14 files changed, 96 insertions, 17 deletions
diff --git a/Makefile b/Makefile
index d1e52b1a1..8cbbde1dc 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ export GO111MODULE=off
 
 GO ?= go
 DESTDIR ?=
-EPOCH_TEST_COMMIT ?= 5b7086abda91f4301af3bfb642d416a22349c276
+EPOCH_TEST_COMMIT ?= 55e028a12ee003e057c65e376fe4b723d28ae52e
 HEAD ?= HEAD
 CHANGELOG_BASE ?= HEAD~
 CHANGELOG_TARGET ?= HEAD
diff --git a/README.md b/README.md
index ad9c3270b..e22c35d4f 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 Libpod provides a library for applications looking to use the Container Pod concept,
 popularized by Kubernetes.  Libpod also contains the Pod Manager tool `(Podman)`. Podman manages pods, containers, container images, and container volumes.
 
-* [Latest Version: 1.4.0](https://github.com/containers/libpod/releases/latest)
+* [Latest Version: 1.4.4](https://github.com/containers/libpod/releases/latest)
 * [Continuous Integration:](contrib/cirrus/README.md) [![Build Status](https://api.cirrus-ci.com/github/containers/libpod.svg)](https://cirrus-ci.com/github/containers/libpod/master)
 
 ## Overview and scope
diff --git a/changelog.txt b/changelog.txt
index 3bc7720a8..51ac92979 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,39 @@
+- Changelog for v1.4.4 (2019-07-02)
+  * Fix release notes
+  * Ensure locks are freed when ctr/pod creation fails
+  * Update release notes for 1.4.4
+  * stats: use runtime.NumCPU when percpu counters are not available
+  * cgroups: fix times conversion
+  * Update to containers/storage v1.12.13
+  * rootless: do not join namespace if it has already euid == 0
+  * Exclude SIGTERM from blocked signals for pause process.
+  * Remove umount command from remote client.
+  * rootless: enable linger if /run/user/UID not exists
+  * Makefile: set GO111MODULE=off
+  * libpod removal from main (phase 2)
+  * runtime: do not attempt to use global conf file
+  * runtime: use GetRootlessUID() to get rootless uid
+  * Remove refs to crio/conmon
+  * Handle images which contain no layers
+  * Add tests that we don't hit errors with layerless images
+  * stats: fix cgroup path for rootless containers
+  * pkg, cgroups: add initial support for cgroup v2
+  * util: drop IsCgroup2UnifiedMode and use it from cgroups
+  * vendor: drop github.com/containerd/cgroups
+  * libpod: use pkg/cgroups instead of containerd/cgroups
+  * pkg: new package cgroups
+  * Remove unnecessary blackfriday dependency
+  * libpod: fix hang on container start and attach
+  * podman: clarify the format of --detach-keys argument
+  * libpod: specify a detach keys sequence in libpod.conf
+  * Fix parsing of the --tmpfs option
+  * Fix crash for when remote host IP or Username is not set in conf file & conf file exists.
+  * Bump gitvalidation epoch
+  * Bump to v1.4.4-dev
+  * Cirrus: More tests to verify cache_images
+  * Update release notes for 1.4.3 release
+  * remove libpod from main
+
 - Changelog for v1.4.3 (2019-06-25)
   * Update 'generate kube' tests to verify YAML
   * Use a different method to retrieve YAML output in tests
diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go
index accb15936..bf8de69fc 100644
--- a/cmd/podman/exec.go
+++ b/cmd/podman/exec.go
@@ -60,7 +60,7 @@ func execCmd(c *cliconfig.ExecValues) error {
 		argStart = 0
 	}
 	cmd := args[argStart:]
-	runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand)
+	runtime, err := adapter.GetRuntimeNoStore(getContext(), &c.PodmanCommand)
 	if err != nil {
 		return errors.Wrapf(err, "error creating libpod runtime")
 	}
diff --git a/cmd/podman/exists.go b/cmd/podman/exists.go
index 3d001f3d1..1e052e25f 100644
--- a/cmd/podman/exists.go
+++ b/cmd/podman/exists.go
@@ -107,7 +107,7 @@ func containerExistsCmd(c *cliconfig.ContainerExistsValues) error {
 	if len(args) > 1 || len(args) < 1 {
 		return errors.New("you may only check for the existence of one container at a time")
 	}
-	runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand)
+	runtime, err := adapter.GetRuntimeNoStore(getContext(), &c.PodmanCommand)
 	if err != nil {
 		return errors.Wrapf(err, "could not get runtime")
 	}
@@ -126,7 +126,7 @@ func podExistsCmd(c *cliconfig.PodExistsValues) error {
 	if len(args) > 1 || len(args) < 1 {
 		return errors.New("you may only check for the existence of one pod at a time")
 	}
-	runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand)
+	runtime, err := adapter.GetRuntimeNoStore(getContext(), &c.PodmanCommand)
 	if err != nil {
 		return errors.Wrapf(err, "could not get runtime")
 	}
diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go
index 2d511f7f8..570288837 100644
--- a/cmd/podman/libpodruntime/runtime.go
+++ b/cmd/podman/libpodruntime/runtime.go
@@ -15,20 +15,25 @@ import (
 
 // GetRuntimeMigrate gets a libpod runtime that will perform a migration of existing containers
 func GetRuntimeMigrate(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
-	return getRuntime(ctx, c, false, true)
+	return getRuntime(ctx, c, false, true, false)
 }
 
 // GetRuntimeRenumber gets a libpod runtime that will perform a lock renumber
 func GetRuntimeRenumber(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
-	return getRuntime(ctx, c, true, false)
+	return getRuntime(ctx, c, true, false, false)
 }
 
 // GetRuntime generates a new libpod runtime configured by command line options
 func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
-	return getRuntime(ctx, c, false, false)
+	return getRuntime(ctx, c, false, false, false)
 }
 
-func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber bool, migrate bool) (*libpod.Runtime, error) {
+// GetRuntimeNoStore generates a new libpod runtime configured by command line options
+func GetRuntimeNoStore(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) {
+	return getRuntime(ctx, c, false, false, true)
+}
+
+func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber, migrate, noStore bool) (*libpod.Runtime, error) {
 	options := []libpod.RuntimeOption{}
 	storageOpts := storage.StoreOptions{}
 	storageSet := false
@@ -89,6 +94,9 @@ func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber bool,
 		options = append(options, libpod.WithStorageConfig(storageOpts))
 	}
 
+	if !storageSet && noStore {
+		options = append(options, libpod.WithNoStore())
+	}
 	// TODO CLI flags for image config?
 	// TODO CLI flag for signature policy?
 
diff --git a/cmd/podman/pause.go b/cmd/podman/pause.go
index 4bef20867..ee5fd352d 100644
--- a/cmd/podman/pause.go
+++ b/cmd/podman/pause.go
@@ -1,11 +1,10 @@
 package main
 
 import (
-	"os"
-
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/adapter"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -39,7 +38,7 @@ func init() {
 }
 
 func pauseCmd(c *cliconfig.PauseValues) error {
-	if os.Geteuid() != 0 {
+	if rootless.IsRootless() && !remoteclient {
 		return errors.New("pause is not supported for rootless containers")
 	}
 
diff --git a/cmd/podman/unpause.go b/cmd/podman/unpause.go
index 55bfe584e..8126ebfbd 100644
--- a/cmd/podman/unpause.go
+++ b/cmd/podman/unpause.go
@@ -1,11 +1,10 @@
 package main
 
 import (
-	"os"
-
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/adapter"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -38,7 +37,7 @@ func init() {
 }
 
 func unpauseCmd(c *cliconfig.UnpauseValues) error {
-	if os.Geteuid() != 0 {
+	if rootless.IsRootless() && !remoteclient {
 		return errors.New("unpause is not supported for rootless containers")
 	}
 
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 8e13f86de..ce5901f69 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -39,7 +39,7 @@
 %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7})
 
 Name: podman
-Version: 1.4.4
+Version: 1.4.5
 Release: #COMMITDATE#.git%{shortcommit0}%{?dist}
 Summary: Manage Pods, Containers and Container Images
 License: ASL 2.0
diff --git a/libpod/options.go b/libpod/options.go
index 0f23a6c97..78634e953 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -300,6 +300,15 @@ func WithTmpDir(dir string) RuntimeOption {
 	}
 }
 
+// WithNoStore sets a bool on the runtime that we do not need
+// any containers storage.
+func WithNoStore() RuntimeOption {
+	return func(rt *Runtime) error {
+		rt.noStore = true
+		return nil
+	}
+}
+
 // WithMaxLogSize sets the maximum size of container logs.
 // Positive sizes are limits in bytes, -1 is unlimited.
 func WithMaxLogSize(limit int64) RuntimeOption {
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 02aa76731..e358fe4c4 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -125,6 +125,9 @@ type Runtime struct {
 
 	// mechanism to read and write even logs
 	eventer events.Eventer
+
+	// noStore indicates whether we need to interact with a store or not
+	noStore bool
 }
 
 // RuntimeConfig contains configuration options used to set up the runtime
@@ -784,11 +787,14 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
 	var store storage.Store
 	if os.Geteuid() != 0 {
 		logrus.Debug("Not configuring container store")
+	} else if runtime.noStore {
+		logrus.Debug("No store required. Not opening container store.")
 	} else {
 		store, err = storage.GetStore(runtime.config.StorageConfig)
 		if err != nil {
 			return err
 		}
+		err = nil
 
 		defer func() {
 			if err != nil && store != nil {
@@ -1148,6 +1154,8 @@ func (r *Runtime) Shutdown(force bool) error {
 	}
 
 	var lastError error
+	// If no store was requested, it can bew nil and there is no need to
+	// attempt to shut it down
 	if r.store != nil {
 		if _, err := r.store.Shutdown(force); err != nil {
 			lastError = errors.Wrapf(err, "Error shutting down container storage")
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go
index dd77b3a3e..8ef88f36b 100644
--- a/pkg/adapter/runtime.go
+++ b/pkg/adapter/runtime.go
@@ -58,12 +58,26 @@ type Volume struct {
 // VolumeFilter is for filtering volumes on the client
 type VolumeFilter func(*Volume) bool
 
+// GetRuntimeNoStore returns a localruntime struct wit an embedded runtime but
+// without a configured storage.
+func GetRuntimeNoStore(ctx context.Context, c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
+	runtime, err := libpodruntime.GetRuntimeNoStore(ctx, c)
+	if err != nil {
+		return nil, err
+	}
+	return getRuntime(runtime)
+}
+
 // GetRuntime returns a LocalRuntime struct with the actual runtime embedded in it
 func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
 	runtime, err := libpodruntime.GetRuntime(ctx, c)
 	if err != nil {
 		return nil, err
 	}
+	return getRuntime(runtime)
+}
+
+func getRuntime(runtime *libpod.Runtime) (*LocalRuntime, error) {
 	return &LocalRuntime{
 		Runtime: runtime,
 	}, nil
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index 3be89233d..800ed7569 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -50,6 +50,12 @@ type LocalRuntime struct {
 	*RemoteRuntime
 }
 
+// GetRuntimeNoStore returns a LocalRuntime struct with the actual runtime embedded in it
+// The nostore is ignored
+func GetRuntimeNoStore(ctx context.Context, c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
+	return GetRuntime(ctx, c)
+}
+
 // GetRuntime returns a LocalRuntime struct with the actual runtime embedded in it
 func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
 	var (
diff --git a/version/version.go b/version/version.go
index f19d56c31..286f66093 100644
--- a/version/version.go
+++ b/version/version.go
@@ -4,7 +4,7 @@ package version
 // NOTE: remember to bump the version at the top
 // of the top-level README.md file when this is
 // bumped.
-const Version = "1.4.4-dev"
+const Version = "1.4.5-dev"
 
 // RemoteAPIVersion is the version for the remote
 // client API.  It is used to determine compatibility