfo `json:"distribution"`
 	EventLogger       string           `json:"eventLogger"`
 	Hostname          string           `json:"hostname"`
@@ -108,11 +111,15 @@ type StoreInfo struct {
 	GraphDriverName string                 `json:"graphDriverName"`
 	GraphOptions    map[string]interface{} `json:"graphOptions"`
 	GraphRoot       string                 `json:"graphRoot"`
-	GraphStatus     map[string]string      `json:"graphStatus"`
-	ImageCopyTmpDir string                 `json:"imageCopyTmpDir"`
-	ImageStore      ImageStore             `json:"imageStore"`
-	RunRoot         string                 `json:"runRoot"`
-	VolumePath      string                 `json:"volumePath"`
+	// GraphRootAllocated is how much space the graphroot has in bytes
+	GraphRootAllocated uint64 `json:"graphRootAllocated"`
+	// GraphRootUsed is how much of graphroot is used in bytes
+	GraphRootUsed   uint64            `json:"graphRootUsed"`
+	GraphStatus     map[string]string `json:"graphStatus"`
+	ImageCopyTmpDir string            `json:"imageCopyTmpDir"`
+	ImageStore      ImageStore        `json:"imageStore"`
+	RunRoot         string            `json:"runRoot"`
+	VolumePath      string            `json:"volumePath"`
 }
 
 // ImageStore describes the image store.  Right now only the number
@@ -137,3 +144,9 @@ type Plugins struct {
 	// FIXME what should we do with Authorization, docker seems to return nothing by default
 	// Authorization []string `json:"authorization"`
 }
+
+type CPUUsage struct {
+	UserPercent   float64 `json:"userPercent"`
+	SystemPercent float64 `json:"systemPercent"`
+	IdlePercent   float64 `json:"idlePercent"`
+}
diff --git a/libpod/info.go b/libpod/info.go
index e0b490768..321680a81 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -5,11 +5,13 @@ import (
 	"bytes"
 	"fmt"
 	"io/ioutil"
+	"math"
 	"os"
 	"os/exec"
 	"runtime"
 	"strconv"
 	"strings"
+	"syscall"
 	"time"
 
 	"github.com/containers/buildah"
@@ -115,7 +117,10 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
 	if err != nil {
 		return nil, errors.Wrapf(err, "error getting available cgroup controllers")
 	}
-
+	cpuUtil, err := getCPUUtilization()
+	if err != nil {
+		return nil, err
+	}
 	info := define.HostInfo{
 		Arch:              runtime.GOARCH,
 		BuildahVersion:    buildah.Version,
@@ -123,6 +128,7 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
 		CgroupControllers: availableControllers,
 		Linkmode:          linkmode.Linkmode(),
 		CPUs:              runtime.NumCPU(),
+		CPUUtilization:    cpuUtil,
 		Distribution:      hostDistributionInfo,
 		LogDriver:         r.config.Containers.LogDriver,
 		EventLogger:       r.eventer.String(),
@@ -285,17 +291,25 @@ func (r *Runtime) storeInfo() (*define.StoreInfo, error) {
 	}
 	imageInfo := define.ImageStore{Number: len(images)}
 
+	var grStats syscall.Statfs_t
+	if err := syscall.Statfs(r.store.GraphRoot(), &grStats); err != nil {
+		return nil, errors.Wrapf(err, "unable to collect graph root usasge for %q", r.store.GraphRoot())
+	}
+	allocated := uint64(grStats.Bsize) * grStats.Blocks
 	info := define.StoreInfo{
-		ImageStore:      imageInfo,
-		ImageCopyTmpDir: os.Getenv("TMPDIR"),
-		ContainerStore:  conInfo,
-		GraphRoot:       r.store.GraphRoot(),
-		RunRoot:         r.store.RunRoot(),
-		GraphDriverName: r.store.GraphDriverName(),
-		GraphOptions:    nil,
-		VolumePath:      r.config.Engine.VolumePath,
-		ConfigFile:      configFile,
+		ImageStore:         imageInfo,
+		ImageCopyTmpDir:    os.Getenv("TMPDIR"),
+		ContainerStore:     conInfo,
+		GraphRoot:          r.store.GraphRoot(),
+		GraphRootAllocated: allocated,
+		GraphRootUsed:      allocated - (uint64(grStats.Bsize) * grStats.Bfree),
+		RunRoot:            r.store.RunRoot(),
+		GraphDriverName:    r.store.GraphDriverName(),
+		GraphOptions:       nil,
+		VolumePath:         r.config.Engine.VolumePath,
+		ConfigFile:         configFile,
 	}
+
 	graphOptions := map[string]interface{}{}
 	for _, o := range r.store.GraphOptions() {
 		split := strings.SplitN(o, "=", 2)
@@ -382,3 +396,44 @@ func (r *Runtime) GetHostDistributionInfo() define.DistributionInfo {
 	}
 	return dist
 }
+
+// getCPUUtilization Returns a CPUUsage object that summarizes CPU
+// usage for userspace, system, and idle time.
+func getCPUUtilization() (*define.CPUUsage, error) {
+	f, err := os.Open("/proc/stat")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	scanner := bufio.NewScanner(f)
+	// Read firt line of /proc/stat
+	for scanner.Scan() {
+		break
+	}
+	// column 1 is user, column 3 is system, column 4 is idle
+	stats := strings.Split(scanner.Text(), " ")
+	return statToPercent(stats)
+}
+
+func statToPercent(stats []string) (*define.CPUUsage, error) {
+	// There is always an extra space between cpu and the first metric
+	userTotal, err := strconv.ParseFloat(stats[2], 64)
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to parse user value %q", stats[1])
+	}
+	systemTotal, err := strconv.ParseFloat(stats[4], 64)
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to parse system value %q", stats[3])
+	}
+	idleTotal, err := strconv.ParseFloat(stats[5], 64)
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to parse idle value %q", stats[4])
+	}
+	total := userTotal + systemTotal + idleTotal
+	s := define.CPUUsage{
+		UserPercent:   math.Round((userTotal/total*100)*100) / 100,
+		SystemPercent: math.Round((systemTotal/total*100)*100) / 100,
+		IdlePercent:   math.Round((idleTotal/total*100)*100) / 100,
+	}
+	return &s, nil
+}
diff --git a/libpod/info_test.go b/libpod/info_test.go
new file mode 100644
index 000000000..909b573c0
--- /dev/null
+++ b/libpod/info_test.go
@@ -0,0 +1,59 @@
+package libpod
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/containers/podman/v4/libpod/define"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_statToPercent(t *testing.T) {
+	type args struct {
+		in0 []string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *define.CPUUsage
+		wantErr assert.ErrorAssertionFunc
+	}{
+		{
+			name: "GoodParse",
+			args: args{in0: []string{"cpu", " ", "33628064", "27537", "9696996", "1314806705", "588142", "4775073", "2789228", "0", "598711", "0"}},
+			want: &define.CPUUsage{
+				UserPercent:   2.48,
+				SystemPercent: 0.71,
+				IdlePercent:   96.81,
+			},
+			wantErr: assert.NoError,
+		},
+		{
+			name:    "BadUserValue",
+			args:    args{in0: []string{"cpu", " ", "k", "27537", "9696996", "1314806705", "588142", "4775073", "2789228", "0", "598711", "0"}},
+			want:    nil,
+			wantErr: assert.Error,
+		},
+		{
+			name:    "BadSystemValue",
+			args:    args{in0: []string{"cpu", " ", "33628064", "27537", "k", "1314806705", "588142", "4775073", "2789228", "0", "598711", "0"}},
+			want:    nil,
+			wantErr: assert.Error,
+		},
+		{
+			name:    "BadIdleValue",
+			args:    args{in0: []string{"cpu", " ", "33628064", "27537", "9696996", "k", "588142", "4775073", "2789228", "0", "598711", "0"}},
+			want:    nil,
+			wantErr: assert.Error,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := statToPercent(tt.args.in0)
+			if !tt.wantErr(t, err, fmt.Sprintf("statToPercent(%v)", tt.args.in0)) {
+				return
+			}
+			assert.Equalf(t, tt.want, got, "statToPercent(%v)", tt.args.in0)
+		})
+	}
+}
diff --git a/libpod/kube.go b/libpod/kube.go
index 8b75a0c44..5a5fe9d35 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -1034,7 +1034,11 @@ func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) {
 			if err != nil {
 				return nil, errors.Wrapf(err, "failed to mount %s mountpoint", c.ID())
 			}
-			defer c.unmount(false)
+			defer func() {
+				if err := c.unmount(false); err != nil {
+					logrus.Errorf("Failed to unmount container: %v", err)
+				}
+			}()
 		}
 		logrus.Debugf("Looking in container for user: %s", c.User())
 
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 2770b040e..0c124cf0b 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -488,7 +488,7 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
 		pid := strconv.Itoa(cmd.Process.Pid)
 		err = ioutil.WriteFile(filepath.Join(rootlessNetNsDir, rootlessNetNsSilrp4netnsPidFile), []byte(pid), 0700)
 		if err != nil {
-			errors.Wrap(err, "unable to write rootless-netns slirp4netns pid file")
+			return nil, errors.Wrap(err, "unable to write rootless-netns slirp4netns pid file")
 		}
 
 		defer func() {
diff --git a/libpod/oci_attach_linux.go b/libpod/oci_attach_linux.go
index b5eabec1f..c6af294d5 100644
--- a/libpod/oci_attach_linux.go
+++ b/libpod/oci_attach_linux.go
@@ -274,11 +274,15 @@ func readStdio(conn *net.UnixConn, streams *define.AttachStreams, receiveStdoutE
 	var err error
 	select {
 	case err = <-receiveStdoutError:
-		conn.CloseWrite()
+		if err := conn.CloseWrite(); err != nil {
+			logrus.Errorf("Failed to close stdin: %v", err)
+		}
 		return err
 	case err = <-stdinDone:
 		if err == define.ErrDetach {
-			conn.CloseWrite()
+			if err := conn.CloseWrite(); err != nil {
+				logrus.Errorf("Failed to close stdin: %v", err)
+			}
 			return err
 		}
 		if err == nil {
diff --git a/libpod/options.go b/libpod/options.go
index 57e2d7cf6..98eb45e76 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1634,6 +1634,19 @@ func WithVolumeNoChown() VolumeCreateOption {
 	}
 }
 
+// WithVolumeDisableQuota prevents the volume from being assigned a quota.
+func WithVolumeDisableQuota() VolumeCreateOption {
+	return func(volume *Volume) error {
+		if volume.valid {
+			return define.ErrVolumeFinalized
+		}
+
+		volume.config.DisableQuota = true
+
+		return nil
+	}
+}
+
 // withSetAnon sets a bool notifying libpod that this volume is anonymous and
 // should be removed when containers using it are removed and volumes are
 // specified for removal.
diff --git a/libpod/pod.go b/libpod/pod.go
index ed2d97b37..237c42901 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -1,7 +1,6 @@
 package libpod
 
 import (
-	"context"
 	"fmt"
 	"sort"
 	"strings"
@@ -159,6 +158,15 @@ func (p *Pod) CPUQuota() int64 {
 	return 0
 }
 
+// NetworkMode returns the Network mode given by the user ex: pod, private...
+func (p *Pod) NetworkMode() string {
+	infra, err := p.runtime.GetContainer(p.state.InfraContainerID)
+	if err != nil {
+		return ""
+	}
+	return infra.NetworkMode()
+}
+
 // PidMode returns the PID mode given by the user ex: pod, private...
 func (p *Pod) PidMode() string {
 	infra, err := p.runtime.GetContainer(p.state.InfraContainerID)
@@ -296,35 +304,9 @@ func (p *Pod) CgroupPath() (string, error) {
 	if err := p.updatePod(); err != nil {
 		return "", err
 	}
-	if p.state.CgroupPath != "" {
-		return p.state.CgroupPath, nil
-	}
 	if p.state.InfraContainerID == "" {
 		return "", errors.Wrap(define.ErrNoSuchCtr, "pod has no infra container")
 	}
-
-	id, err := p.infraContainerID()
-	if err != nil {
-		return "", err
-	}
-
-	if id != "" {
-		ctr, err := p.infraContainer()
-		if err != nil {
-			return "", errors.Wrapf(err, "could not get infra")
-		}
-		if ctr != nil {
-			ctr.Start(context.Background(), true)
-			cgroupPath, err := ctr.CgroupPath()
-			fmt.Println(cgroupPath)
-			if err != nil {
-				return "", errors.Wrapf(err, "could not get container cgroup")
-			}
-			p.state.CgroupPath = cgroupPath
-			p.save()
-			return cgroupPath, nil
-		}
-	}
 	return p.state.CgroupPath, nil
 }
 
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index 48049798b..ba30d878e 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -593,7 +593,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
 			return nil, err
 		}
 		infraConfig = new(define.InspectPodInfraConfig)
-		infraConfig.HostNetwork = !infra.config.ContainerNetworkConfig.UseImageHosts
+		infraConfig.HostNetwork = p.NetworkMode() == "host"
 		infraConfig.StaticIP = infra.config.ContainerNetworkConfig.StaticIP
 		infraConfig.NoManageResolvConf = infra.config.UseImageResolvConf
 		infraConfig.NoManageHosts = infra.config.UseImageHosts
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index fd3ffd199..df7174ac6 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -513,7 +513,9 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 	case define.NoLogging, define.PassthroughLogging:
 		break
 	case define.JournaldLogging:
-		ctr.initializeJournal(ctx)
+		if err := ctr.initializeJournal(ctx); err != nil {
+			return nil, fmt.Errorf("failed to initialize journal: %w", err)
+		}
 	default:
 		if ctr.config.LogPath == "" {
 			ctr.config.LogPath = filepath.Join(ctr.config.StaticDir, "ctr.log")
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index 2bbccfdf6..62ec7df60 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -199,10 +199,15 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 	// Go through and lock all containers so we can operate on them all at
 	// once.
 	// First loop also checks that we are ready to go ahead and remove.
+	containersLocked := true
 	for _, ctr := range ctrs {
 		ctrLock := ctr.lock
 		ctrLock.Lock()
-		defer ctrLock.Unlock()
+		defer func() {
+			if containersLocked {
+				ctrLock.Unlock()
+			}
+		}()
 
 		// If we're force-removing, no need to check status.
 		if force {
@@ -304,6 +309,12 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 		}
 	}
 
+	// let's unlock the containers so if there is any cleanup process, it can terminate its execution
+	for _, ctr := range ctrs {
+		ctr.lock.Unlock()
+	}
+	containersLocked = false
+
 	// Remove pod cgroup, if present
 	if p.state.CgroupPath != "" {
 		logrus.Debugf("Removing pod cgroup %s", p.state.CgroupPath)
@@ -332,7 +343,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool,
 				}
 			}
 			if err == nil {
-				if err := conmonCgroup.Delete(); err != nil {
+				if err = conmonCgroup.Delete(); err != nil {
 					if removalErr == nil {
 						removalErr = errors.Wrapf(err, "error removing pod %s conmon cgroup", p.ID())
 					} else {
diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go
index 241f6e2f2..f8788e183 100644
--- a/libpod/runtime_volume_linux.go
+++ b/libpod/runtime_volume_linux.go
@@ -73,7 +73,7 @@ func (r *Runtime) newVolume(options ...VolumeCreateOption) (_ *Volume, deferredE
 						return nil, errors.Wrapf(err, "invalid volume option %s for driver 'local'", key)
 					}
 				}
-			case "o", "type", "uid", "gid", "size", "inodes":
+			case "o", "type", "uid", "gid", "size", "inodes", "noquota":
 				// Do nothing, valid keys
 			default:
 				return nil, errors.Wrapf(define.ErrInvalidArg, "invalid mount option %s for driver 'local'", key)
@@ -111,23 +111,28 @@ func (r *Runtime) newVolume(options ...VolumeCreateOption) (_ *Volume, deferredE
 		if err := LabelVolumePath(fullVolPath); err != nil {
 			return nil, err
 		}
-		projectQuotaSupported := false
-
-		q, err := quota.NewControl(r.config.Engine.VolumePath)
-		if err == nil {
-			projectQuotaSupported = true
-		}
-		quota := quota.Quota{}
-		if volume.config.Size > 0 || volume.config.Inodes > 0 {
-			if !projectQuotaSupported {
-				return nil, errors.New("Volume options size and inodes not supported. Filesystem does not support Project Quota")
+		if volume.config.DisableQuota {
+			if volume.config.Size > 0 || volume.config.Inodes > 0 {
+				return nil, errors.New("volume options size and inodes cannot be used without quota")
 			}
-			quota.Size = volume.config.Size
-			quota.Inodes = volume.config.Inodes
-		}
-		if projectQuotaSupported {
-			if err := q.SetQuota(fullVolPath, quota); err != nil {
-				return nil, errors.Wrapf(err, "failed to set size quota size=%d inodes=%d for volume directory %q", volume.config.Size, volume.config.Inodes, fullVolPath)
+		} else {
+			projectQuotaSupported := false
+			q, err := quota.NewControl(r.config.Engine.VolumePath)
+			if err == nil {
+				projectQuotaSupported = true
+			}
+			quota := quota.Quota{}
+			if volume.config.Size > 0 || volume.config.Inodes > 0 {
+				if !projectQuotaSupported {
+					return nil, errors.New("volume options size and inodes not supported. Filesystem does not support Project Quota")
+				}
+				quota.Size = volume.config.Size
+				quota.Inodes = volume.config.Inodes
+			}
+			if projectQuotaSupported {
+				if err := q.SetQuota(fullVolPath, quota); err != nil {
+					return nil, errors.Wrapf(err, "failed to set size quota size=%d inodes=%d for volume directory %q", volume.config.Size, volume.config.Inodes, fullVolPath)
+				}
 			}
 		}
 
diff --git a/libpod/util.go b/libpod/util.go
index 51fe60427..1753b4f34 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -55,8 +55,11 @@ func WaitForFile(path string, chWait chan error, timeout time.Duration) (bool, e
 		if err := watcher.Add(filepath.Dir(path)); err == nil {
 			inotifyEvents = watcher.Events
 		}
-		defer watcher.Close()
-		defer watcher.Remove(filepath.Dir(path))
+		defer func() {
+			if err := watcher.Close(); err != nil {
+				logrus.Errorf("Failed to close fsnotify watcher: %v", err)
+			}
+		}()
 	}
 
 	var timeoutChan <-chan time.Time
diff --git a/libpod/volume.go b/libpod/volume.go
index bffafdc15..ab461a37f 100644
--- a/libpod/volume.go
+++ b/libpod/volume.go
@@ -52,6 +52,9 @@ type VolumeConfig struct {
 	Size uint64 `json:"size"`
 	// Inodes maximum of the volume.
 	Inodes uint64 `json:"inodes"`
+	// DisableQuota indicates that the volume should completely disable using any
+	// quota tracking.
+	DisableQuota bool `json:"disableQuota,omitempty"`
 }
 
 // VolumeState holds the volume's mutable state.
diff --git a/libpod/volume_internal.go b/libpod/volume_internal.go
index 9850c2ea1..e0ebb729d 100644
--- a/libpod/volume_internal.go
+++ b/libpod/volume_internal.go
@@ -52,6 +52,9 @@ func (v *Volume) needsMount() bool {
 	if _, ok := v.config.Options["SIZE"]; ok {
 		index++
 	}
+	if _, ok := v.config.Options["NOQUOTA"]; ok {
+		index++
+	}
 	// when uid or gid is set there is also the "o" option
 	// set so we have to ignore this one as well
 	if index > 0 {