10 files changed, 108 insertions, 14 deletions

diff --git a/changelog.txt b/changelog.txt
index 0dac716d0..84d6dcea0 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,44 @@
+- Changelog for v1.8.1-rc2 (2020-02-27)
+  * Update release notes for v1.8.1-rc2
+  * Vendor in latest containers/buildah
+  * kill test: clean up warnings; document better
+  * curb flakes in integration tests
+  * spec: allow container alias name in lookup
+  * add epoch for specfile
+  * fix trivial typo
+  * Add support for multiple CNI networks in podman inspect
+  * Remove 1 sec delay
+  * Temp. skip "remove pause by id" bindings test
+  * Fix kill test obtaining CID
+  * System Tests: Force default signal handlers
+  * Fix cgroupsv2 run test, unexpected output
+  * Cirrus: SELinux Enforcing for F31 w/ CGv2
+  * Cirrus: collect podman system info
+  * Cirrus: F31: Force systemd cgroup mgr
+  * Cirrus: Temp. disable F31 p-in-p testing
+  * Cirrus: Handle runc->crun when both are possible
+  * Cirrus: Use deadline elevator in F31
+  * Cirrus: Support testing with F31
+  * rootless: become root only if the pause file is specified
+  * rootless: fix segfault when open fd >= FD_SETSIZE
+  * apiv2 tests: add more pod tests, timing check
+  * Update vendor of buildah and containers/common
+  * build: move initialization after SetXdgDirs
+  * utils: relax check for directory to use
+  * add apiv2 tests for podman pause and stop
+  * always run the docs task on post-merge
+  * Fixed build_rpm.sh script for Fedora 30
+  * Add basic deadlock detection for container start/remove
+  * Friendly amendment: tests, and a help message
+  * fix port list by container with port
+  * more image binding tests
+  * docs: symlink to host device is resolved
+  * Add --no-healthcheck command to create/run
+  * enable ci on go binding tests
+  * add more image tests for go bindings
+  * Bump to v1.8.1-dev
+  * build(deps): bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2
+
 - Changelog for v1.8.1-rc1 (2020-02-21)
   * Update release notes for v1.8.1
   * disable generation of cni firewall plugin
diff --git a/cmd/podman/build.go b/cmd/podman/build.go
index fa4689211..b8b315c68 100644
--- a/cmd/podman/build.go
+++ b/cmd/podman/build.go
@@ -352,6 +352,7 @@ func buildCmd(c *cliconfig.BuildValues) error {
 		ContextDirectory:        contextDir,
 		DefaultMountsFilePath:   c.GlobalFlags.DefaultMountsFile,
 		Err:                     stderr,
+		In:                      os.Stdin,
 		ForceRmIntermediateCtrs: c.ForceRm,
 		IIDFile:                 c.Iidfile,
 		Labels:                  c.Label,
diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go
index 6bc8aa4a3..ccc30c603 100644
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@@ -260,6 +260,7 @@ type LogsValues struct {
 	Tail       int64
 	Timestamps bool
 	Latest     bool
+	UseName    bool
 }
 
 type MountValues struct {
diff --git a/cmd/podman/logs.go b/cmd/podman/logs.go
index ebc53ddf8..0a86fa128 100644
--- a/cmd/podman/logs.go
+++ b/cmd/podman/logs.go
@@ -37,6 +37,7 @@ var (
 			return nil
 		},
 		Example: `podman logs ctrID
+  podman logs --names ctrID1 ctrID2
   podman logs --tail 2 mywebserver
   podman logs --follow=true --since 10m ctrID
   podman logs mywebserver mydbserver`,
@@ -54,6 +55,7 @@ func init() {
 	flags.StringVar(&logsCommand.Since, "since", "", "Show logs since TIMESTAMP")
 	flags.Int64Var(&logsCommand.Tail, "tail", -1, "Output the specified number of LINES at the end of the logs.  Defaults to -1, which prints all lines")
 	flags.BoolVarP(&logsCommand.Timestamps, "timestamps", "t", false, "Output the timestamps in the log")
+	flags.BoolVarP(&logsCommand.UseName, "names", "n", false, "Output the container name in the log")
 	markFlagHidden(flags, "details")
 	flags.SetInterspersed(false)
 
@@ -85,6 +87,7 @@ func logsCmd(c *cliconfig.LogsValues) error {
 		Since:      sinceTime,
 		Tail:       c.Tail,
 		Timestamps: c.Timestamps,
+		UseName:    c.UseName,
 	}
 	return runtime.Log(c, options)
 }
diff --git a/libpod/container.log.go b/libpod/container.log.go
index 7c46dde9a..514edb8c8 100644
--- a/libpod/container.log.go
+++ b/libpod/container.log.go
@@ -41,6 +41,7 @@ func (c *Container) readFromLogFile(options *logs.LogOptions, logChannel chan *l
 	if len(tailLog) > 0 {
 		for _, nll := range tailLog {
 			nll.CID = c.ID()
+			nll.CName = c.Name()
 			if nll.Since(options.Since) {
 				logChannel <- nll
 			}
@@ -63,6 +64,7 @@ func (c *Container) readFromLogFile(options *logs.LogOptions, logChannel chan *l
 				partial = ""
 			}
 			nll.CID = c.ID()
+			nll.CName = c.Name()
 			if nll.Since(options.Since) {
 				logChannel <- nll
 			}
diff --git a/libpod/container_api.go b/libpod/container_api.go
index d612341bc..dabbe27dc 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -270,11 +270,6 @@ func (c *Container) Exec(tty, privileged bool, env map[string]string, cmd []stri
 		}
 	}()
 
-	// if the user is empty, we should inherit the user that the container is currently running with
-	if user == "" {
-		user = c.config.User
-	}
-
 	opts := new(ExecOptions)
 	opts.Cmd = cmd
 	opts.CapAdd = capList
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 739026264..63968918c 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -330,7 +330,10 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 
 	// Add addition groups if c.config.GroupAdd is not empty
 	if len(c.config.Groups) > 0 {
-		gids, _ := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, nil)
+		gids, err := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, overrides)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error looking up supplemental groups for container %s", c.ID())
+		}
 		for _, gid := range gids {
 			g.AddProcessAdditionalGid(gid)
 		}
diff --git a/libpod/logs/log.go b/libpod/logs/log.go
index bd918abae..200ef3e99 100644
--- a/libpod/logs/log.go
+++ b/libpod/logs/log.go
@@ -38,6 +38,7 @@ type LogOptions struct {
 	Timestamps bool
 	Multi      bool
 	WaitGroup  *sync.WaitGroup
+	UseName    bool
 }
 
 // LogLine describes the information for each line of a log
@@ -47,6 +48,7 @@ type LogLine struct {
 	Time         time.Time
 	Msg          string
 	CID          string
+	CName        string
 }
 
 // GetLogFile returns an hp tail for a container given options
@@ -164,11 +166,16 @@ func getTailLog(path string, tail int) ([]*LogLine, error) {
 func (l *LogLine) String(options *LogOptions) string {
 	var out string
 	if options.Multi {
-		cid := l.CID
-		if len(cid) > 12 {
-			cid = cid[:12]
+		if options.UseName {
+			cname := l.CName
+			out = fmt.Sprintf("%s ", cname)
+		} else {
+			cid := l.CID
+			if len(cid) > 12 {
+				cid = cid[:12]
+			}
+			out = fmt.Sprintf("%s ", cid)
 		}
-		out = fmt.Sprintf("%s ", cid)
 	}
 	if options.Timestamps {
 		out += fmt.Sprintf("%s ", l.Time.Format(LogTimeFormat))
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 07d38693f..800f89603 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1252,18 +1252,35 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se
 
 	}
 
+	var addGroups []string
+	var sgids []uint32
+
+	// if the user is empty, we should inherit the user that the container is currently running with
+	if user == "" {
+		user = c.config.User
+		addGroups = c.config.Groups
+	}
+
 	overrides := c.getUserOverrides()
 	execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, user, overrides)
 	if err != nil {
 		return nil, err
 	}
 
+	if len(addGroups) > 0 {
+		sgids, err = lookup.GetContainerGroups(addGroups, c.state.Mountpoint, overrides)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error looking up supplemental groups for container %s exec session %s", c.ID(), sessionID)
+		}
+	}
+
 	// If user was set, look it up in the container to get a UID to use on
 	// the host
-	if user != "" {
-		sgids := make([]uint32, 0, len(execUser.Sgids))
-		for _, sgid := range execUser.Sgids {
-			sgids = append(sgids, uint32(sgid))
+	if user != "" || len(sgids) > 0 {
+		if user != "" {
+			for _, sgid := range execUser.Sgids {
+				sgids = append(sgids, uint32(sgid))
+			}
 		}
 		processUser := spec.User{
 			UID:            uint32(execUser.Uid),
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go
index ed4eb3335..ab806f683 100644
--- a/test/e2e/exec_test.go
+++ b/test/e2e/exec_test.go
@@ -1,6 +1,7 @@
 package integration
 
 import (
+	"fmt"
 	"os"
 	"strings"
 
@@ -244,4 +245,27 @@ var _ = Describe("Podman exec", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 	})
 
+	It("podman exec preserves --group-add groups", func() {
+		groupName := "group1"
+		gid := "4444"
+		ctrName1 := "ctr1"
+		ctr1 := podmanTest.Podman([]string{"run", "-ti", "--name", ctrName1, fedoraMinimal, "groupadd", "-g", gid, groupName})
+		ctr1.WaitWithDefaultTimeout()
+		Expect(ctr1.ExitCode()).To(Equal(0))
+
+		imgName := "img1"
+		commit := podmanTest.Podman([]string{"commit", ctrName1, imgName})
+		commit.WaitWithDefaultTimeout()
+		Expect(commit.ExitCode()).To(Equal(0))
+
+		ctrName2 := "ctr2"
+		ctr2 := podmanTest.Podman([]string{"run", "-d", "--name", ctrName2, "--group-add", groupName, imgName, "sleep", "300"})
+		ctr2.WaitWithDefaultTimeout()
+		Expect(ctr2.ExitCode()).To(Equal(0))
+
+		exec := podmanTest.Podman([]string{"exec", "-ti", ctrName2, "id"})
+		exec.WaitWithDefaultTimeout()
+		Expect(exec.ExitCode()).To(Equal(0))
+		Expect(strings.Contains(exec.OutputToString(), fmt.Sprintf("%s(%s)", gid, groupName))).To(BeTrue())
+	})
 })