Merge pull request #7289 from vrothberg/v2-backports

V2 backports
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2020-08-11 15:00:57 -0400
committer: GitHub <noreply@github.com> 2020-08-11 15:00:57 -0400
commit: 1deb4d1d70efb6d62f4fe5e735c94523f930b6d7 (patch)
tree: 394020b1a48f76cd283e450d6952cf08a4f53dde /pkg
parent: 9a9ad853cb6781460829cb139cecbf9aff37896d (diff)
parent: 3f2cab86433859a1facf1996ad68dac23c9899b9 (diff)
download: podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.tar.gz
podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.tar.bz2
podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.zip
19 files changed, 105 insertions, 90 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 8ac5b80c1..3d9efe61e 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -20,6 +20,7 @@ import (
 	"github.com/containers/libpod/v2/pkg/api/handlers/utils"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/gorilla/schema"
+	"github.com/sirupsen/logrus"
 )
 
 func BuildImage(w http.ResponseWriter, r *http.Request) {
@@ -33,7 +34,13 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if hdr, found := r.Header["Content-Type"]; found && len(hdr) > 0 {
-		if hdr[0] != "application/x-tar" {
+		contentType := hdr[0]
+		switch contentType {
+		case "application/tar":
+			logrus.Warnf("tar file content type is  %s, should use \"application/x-tar\" content type", contentType)
+		case "application/x-tar":
+			break
+		default:
 			utils.BadRequest(w, "Content-Type", hdr[0],
 				fmt.Errorf("Content-Type: %s is not supported. Should be \"application/x-tar\"", hdr[0]))
 			return
diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go
index 2e11c0edb..ad15be270 100644
--- a/pkg/api/handlers/compat/networks.go
+++ b/pkg/api/handlers/compat/networks.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/containernetworking/cni/libcni"
 	"github.com/containers/libpod/v2/libpod"
+	"github.com/containers/libpod/v2/libpod/define"
 	"github.com/containers/libpod/v2/pkg/api/handlers/utils"
 	"github.com/containers/libpod/v2/pkg/domain/entities"
 	"github.com/containers/libpod/v2/pkg/domain/infra/abi"
@@ -44,9 +45,7 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) {
 	name := utils.GetName(r)
 	_, err = network.InspectNetwork(config, name)
 	if err != nil {
-		// TODO our network package does not distinguish between not finding a
-		// specific network vs not being able to read it
-		utils.InternalServerError(w, err)
+		utils.NetworkNotFound(w, name, err)
 		return
 	}
 	report, err := getNetworkResourceByName(name, runtime)
@@ -285,7 +284,7 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if !exists {
-		utils.Error(w, "network not found", http.StatusNotFound, network.ErrNetworkNotFound)
+		utils.Error(w, "network not found", http.StatusNotFound, define.ErrNoSuchNetwork)
 		return
 	}
 	if err := network.RemoveNetwork(config, name); err != nil {
diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go
index 21904e21f..2303ff17a 100644
--- a/pkg/api/handlers/libpod/containers.go
+++ b/pkg/api/handlers/libpod/containers.go
@@ -23,6 +23,7 @@ func ContainerExists(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		if errors.Cause(err) == define.ErrNoSuchCtr {
 			utils.ContainerNotFound(w, name, err)
+			return
 		}
 		utils.InternalServerError(w, err)
 		return
diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go
index 12409bf50..0164d5d13 100644
--- a/pkg/api/handlers/libpod/networks.go
+++ b/pkg/api/handlers/libpod/networks.go
@@ -5,10 +5,10 @@ import (
 	"net/http"
 
 	"github.com/containers/libpod/v2/libpod"
+	"github.com/containers/libpod/v2/libpod/define"
 	"github.com/containers/libpod/v2/pkg/api/handlers/utils"
 	"github.com/containers/libpod/v2/pkg/domain/entities"
 	"github.com/containers/libpod/v2/pkg/domain/infra/abi"
-	"github.com/containers/libpod/v2/pkg/network"
 	"github.com/gorilla/schema"
 	"github.com/pkg/errors"
 )
@@ -78,7 +78,7 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) {
 	}
 	if reports[0].Err != nil {
 		// If the network cannot be found, we return a 404.
-		if errors.Cause(err) == network.ErrNetworkNotFound {
+		if errors.Cause(err) == define.ErrNoSuchNetwork {
 			utils.Error(w, "Something went wrong", http.StatusNotFound, err)
 			return
 		}
@@ -104,7 +104,7 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) {
 	reports, err := ic.NetworkInspect(r.Context(), []string{name}, options)
 	if err != nil {
 		// If the network cannot be found, we return a 404.
-		if errors.Cause(err) == network.ErrNetworkNotFound {
+		if errors.Cause(err) == define.ErrNoSuchNetwork {
 			utils.Error(w, "Something went wrong", http.StatusNotFound, err)
 			return
 		}
diff --git a/pkg/api/handlers/utils/errors.go b/pkg/api/handlers/utils/errors.go
index 00d09ac11..5e77b4049 100644
--- a/pkg/api/handlers/utils/errors.go
+++ b/pkg/api/handlers/utils/errors.go
@@ -39,6 +39,7 @@ func VolumeNotFound(w http.ResponseWriter, name string, err error) {
 	msg := fmt.Sprintf("No such volume: %s", name)
 	Error(w, msg, http.StatusNotFound, err)
 }
+
 func ContainerNotFound(w http.ResponseWriter, name string, err error) {
 	if errors.Cause(err) != define.ErrNoSuchCtr {
 		InternalServerError(w, err)
@@ -55,6 +56,14 @@ func ImageNotFound(w http.ResponseWriter, name string, err error) {
 	Error(w, msg, http.StatusNotFound, err)
 }
 
+func NetworkNotFound(w http.ResponseWriter, name string, err error) {
+	if errors.Cause(err) != define.ErrNoSuchNetwork {
+		InternalServerError(w, err)
+	}
+	msg := fmt.Sprintf("No such network: %s", name)
+	Error(w, msg, http.StatusNotFound, err)
+}
+
 func PodNotFound(w http.ResponseWriter, name string, err error) {
 	if errors.Cause(err) != define.ErrNoSuchPod {
 		InternalServerError(w, err)
diff --git a/pkg/api/handlers/utils/images.go b/pkg/api/handlers/utils/images.go
index 195e71b75..63b1b566b 100644
--- a/pkg/api/handlers/utils/images.go
+++ b/pkg/api/handlers/utils/images.go
@@ -93,20 +93,14 @@ func GetImages(w http.ResponseWriter, r *http.Request) ([]*image.Image, error) {
 	if query.All {
 		return images, nil
 	}
-	returnImages := []*image.Image{}
-	for _, img := range images {
-		if len(img.Names()) == 0 {
-			parent, err := img.IsParent(r.Context())
-			if err != nil {
-				return nil, err
-			}
-			if parent {
-				continue
-			}
-		}
-		returnImages = append(returnImages, img)
+
+	filter, err := runtime.ImageRuntime().IntermediateFilter(r.Context(), images)
+	if err != nil {
+		return nil, err
 	}
-	return returnImages, nil
+	images = image.FilterImages(images, []image.ResultFilter{filter})
+
+	return images, nil
 }
 
 func GetImage(r *http.Request, name string) (*image.Image, error) {
diff --git a/pkg/api/server/register_ping.go b/pkg/api/server/register_ping.go
index 70e88ee00..d4ae78e74 100644
--- a/pkg/api/server/register_ping.go
+++ b/pkg/api/server/register_ping.go
@@ -9,9 +9,8 @@ import (
 
 func (s *APIServer) registerPingHandlers(r *mux.Router) error {
 
-	r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet)
-	r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodHead)
-
+	r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
+	r.Handle(VersionedPath("/_ping"), s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
 	// swagger:operation GET /libpod/_ping libpod libpodPingGet
 	// ---
 	//   summary: Ping service
@@ -62,7 +61,7 @@ func (s *APIServer) registerPingHandlers(r *mux.Router) error {
 	//               determine if talking to Podman engine or another engine
 	//     500:
 	//       $ref: "#/responses/InternalError"
-	r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet)
-	r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodHead)
+	r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
+	r.Handle(VersionedPath("/libpod/_ping"), s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
 	return nil
 }
diff --git a/pkg/bindings/containers/containers.go b/pkg/bindings/containers/containers.go
index c690ea125..c479e5dcb 100644
--- a/pkg/bindings/containers/containers.go
+++ b/pkg/bindings/containers/containers.go
@@ -98,7 +98,7 @@ func Remove(ctx context.Context, nameOrID string, force, volumes *bool) error {
 		params.Set("force", strconv.FormatBool(*force))
 	}
 	if volumes != nil {
-		params.Set("vols", strconv.FormatBool(*volumes))
+		params.Set("v", strconv.FormatBool(*volumes))
 	}
 	response, err := conn.DoRequest(nil, http.MethodDelete, "/containers/%s", params, nil, nameOrID)
 	if err != nil {
diff --git a/pkg/domain/infra/abi/generate.go b/pkg/domain/infra/abi/generate.go
index 560be988b..cff09bf2d 100644
--- a/pkg/domain/infra/abi/generate.go
+++ b/pkg/domain/infra/abi/generate.go
@@ -20,9 +20,10 @@ func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string,
 	if ctrErr == nil {
 		// Generate the unit for the container.
 		s, err := generate.ContainerUnit(ctr, options)
-		if err == nil {
-			return &entities.GenerateSystemdReport{Output: s}, nil
+		if err != nil {
+			return nil, err
 		}
+		return &entities.GenerateSystemdReport{Output: s}, nil
 	}
 
 	// If it's not a container, we either have a pod or garbage.
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 9f594d728..5f19f416a 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -7,6 +7,7 @@ import (
 	"io/ioutil"
 	"net/url"
 	"os"
+	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -564,10 +565,6 @@ func (ir *ImageEngine) Shutdown(_ context.Context) {
 }
 
 func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entities.SignOptions) (*entities.SignReport, error) {
-	dockerRegistryOptions := image.DockerRegistryOptions{
-		DockerCertPath: options.CertDir,
-	}
-
 	mech, err := signature.NewGPGSigningMechanism()
 	if err != nil {
 		return nil, errors.Wrap(err, "error initializing GPG")
@@ -586,7 +583,6 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 	}
 
 	for _, signimage := range names {
-		var sigStoreDir string
 		srcRef, err := alltransports.ParseImageName(signimage)
 		if err != nil {
 			return nil, errors.Wrapf(err, "error parsing image name")
@@ -607,40 +603,38 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 		if dockerReference == nil {
 			return nil, errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference()))
 		}
-
-		// create the signstore file
-		rtc, err := ir.Libpod.GetConfig()
-		if err != nil {
-			return nil, err
-		}
-		newImage, err := ir.Libpod.ImageRuntime().New(ctx, signimage, rtc.Engine.SignaturePolicyPath, "", os.Stderr, &dockerRegistryOptions, image.SigningOptions{SignBy: options.SignBy}, nil, util.PullImageMissing)
-		if err != nil {
-			return nil, errors.Wrapf(err, "error pulling image %s", signimage)
+		var sigStoreDir string
+		if options.Directory != "" {
+			sigStoreDir = options.Directory
 		}
 		if sigStoreDir == "" {
 			if rootless.IsRootless() {
 				sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore")
 			} else {
+				var sigStoreURI string
 				registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
 				if registryInfo != nil {
-					if sigStoreDir = registryInfo.SigStoreStaging; sigStoreDir == "" {
-						sigStoreDir = registryInfo.SigStore
-
+					if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" {
+						sigStoreURI = registryInfo.SigStore
 					}
 				}
+				if sigStoreURI == "" {
+					return nil, errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String())
+
+				}
+				sigStoreDir, err = localPathFromURI(sigStoreURI)
+				if err != nil {
+					return nil, errors.Wrapf(err, "invalid signature storage %s", sigStoreURI)
+				}
 			}
 		}
-		sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
+		manifestDigest, err := manifest.Digest(getManifest)
 		if err != nil {
-			return nil, errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
-		}
-		repos, err := newImage.RepoDigests()
-		if err != nil {
-			return nil, errors.Wrapf(err, "error calculating repo digests for %s", signimage)
+			return nil, err
 		}
-		if len(repos) == 0 {
-			logrus.Errorf("no repodigests associated with the image %s", signimage)
-			continue
+		repo := reference.Path(dockerReference)
+		if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references
+			return nil, errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String())
 		}
 
 		// create signature
@@ -648,22 +642,21 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 		if err != nil {
 			return nil, errors.Wrapf(err, "error creating new signature")
 		}
-
-		trimmedDigest := strings.TrimPrefix(repos[0], strings.Split(repos[0], "/")[0])
-		sigStoreDir = filepath.Join(sigStoreDir, strings.Replace(trimmedDigest, ":", "=", 1))
-		if err := os.MkdirAll(sigStoreDir, 0751); err != nil {
+		// create the signstore file
+		signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex())
+		if err := os.MkdirAll(signatureDir, 0751); err != nil {
 			// The directory is allowed to exist
 			if !os.IsExist(err) {
-				logrus.Errorf("error creating directory %s: %s", sigStoreDir, err)
+				logrus.Errorf("error creating directory %s: %s", signatureDir, err)
 				continue
 			}
 		}
-		sigFilename, err := getSigFilename(sigStoreDir)
+		sigFilename, err := getSigFilename(signatureDir)
 		if err != nil {
 			logrus.Errorf("error creating sigstore file: %v", err)
 			continue
 		}
-		err = ioutil.WriteFile(filepath.Join(sigStoreDir, sigFilename), newSig, 0644)
+		err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
 		if err != nil {
 			logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
 			continue
@@ -691,14 +684,12 @@ func getSigFilename(sigStoreDirPath string) (string, error) {
 	}
 }
 
-func isValidSigStoreDir(sigStoreDir string) (string, error) {
-	writeURIs := map[string]bool{"file": true}
+func localPathFromURI(sigStoreDir string) (string, error) {
 	url, err := url.Parse(sigStoreDir)
 	if err != nil {
 		return sigStoreDir, errors.Wrapf(err, "invalid directory %s", sigStoreDir)
 	}
-	_, exists := writeURIs[url.Scheme]
-	if !exists {
+	if url.Scheme != "file" {
 		return sigStoreDir, errors.Errorf("writing to %s is not supported. Use a supported scheme", sigStoreDir)
 	}
 	sigStoreDir = url.Path
diff --git a/pkg/domain/infra/abi/images_list.go b/pkg/domain/infra/abi/images_list.go
index 06ef673c7..bb5775db5 100644
--- a/pkg/domain/infra/abi/images_list.go
+++ b/pkg/domain/infra/abi/images_list.go
@@ -13,6 +13,14 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
 		return nil, err
 	}
 
+	if !opts.All {
+		filter, err := ir.Libpod.ImageRuntime().IntermediateFilter(ctx, images)
+		if err != nil {
+			return nil, err
+		}
+		images = libpodImage.FilterImages(images, []libpodImage.ResultFilter{filter})
+	}
+
 	summaries := []*entities.ImageSummary{}
 	for _, img := range images {
 		var repoTags []string
@@ -32,15 +40,6 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
 			if err != nil {
 				return nil, err
 			}
-			if len(img.Names()) == 0 {
-				parent, err := img.IsParent(ctx)
-				if err != nil {
-					return nil, err
-				}
-				if parent {
-					continue
-				}
-			}
 		}
 
 		digests := make([]string, len(img.Digests()))
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 4ee709e37..8835248ca 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -500,9 +500,6 @@ func (ic *ContainerEngine) ContainerList(ctx context.Context, options entities.C
 }
 
 func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.ContainerRunOptions) (*entities.ContainerRunReport, error) {
-	if opts.Rm {
-		logrus.Info("the remote client does not support --rm yet")
-	}
 	con, err := containers.CreateWithSpec(ic.ClientCxt, opts.Spec)
 	if err != nil {
 		return nil, err
@@ -526,6 +523,17 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
 	if err != nil {
 		report.ExitCode = define.ExitCode(err)
 	}
+	if opts.Rm {
+		if err := containers.Remove(ic.ClientCxt, con.ID, bindings.PFalse, bindings.PTrue); err != nil {
+			if errors.Cause(err) == define.ErrNoSuchCtr ||
+				errors.Cause(err) == define.ErrCtrRemoved {
+				logrus.Warnf("Container %s does not exist: %v", con.ID, err)
+			} else {
+				logrus.Errorf("Error removing container %s: %v", con.ID, err)
+			}
+		}
+	}
+
 	return &report, err
 }
 
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index bfe5fbec3..2e30621c5 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -188,7 +188,11 @@ func (ir *ImageEngine) Load(ctx context.Context, opts entities.ImageLoadOptions)
 		return nil, err
 	}
 	defer f.Close()
-	return images.Load(ir.ClientCxt, f, &opts.Name)
+	ref := opts.Name
+	if len(opts.Tag) > 0 {
+		ref += ":" + opts.Tag
+	}
+	return images.Load(ir.ClientCxt, f, &ref)
 }
 
 func (ir *ImageEngine) Import(ctx context.Context, opts entities.ImageImportOptions) (*entities.ImageImportReport, error) {
diff --git a/pkg/network/config.go b/pkg/network/config.go
index a504e0ad0..0115433e1 100644
--- a/pkg/network/config.go
+++ b/pkg/network/config.go
@@ -2,7 +2,6 @@ package network
 
 import (
 	"encoding/json"
-	"errors"
 	"net"
 )
 
@@ -20,10 +19,6 @@ const (
 	DefaultPodmanDomainName = "dns.podman"
 )
 
-var (
-	ErrNetworkNotFound = errors.New("network not found")
-)
-
 // GetDefaultPodmanNetwork outputs the default network for podman
 func GetDefaultPodmanNetwork() (*net.IPNet, error) {
 	_, n, err := net.ParseCIDR("10.88.1.0/24")
diff --git a/pkg/network/files.go b/pkg/network/files.go
index beb3289f3..f174a762c 100644
--- a/pkg/network/files.go
+++ b/pkg/network/files.go
@@ -10,6 +10,7 @@ import (
 	"github.com/containernetworking/cni/libcni"
 	"github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/libpod/v2/libpod/define"
 	"github.com/pkg/errors"
 )
 
@@ -55,7 +56,7 @@ func GetCNIConfigPathByName(config *config.Config, name string) (string, error)
 			return confFile, nil
 		}
 	}
-	return "", errors.Wrap(ErrNetworkNotFound, fmt.Sprintf("unable to find network configuration for %s", name))
+	return "", errors.Wrap(define.ErrNoSuchNetwork, fmt.Sprintf("unable to find network configuration for %s", name))
 }
 
 // ReadRawCNIConfByName reads the raw CNI configuration for a CNI
diff --git a/pkg/network/network.go b/pkg/network/network.go
index cbebb0be8..37f3f721a 100644
--- a/pkg/network/network.go
+++ b/pkg/network/network.go
@@ -8,6 +8,7 @@ import (
 	"github.com/containernetworking/cni/pkg/types"
 	"github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/libpod/v2/libpod/define"
 	"github.com/containers/libpod/v2/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -200,7 +201,7 @@ func InspectNetwork(config *config.Config, name string) (map[string]interface{},
 func Exists(config *config.Config, name string) (bool, error) {
 	_, err := ReadRawCNIConfByName(config, name)
 	if err != nil {
-		if errors.Cause(err) == ErrNetworkNotFound {
+		if errors.Cause(err) == define.ErrNoSuchNetwork {
 			return false, nil
 		}
 		return false, err
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 716db81dc..2c6f7ae38 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -205,7 +205,7 @@ can_use_shortcut ()
 
       if (strcmp (argv[argc], "mount") == 0
           || strcmp (argv[argc], "search") == 0
-          || strcmp (argv[argc], "system") == 0)
+          || (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0))
         {
           ret = false;
           break;
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 566830cd8..22670ca61 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -153,7 +153,9 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
 	// User
 	switch s.UserNS.NSMode {
 	case specgen.KeepID:
-		if !rootless.IsRootless() {
+		if rootless.IsRootless() {
+			toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry())
+		} else {
 			// keep-id as root doesn't need a user namespace
 			s.UserNS.NSMode = specgen.Host
 		}
@@ -452,6 +454,10 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
 func GetNamespaceOptions(ns []string) ([]libpod.PodCreateOption, error) {
 	var options []libpod.PodCreateOption
 	var erroredOptions []libpod.PodCreateOption
+	if ns == nil {
+		//set the default namespaces
+		ns = strings.Split(specgen.DefaultKernelNamespaces, ",")
+	}
 	for _, toShare := range ns {
 		switch toShare {
 		case "cgroup":
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 60de099fa..2348bc410 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -12,9 +12,9 @@ import (
 	"strings"
 
 	"github.com/containers/image/v5/types"
+	"github.com/ghodss/yaml"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"gopkg.in/yaml.v2"
 )
 
 // PolicyContent struct for policy.json file
@@ -157,7 +157,7 @@ func HaveMatchRegistry(key string, registryConfigs *RegistryConfiguration) *Regi
 			searchKey = searchKey[:strings.LastIndex(searchKey, "/")]
 		}
 	}
-	return nil
+	return registryConfigs.DefaultDocker
 }
 
 // CreateTmpFile creates a temp file under dir and writes the content into it
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2020-08-11 15:00:57 -0400
committer	GitHub <noreply@github.com>	2020-08-11 15:00:57 -0400
commit	1deb4d1d70efb6d62f4fe5e735c94523f930b6d7 (patch)
tree	394020b1a48f76cd283e450d6952cf08a4f53dde /pkg
parent	9a9ad853cb6781460829cb139cecbf9aff37896d (diff)
parent	3f2cab86433859a1facf1996ad68dac23c9899b9 (diff)
download	podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.tar.gz podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.tar.bz2 podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.zip