12 files changed, 82 insertions, 30 deletions
diff --git a/cmd/podman/system/connection/list.go b/cmd/podman/system/connection/list.go
index de85ce3fa..a3290e3d6 100644
--- a/cmd/podman/system/connection/list.go
+++ b/cmd/podman/system/connection/list.go
@@ -44,6 +44,7 @@ func init() {
 type namedDestination struct {
 	Name string
 	config.Destination
+	Default bool
 }
 
 func list(cmd *cobra.Command, _ []string) error {
@@ -60,12 +61,14 @@ func list(cmd *cobra.Command, _ []string) error {
 		"Identity": "Identity",
 		"Name":     "Name",
 		"URI":      "URI",
+		"Default":  "Default",
 	}}
 
 	rows := make([]namedDestination, 0)
 	for k, v := range cfg.Engine.ServiceDestinations {
+		def := false
 		if k == cfg.Engine.ActiveService {
-			k += "*"
+			def = true
 		}
 
 		r := namedDestination{
@@ -74,6 +77,7 @@ func list(cmd *cobra.Command, _ []string) error {
 				Identity: v.Identity,
 				URI:      v.URI,
 			},
+			Default: def,
 		}
 		rows = append(rows, r)
 	}
@@ -82,7 +86,7 @@ func list(cmd *cobra.Command, _ []string) error {
 		return rows[i].Name < rows[j].Name
 	})
 
-	format := "{{.Name}}\t{{.Identity}}\t{{.URI}}\n"
+	format := "{{.Name}}\t{{.URI}}\t{{.Identity}}\t{{.Default}}\n"
 	switch {
 	case report.IsJSON(cmd.Flag("format").Value.String()):
 		buf, err := registry.JSONLibrary().MarshalIndent(rows, "", "    ")
diff --git a/contrib/systemd/system/podman-restart.service.in b/contrib/systemd/system/podman-restart.service.in
index a2951e111..46193e2c6 100644
--- a/contrib/systemd/system/podman-restart.service.in
+++ b/contrib/systemd/system/podman-restart.service.in
@@ -5,8 +5,9 @@ StartLimitIntervalSec=0
 
 [Service]
 Type=oneshot
+RemainAfterExit=true
 Environment=LOGGING="--log-level=info"
 ExecStart=@@PODMAN@@ $LOGGING start --all --filter restart-policy=always
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target default.target
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index ee52bfd13..0d4366dbe 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -515,6 +515,11 @@ Not implemented
 
 Logging driver for the container. Currently available options are *k8s-file*, *journald*, *none* and *passthrough*, with *json-file* aliased to *k8s-file* for scripting compatibility.
 
+The podman info command below will display the default log-driver for the system.
+```
+$ podman info --format '{{ .Host.LogDriver }}'
+journald
+```
 The *passthrough* driver passes down the standard streams (stdin, stdout, stderr) to the
 container.  It is not allowed with the remote Podman client and on a tty, since it is
 vulnerable to attacks via TIOCSTI.
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 5cc17f470..30a9fad9a 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -538,8 +538,13 @@ Not implemented.
 
 #### **--log-driver**="*driver*"
 
-Logging driver for the container. Currently available options are **k8s-file**, **journald**, **none** and **passthrough**, with **json-file** aliased to **k8s-file** for scripting compatibility.
+Logging driver for the container. Currently available options are **k8s-file**, **journald**, **none** and **passthrough**, with **json-file** aliased to **k8s-file** for scripting compatibility. (Default journald)
 
+The podman info command below will display the default log-driver for the system.
+```
+$ podman info --format '{{ .Host.LogDriver }}'
+journald
+```
 The **passthrough** driver passes down the standard streams (stdin, stdout, stderr) to the
 container.  It is not allowed with the remote Podman client and on a tty, since it is
 vulnerable to attacks via TIOCSTI.
diff --git a/docs/source/markdown/podman-system-connection-list.1.md b/docs/source/markdown/podman-system-connection-list.1.md
index 6b25a045d..4dc85dd98 100644
--- a/docs/source/markdown/podman-system-connection-list.1.md
+++ b/docs/source/markdown/podman-system-connection-list.1.md
@@ -23,14 +23,14 @@ Valid placeholders for the Go template listed below:
 | *.Name*         | Connection Name/Identifier |
 | *.Identity*     | Path to file containing SSH identity |
 | *.URI*          | URI to podman service. Valid schemes are ssh://[user@]*host*[:port]*Unix domain socket*[?secure=True], unix://*Unix domain socket*, and tcp://localhost[:*port*] |
-
-An asterisk is appended to the default connection.
+| *.Default*      | Indicates whether connection is the default |
 
 ## EXAMPLE
 ```
 $ podman system connection list
-Name URI                                           Identity
-devl ssh://root@example.com/run/podman/podman.sock ~/.ssh/id_rsa
+Name URI                                                      Identity	    Default
+devl ssh://root@example.com:/run/podman/podman.sock           ~/.ssh/id_rsa True
+devl ssh://user@example.com:/run/user/1000/podman/podman.sock ~/.ssh/id_rsa False
 ```
 ## SEE ALSO
 podman-system(1) , containers.conf(5)
diff --git a/docs/source/markdown/podman-system-connection.1.md b/docs/source/markdown/podman-system-connection.1.md
index 6cd4a5fa8..b00a2aec3 100644
--- a/docs/source/markdown/podman-system-connection.1.md
+++ b/docs/source/markdown/podman-system-connection.1.md
@@ -24,8 +24,8 @@ The user will be prompted for the ssh login password or key file pass phrase as
 ## EXAMPLE
 ```
 $ podman system connection list
-Name URI                                           Identity
-devl ssh://root@example.com/run/podman/podman.sock ~/.ssh/id_rsa
+Name URI                                           Identity	  Default
+devl ssh://root@example.com/run/podman/podman.sock ~/.ssh/id_rsa  true
 ```
 ## SEE ALSO
 podman-system(1) , containers.conf(5)
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 4e8074840..bfed94990 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -17,12 +17,14 @@ import (
 	"github.com/containers/buildah/copier"
 	"github.com/containers/buildah/pkg/overlay"
 	butil "github.com/containers/buildah/util"
+	"github.com/containers/common/pkg/chown"
 	"github.com/containers/podman/v3/libpod/define"
 	"github.com/containers/podman/v3/libpod/events"
 	"github.com/containers/podman/v3/pkg/cgroups"
 	"github.com/containers/podman/v3/pkg/ctime"
 	"github.com/containers/podman/v3/pkg/hooks"
 	"github.com/containers/podman/v3/pkg/hooks/exec"
+	"github.com/containers/podman/v3/pkg/lookup"
 	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/pkg/selinux"
 	"github.com/containers/podman/v3/pkg/util"
@@ -485,8 +487,12 @@ func (c *Container) setupStorage(ctx context.Context) error {
 		return errors.Wrapf(err, "error creating container storage")
 	}
 
-	c.config.IDMappings.UIDMap = containerInfo.UIDMap
-	c.config.IDMappings.GIDMap = containerInfo.GIDMap
+	// only reconfig IDMappings if layer was mounted from storage
+	// if its a external overlay do not reset IDmappings
+	if !c.config.RootfsOverlay {
+		c.config.IDMappings.UIDMap = containerInfo.UIDMap
+		c.config.IDMappings.GIDMap = containerInfo.GIDMap
+	}
 
 	processLabel, err := c.processLabel(containerInfo.ProcessLabel)
 	if err != nil {
@@ -1515,6 +1521,19 @@ func (c *Container) mountStorage() (_ string, deferredErr error) {
 		}
 
 		mountPoint = overlayMount.Source
+		execUser, err := lookup.GetUserGroupInfo(mountPoint, c.config.User, nil)
+		if err != nil {
+			return "", err
+		}
+		hostUID, hostGID, err := butil.GetHostIDs(util.IDtoolsToRuntimeSpec(c.config.IDMappings.UIDMap), util.IDtoolsToRuntimeSpec(c.config.IDMappings.GIDMap), uint32(execUser.Uid), uint32(execUser.Gid))
+		if err != nil {
+			return "", errors.Wrap(err, "unable to get host UID and host GID")
+		}
+
+		//note: this should not be recursive, if using external rootfs users should be responsible on configuring ownership.
+		if err := chown.ChangeHostPathOwnership(mountPoint, false, int(hostUID), int(hostGID)); err != nil {
+			return "", err
+		}
 	}
 
 	if mountPoint == "" {
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 6a6397257..8007e5d8e 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -133,12 +133,14 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *entities.ContainerCreateOption
 		if err != nil {
 			return nil, errors.Wrapf(err, "invalid value for memory")
 		}
-		memory.Limit = &ml
-		if c.MemorySwap == "" {
-			limit := 2 * ml
-			memory.Swap = &(limit)
+		if ml > 0 {
+			memory.Limit = &ml
+			if c.MemorySwap == "" {
+				limit := 2 * ml
+				memory.Swap = &(limit)
+			}
+			hasLimits = true
 		}
-		hasLimits = true
 	}
 	if m := c.MemoryReservation; len(m) > 0 {
 		mr, err := units.RAMInBytes(m)
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index f40d4a749..8502879ff 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -259,6 +259,18 @@ var _ = Describe("Podman run", func() {
 		startsession.WaitWithDefaultTimeout()
 		Expect(startsession).Should(Exit(0))
 		Expect(startsession.OutputToString()).To(Equal("hello"))
+
+		// remove container for above test overlay-foo
+		osession = podmanTest.Podman([]string{"rm", "overlay-foo"})
+		osession.WaitWithDefaultTimeout()
+		Expect(osession).Should(Exit(0))
+
+		// Test --rootfs with an external overlay with --uidmap
+		osession = podmanTest.Podman([]string{"run", "--uidmap", "0:1000:1000", "--rm", "--security-opt", "label=disable",
+			"--rootfs", rootfs + ":O", "echo", "hello"})
+		osession.WaitWithDefaultTimeout()
+		Expect(osession).Should(Exit(0))
+		Expect(osession.OutputToString()).To(Equal("hello"))
 	})
 
 	It("podman run a container with --init", func() {
diff --git a/test/e2e/system_connection_test.go b/test/e2e/system_connection_test.go
index 6cdb78c5e..842ae8df6 100644
--- a/test/e2e/system_connection_test.go
+++ b/test/e2e/system_connection_test.go
@@ -208,13 +208,13 @@ var _ = Describe("podman system connection", func() {
 		session = podmanTest.Podman(cmd)
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.Out).Should(Say("Name *Identity *URI"))
+		Expect(session.Out).Should(Say("Name *URI *Identity *Default"))
 
 		cmd = []string{"system", "connection", "list", "--format", "{{.Name}}"}
 		session = podmanTest.Podman(cmd)
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
-		Expect(session.OutputToString()).Should(Equal("devl* qe"))
+		Expect(session.OutputToString()).Should(Equal("devl qe"))
 	})
 
 	It("failed default", func() {
diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats
index 50735f576..78b8ecdfd 100644
--- a/test/system/001-basic.bats
+++ b/test/system/001-basic.bats
@@ -94,22 +94,21 @@ function setup() {
 }
 
 @test "podman-remote: defaults" {
-    if is_remote; then
-        skip "only applicable on a local run"
-    fi
+    skip_if_remote "only applicable on a local run"
+
+    # By default, podman should include '--remote' in its help output
+    run_podman --help
+    is "$output" ".* --remote " "podman --help includes the --remote option"
 
+    # When it detects CONTAINER_HOST or _CONNECTION, --remote is not an option
     CONTAINER_HOST=foobar run_podman --help
-    # Should not have --remote flag
-    echo $output  |  grep -v -qw -- "--remote"
-    if [ $? -ne 0 ]; then
-        die "Should not have --remote flag"
+    if grep -- " --remote " <<<"$output"; then
+        die "podman --help, with CONTAINER_HOST set, is showing --remote"
     fi
 
     CONTAINER_CONNECTION=foobar run_podman --help
-    # Should not have --remote flag
-    echo $output  |  grep -v -qw -- "--remote"
-    if [ $? -ne 0 ]; then
-        die "Should not have --remote flag"
+    if grep -- " --remote " <<<"$output"; then
+        die "podman --help, with CONTAINER_CONNECTION set, is showing --remote"
     fi
 }
 
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 44c2ee509..2c8d08b99 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -67,6 +67,11 @@ echo $rand        |   0 | $rand
     is "$output" ".*invalidflag" "failed when passing undefined flags to the runtime"
 }
 
+@test "podman run --memory=0 runtime option" {
+    run_podman run --memory=0 --rm $IMAGE echo hello
+    is "$output" "hello" "failed to run when --memory is set to 0"
+}
+
 # 'run --preserve-fds' passes a number of additional file descriptors into the container
 @test "podman run --preserve-fds" {
     skip_if_remote "preserve-fds is meaningless over remote"