4 files changed, 62 insertions, 16 deletions

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 54558f3fc..b523c89e3 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1226,6 +1226,10 @@ func (c *Container) generateHosts() (string, error) {
 			hosts += fmt.Sprintf("%s %s\n", fields[1], fields[0])
 		}
 	}
+	if len(c.state.NetworkStatus) > 0 && len(c.state.NetworkStatus[0].IPs) > 0 {
+		ipAddress := strings.Split(c.state.NetworkStatus[0].IPs[0].Address.String(), "/")[0]
+		hosts += fmt.Sprintf("%s\t%s\n", ipAddress, c.Hostname())
+	}
 	return c.writeStringToRundir("hosts", hosts)
 }
 
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 7bf2c71ca..d89eefd3b 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -360,19 +360,31 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 		g.AddMount(tmpfsMnt)
 	}
 
-	cgroupPath, err := c.CGroupPath()
-	if err != nil {
-		return err
-	}
-	sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath)
+	// rootless containers have no write access to /sys/fs/cgroup, so don't
+	// add any mount into the container.
+	if !rootless.IsRootless() {
+		cgroupPath, err := c.CGroupPath()
+		if err != nil {
+			return err
+		}
+		sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath)
 
-	systemdMnt := spec.Mount{
-		Destination: "/sys/fs/cgroup/systemd",
-		Type:        "bind",
-		Source:      sourcePath,
-		Options:     []string{"bind", "private"},
+		systemdMnt := spec.Mount{
+			Destination: "/sys/fs/cgroup/systemd",
+			Type:        "bind",
+			Source:      sourcePath,
+			Options:     []string{"bind", "private"},
+		}
+		g.AddMount(systemdMnt)
+	} else {
+		systemdMnt := spec.Mount{
+			Destination: "/sys/fs/cgroup/systemd",
+			Type:        "bind",
+			Source:      "/sys/fs/cgroup/systemd",
+			Options:     []string{"bind", "nodev", "noexec", "nosuid"},
+		}
+		g.AddMount(systemdMnt)
 	}
-	g.AddMount(systemdMnt)
 
 	return nil
 }
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index eb3d471dd..3d6fad52f 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -265,15 +265,26 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool)
 			}
 		case CgroupfsCgroupsManager:
 			// Delete the cgroupfs cgroup
+			// Make sure the conmon cgroup is deleted first
+			// Since the pod is almost gone, don't bother failing
+			// hard - instead, just log errors.
 			v1CGroups := GetV1CGroups(getExcludedCGroups())
+			conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon")
+			conmonCgroup, err := cgroups.Load(v1CGroups, cgroups.StaticPath(conmonCgroupPath))
+			if err != nil && err != cgroups.ErrCgroupDeleted {
+				return err
+			}
+			if err == nil {
+				if err := conmonCgroup.Delete(); err != nil {
+					logrus.Errorf("Error deleting pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err)
+				}
+			}
 			cgroup, err := cgroups.Load(v1CGroups, cgroups.StaticPath(p.state.CgroupPath))
 			if err != nil && err != cgroups.ErrCgroupDeleted {
 				return err
-			} else if err == nil {
+			}
+			if err == nil {
 				if err := cgroup.Delete(); err != nil {
-					// The pod is already almost gone.
-					// No point in hard-failing if we fail
-					// this bit of cleanup.
 					logrus.Errorf("Error deleting pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err)
 				}
 			}
diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go
index c5a02c776..674a57aeb 100644
--- a/test/e2e/run_dns_test.go
+++ b/test/e2e/run_dns_test.go
@@ -1,9 +1,10 @@
 package integration
 
 import (
+	"fmt"
 	"os"
+	"strings"
 
-	"fmt"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 )
@@ -82,5 +83,23 @@ var _ = Describe("Podman run dns", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.OutputToString()).To(Equal("foobar"))
+
+		session = podmanTest.Podman([]string{"run", "-d", "--hostname=foobar", ALPINE, "cat", "/etc/hosts"})
+		session.WaitWithDefaultTimeout()
+		cid := session.OutputToString()
+		session = podmanTest.Podman([]string{"start", "-ia", cid})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		session.LineInOutputContains("foobar")
+		line := strings.Split(session.OutputToStringArray()[len(session.OutputToStringArray())-1], "\t")
+		ip1 := line[0]
+
+		session = podmanTest.Podman([]string{"start", "-ia", cid})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		session.LineInOutputContains("foobar")
+		line = strings.Split(session.OutputToStringArray()[len(session.OutputToStringArray())-1], "\t")
+		ip2 := line[0]
+		Expect(ip2).To(Not(Equal(ip1)))
 	})
 })