22 files changed, 61 insertions, 7 deletions

diff --git a/CODE-OF-CONDUCT.md b/CODE-OF-CONDUCT.md
index b23672b1a..e418693f7 100644
--- a/CODE-OF-CONDUCT.md
+++ b/CODE-OF-CONDUCT.md
@@ -1,3 +1,3 @@
 ## The Podman Project Community Code of Conduct
 
-The Podman project which includes Libpod, follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/master/CODE-OF-CONDUCT.md).
+The Podman project which includes Libpod, follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md).
diff --git a/SECURITY.md b/SECURITY.md
index 03a192044..1f6d5088d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,3 @@
 ## Security and Disclosure Information Policy for the Libpod Project
 
-The Libpod Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects.
+The Libpod Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/main/SECURITY.md) for the Containers Projects.
diff --git a/libpod/container.go b/libpod/container.go
index c6f0cd618..4b9bea5fc 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -957,6 +957,12 @@ func (c *Container) cGroupPath() (string, error) {
 	// is the libpod-specific one we're looking for.
 	//
 	// See #8397 on the need for the longest-path look up.
+	//
+	// And another workaround for containers running systemd as the payload.
+	// containers running systemd moves themselves into a child subgroup of
+	// the named systemd cgroup hierarchy.  Ignore any named cgroups during
+	// the lookup.
+	// See #10602 for more details.
 	procPath := fmt.Sprintf("/proc/%d/cgroup", c.state.PID)
 	lines, err := ioutil.ReadFile(procPath)
 	if err != nil {
@@ -972,6 +978,10 @@ func (c *Container) cGroupPath() (string, error) {
 			logrus.Debugf("Error parsing cgroup: expected 3 fields but got %d: %s", len(fields), procPath)
 			continue
 		}
+		// Ignore named cgroups like name=systemd.
+		if bytes.Contains(fields[1], []byte("=")) {
+			continue
+		}
 		path := string(fields[2])
 		if len(path) > len(cgroupPath) {
 			cgroupPath = path
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index f77825efd..69ba4671e 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -42,6 +42,7 @@ const (
 	// name of the directory holding the artifacts
 	artifactsDir      = "artifacts"
 	execDirPermission = 0755
+	preCheckpointDir  = "pre-checkpoint"
 )
 
 // rootFsSize gets the size of the container's root filesystem
@@ -141,7 +142,7 @@ func (c *Container) CheckpointPath() string {
 
 // PreCheckpointPath returns the path to the directory containing the pre-checkpoint-images
 func (c *Container) PreCheckPointPath() string {
-	return filepath.Join(c.bundlePath(), "pre-checkpoint")
+	return filepath.Join(c.bundlePath(), preCheckpointDir)
 }
 
 // AttachSocketPath retrieves the path of the container's attach socket
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 94bf7855b..ddfccb999 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -909,14 +909,15 @@ func (c *Container) exportCheckpoint(options ContainerCheckpointOptions) error {
 	includeFiles := []string{
 		"artifacts",
 		"ctr.log",
-		metadata.CheckpointDirectory,
 		metadata.ConfigDumpFile,
 		metadata.SpecDumpFile,
 		metadata.NetworkStatusFile,
 	}
 
 	if options.PreCheckPoint {
-		includeFiles[0] = "pre-checkpoint"
+		includeFiles = append(includeFiles, preCheckpointDir)
+	} else {
+		includeFiles = append(includeFiles, metadata.CheckpointDirectory)
 	}
 	// Get root file-system changes included in the checkpoint archive
 	var addToTarFiles []string
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 3da49b85f..2914bd1a1 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -787,7 +787,11 @@ func (r *ConmonOCIRuntime) CheckpointContainer(ctr *Container, options Container
 		args = append(args, "--pre-dump")
 	}
 	if !options.PreCheckPoint && options.WithPrevious {
-		args = append(args, "--parent-path", ctr.PreCheckPointPath())
+		args = append(
+			args,
+			"--parent-path",
+			filepath.Join("..", preCheckpointDir),
+		)
 	}
 	runtimeDir, err := util.GetRuntimeDir()
 	if err != nil {
diff --git a/pkg/machine/config.go b/pkg/machine/config.go
index 58794ce42..db9bfa7de 100644
--- a/pkg/machine/config.go
+++ b/pkg/machine/config.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package machine
 
 import (
diff --git a/pkg/machine/connection.go b/pkg/machine/connection.go
index e3985d8ac..3edcbd10e 100644
--- a/pkg/machine/connection.go
+++ b/pkg/machine/connection.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package machine
 
 import (
diff --git a/pkg/machine/fcos.go b/pkg/machine/fcos.go
index 32f943c87..11936aee7 100644
--- a/pkg/machine/fcos.go
+++ b/pkg/machine/fcos.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package machine
 
 import (
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index a5c7210af..1d77083d0 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package machine
 
 import (
diff --git a/pkg/machine/ignition_schema.go b/pkg/machine/ignition_schema.go
index 9dbd90ba4..6ac8af826 100644
--- a/pkg/machine/ignition_schema.go
+++ b/pkg/machine/ignition_schema.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package machine
 
 /*
diff --git a/pkg/machine/keys.go b/pkg/machine/keys.go
index 907e28f55..81ec44ea8 100644
--- a/pkg/machine/keys.go
+++ b/pkg/machine/keys.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package machine
 
 import (
diff --git a/pkg/machine/libvirt/config.go b/pkg/machine/libvirt/config.go
index 903f15fbc..1ce5ab154 100644
--- a/pkg/machine/libvirt/config.go
+++ b/pkg/machine/libvirt/config.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package libvirt
 
 type MachineVM struct {
diff --git a/pkg/machine/libvirt/machine.go b/pkg/machine/libvirt/machine.go
index c38f63853..e1aa1569b 100644
--- a/pkg/machine/libvirt/machine.go
+++ b/pkg/machine/libvirt/machine.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package libvirt
 
 import "github.com/containers/podman/v3/pkg/machine"
diff --git a/pkg/machine/libvirt/machine_unsupported.go b/pkg/machine/libvirt/machine_unsupported.go
new file mode 100644
index 000000000..8b54440fe
--- /dev/null
+++ b/pkg/machine/libvirt/machine_unsupported.go
@@ -0,0 +1,3 @@
+// +build !amd64 amd64,windows
+
+package libvirt
diff --git a/pkg/machine/machine_unsupported.go b/pkg/machine/machine_unsupported.go
new file mode 100644
index 000000000..9309d16bc
--- /dev/null
+++ b/pkg/machine/machine_unsupported.go
@@ -0,0 +1,3 @@
+// +build !amd64 amd64,windows
+
+package machine
diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go
index 68bb551dc..662896de5 100644
--- a/pkg/machine/pull.go
+++ b/pkg/machine/pull.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package machine
 
 import (
diff --git a/pkg/machine/qemu/config.go b/pkg/machine/qemu/config.go
index e4687914d..013f28960 100644
--- a/pkg/machine/qemu/config.go
+++ b/pkg/machine/qemu/config.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package qemu
 
 import "time"
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index 31c355d4a..22fb78a5c 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -1,3 +1,5 @@
+// +build amd64,linux arm64,linux amd64,darwin arm64,darwin
+
 package qemu
 
 import (
diff --git a/pkg/machine/qemu/machine_unsupported.go b/pkg/machine/qemu/machine_unsupported.go
new file mode 100644
index 000000000..da06ac324
--- /dev/null
+++ b/pkg/machine/qemu/machine_unsupported.go
@@ -0,0 +1,3 @@
+// +build !amd64 amd64,windows
+
+package qemu
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 0d1d6e93e..e5f9e88d9 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -333,7 +333,7 @@ static void __attribute__((constructor)) init()
       uid_t uid;
       gid_t gid;
       char path[PATH_MAX];
-      const char *const suffix = "/libpod/pause.pid";
+      const char *const suffix = "/libpod/tmp/pause.pid";
       char *cwd = getcwd (NULL, 0);
       char uid_fmt[16];
       char gid_fmt[16];
diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go
index b132750b0..8dc14d5f7 100644
--- a/test/e2e/systemd_test.go
+++ b/test/e2e/systemd_test.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containers/podman/v3/pkg/rootless"
 	. "github.com/containers/podman/v3/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -115,6 +116,12 @@ WantedBy=multi-user.target
 		conData := result.InspectContainerToJSON()
 		Expect(len(conData)).To(Equal(1))
 		Expect(conData[0].Config.SystemdMode).To(BeTrue())
+
+		if CGROUPSV2 || !rootless.IsRootless() {
+			stats := podmanTest.Podman([]string{"stats", "--no-stream", ctrName})
+			stats.WaitWithDefaultTimeout()
+			Expect(stats.ExitCode()).To(Equal(0))
+		}
 	})
 
 	It("podman create container with systemd entrypoint triggers systemd mode", func() {