6 files changed, 44 insertions, 34 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 248ff1b7d..9f6825c95 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -95,15 +95,6 @@ func createInit(c *cli.Context) error {
 		return err
 	}
 
-	if c.String("cidfile") != "" {
-		if _, err := os.Stat(c.String("cidfile")); err == nil {
-			return errors.Errorf("container id file exists. ensure another container is not using it or delete %s", c.String("cidfile"))
-		}
-		if err := libpod.WriteFile("", c.String("cidfile")); err != nil {
-			return errors.Wrapf(err, "unable to write cidfile %s", c.String("cidfile"))
-		}
-	}
-
 	if len(c.Args()) < 1 {
 		return errors.Errorf("image name or ID is required")
 	}
@@ -119,6 +110,20 @@ func createContainer(c *cli.Context, runtime *libpod.Runtime) (*libpod.Container
 		rootfs = c.Args()[0]
 	}
 
+	var err error
+	var cidFile *os.File
+	if c.IsSet("cidfile") && os.Geteuid() == 0 {
+		cidFile, err = libpod.OpenExclusiveFile(c.String("cidfile"))
+		if err != nil && os.IsExist(err) {
+			return nil, nil, errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", c.String("cidfile"))
+		}
+		if err != nil {
+			return nil, nil, errors.Errorf("error opening cidfile %s", c.String("cidfile"))
+		}
+		defer cidFile.Close()
+		defer cidFile.Sync()
+	}
+
 	imageName := ""
 	var data *inspect.ImageData = nil
 
@@ -171,12 +176,14 @@ func createContainer(c *cli.Context, runtime *libpod.Runtime) (*libpod.Container
 		return nil, nil, err
 	}
 
-	if c.String("cidfile") != "" {
-		err := libpod.WriteFile(ctr.ID(), c.String("cidfile"))
+	if cidFile != nil {
+		_, err = cidFile.WriteString(ctr.ID())
 		if err != nil {
 			logrus.Error(err)
 		}
+
 	}
+
 	logrus.Debugf("New container created %q", ctr.ID())
 	return ctr, createConfig, nil
 }
diff --git a/cmd/podman/pod_create.go b/cmd/podman/pod_create.go
index c3a45a093..63fa6b294 100644
--- a/cmd/podman/pod_create.go
+++ b/cmd/podman/pod_create.go
@@ -90,13 +90,17 @@ func podCreateCmd(c *cli.Context) error {
 	}
 	defer runtime.Shutdown(false)
 
-	if c.IsSet("pod-id-file") {
-		if _, err = os.Stat(c.String("pod-id-file")); err == nil {
-			return errors.Errorf("pod id file exists. ensure another pod is not using it or delete %s", c.String("pod-id-file"))
+	var podIdFile *os.File
+	if c.IsSet("pod-id-file") && os.Geteuid() == 0 {
+		podIdFile, err = libpod.OpenExclusiveFile(c.String("pod-id-file"))
+		if err != nil && os.IsExist(err) {
+			return errors.Errorf("pod id file exists. Ensure another pod is not using it or delete %s", c.String("pod-id-file"))
 		}
-		if err = libpod.WriteFile("", c.String("pod-id-file")); err != nil {
-			return errors.Wrapf(err, "unable to write pod id file %s", c.String("pod-id-file"))
+		if err != nil {
+			return errors.Errorf("error opening pod-id-file %s", c.String("pod-id-file"))
 		}
+		defer podIdFile.Close()
+		defer podIdFile.Sync()
 	}
 	if !c.BoolT("infra") && c.IsSet("share") && c.String("share") != "none" && c.String("share") != "" {
 		return errors.Errorf("You cannot share kernel namespaces on the pod level without an infra container")
@@ -137,8 +141,8 @@ func podCreateCmd(c *cli.Context) error {
 		return err
 	}
 
-	if c.IsSet("pod-id-file") {
-		err = libpod.WriteFile(pod.ID(), c.String("pod-id-file"))
+	if podIdFile != nil {
+		_, err = podIdFile.WriteString(pod.ID())
 		if err != nil {
 			logrus.Error(err)
 		}
diff --git a/libpod.conf b/libpod.conf
index 2976cec02..d7469af68 100644
--- a/libpod.conf
+++ b/libpod.conf
@@ -8,6 +8,8 @@ image_default_transport = "docker://"
 runtime_path = [
 	     "/usr/bin/runc",
 	     "/usr/sbin/runc",
+	     "/usr/local/bin/runc",
+	     "/usr/local/sbin/runc",
 	     "/sbin/runc",
 	     "/bin/runc",
 	     "/usr/lib/cri-o-runc/sbin/runc"
@@ -17,6 +19,7 @@ runtime_path = [
 conmon_path = [
 	    "/usr/libexec/podman/conmon",
 	    "/usr/libexec/crio/conmon",
+	    "/usr/local/lib/podman/conmon",
 	    "/usr/local/libexec/crio/conmon",
 	    "/usr/bin/conmon",
 	    "/usr/sbin/conmon",
@@ -55,6 +58,7 @@ cni_config_dir = "/etc/cni/net.d/"
 cni_plugin_dir = [
 	       "/usr/libexec/cni",
 	       "/usr/lib/cni",
+	       "/usr/local/lib/cni",
 	       "/opt/cni/bin"
 ]
 
diff --git a/libpod/util.go b/libpod/util.go
index 3b51e4fcc..7007b29cd 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -24,22 +24,15 @@ const (
 	DefaultTransport = "docker://"
 )
 
-// WriteFile writes a provided string to a provided path
-func WriteFile(content string, path string) error {
+// OpenExclusiveFile opens a file for writing and ensure it doesn't already exist
+func OpenExclusiveFile(path string) (*os.File, error) {
 	baseDir := filepath.Dir(path)
 	if baseDir != "" {
 		if _, err := os.Stat(baseDir); err != nil {
-			return err
+			return nil, err
 		}
 	}
-	f, err := os.Create(path)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	f.WriteString(content)
-	f.Sync()
-	return nil
+	return os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666)
 }
 
 // FuncTimer helps measure the execution time of a function
diff --git a/vendor.conf b/vendor.conf
index 8004f9056..dfcdbbe80 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -12,7 +12,7 @@ github.com/containerd/continuity master
 github.com/containernetworking/cni v0.7.0-alpha1
 github.com/containernetworking/plugins 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1
 github.com/containers/image bd10b1b53b2976f215b3f2f848fb8e7cad779aeb
-github.com/containers/storage 24f0de45708bc6e4c8062828cd03812aaebc30db https://github.com/rhatdan/storage
+github.com/containers/storage bd5818eda84012cf1db4dafbddd4b7509bb77142
 github.com/containers/psgo 5dde6da0bc8831b35243a847625bcf18183bd1ee
 github.com/coreos/go-systemd v14
 github.com/cri-o/ocicni 2d2983e40c242322a56c22a903785e7f83eb378c
diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
index 66ccc6a63..2e0498f51 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -138,10 +138,12 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap
 	}
 
 	// check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs
-	switch fsMagic {
-	case graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs:
-		logrus.Errorf("'overlay' is not supported over %s", backingFs)
-		return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "'overlay' is not supported over %s", backingFs)
+	if opts.mountProgram == "" {
+		switch fsMagic {
+		case graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs:
+			logrus.Errorf("'overlay' is not supported over %s", backingFs)
+			return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "'overlay' is not supported over %s", backingFs)
+		}
 	}
 
 	rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps)