15 files changed, 111 insertions, 38 deletions

diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index d73fa653f..dad79348d 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -552,11 +552,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 
 		stopSignalFlagName := "stop-signal"
 		createFlags.StringVar(
-			&cf.SignaturePolicy,
-			"signature-policy", "",
-			"`Pathname` of signature policy file (not usually used)",
-		)
-		createFlags.StringVar(
 			&cf.StopSignal,
 			stopSignalFlagName, "",
 			"Signal to stop a container. Default is SIGTERM",
@@ -702,10 +697,16 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 			"Write the container process ID to the file")
 		_ = cmd.RegisterFlagCompletionFunc(pidFileFlagName, completion.AutocompleteDefault)
 
-		_ = createFlags.MarkHidden("signature-policy")
 		if registry.IsRemote() {
 			_ = createFlags.MarkHidden("env-host")
 			_ = createFlags.MarkHidden("http-proxy")
+		} else {
+			createFlags.StringVar(
+				&cf.SignaturePolicy,
+				"signature-policy", "",
+				"`Pathname` of signature policy file (not usually used)",
+			)
+			_ = createFlags.MarkHidden("signature-policy")
 		}
 
 		createFlags.BoolVar(
diff --git a/cmd/podman/containers/runlabel.go b/cmd/podman/containers/runlabel.go
index 85f3785be..e60fcbe72 100644
--- a/cmd/podman/containers/runlabel.go
+++ b/cmd/podman/containers/runlabel.go
@@ -70,7 +70,6 @@ func init() {
 	flags.BoolVarP(&runlabelOptions.Pull, "pull", "p", true, "Pull the image if it does not exist locally prior to executing the label contents")
 	flags.BoolVarP(&runlabelOptions.Quiet, "quiet", "q", false, "Suppress output information when installing images")
 	flags.BoolVar(&runlabelOptions.Replace, "replace", false, "Replace existing container with a new one from the image")
-	flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 	flags.BoolVar(&runlabelOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 
 	// Hide the optional flags.
@@ -78,8 +77,10 @@ func init() {
 	_ = flags.MarkHidden("opt2")
 	_ = flags.MarkHidden("opt3")
 	_ = flags.MarkHidden("pull")
-	_ = flags.MarkHidden("signature-policy")
-
+	if !registry.IsRemote() {
+		flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+		_ = flags.MarkHidden("signature-policy")
+	}
 	if err := flags.MarkDeprecated("pull", "podman will pull if not found in local storage"); err != nil {
 		logrus.Error("unable to mark pull flag deprecated")
 	}
diff --git a/cmd/podman/images/import.go b/cmd/podman/images/import.go
index d4bc0f610..3b6788f4a 100644
--- a/cmd/podman/images/import.go
+++ b/cmd/podman/images/import.go
@@ -77,8 +77,10 @@ func importFlags(cmd *cobra.Command) {
 	_ = cmd.RegisterFlagCompletionFunc(messageFlagName, completion.AutocompleteNone)
 
 	flags.BoolVarP(&importOpts.Quiet, "quiet", "q", false, "Suppress output")
-	flags.StringVar(&importOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
-	_ = flags.MarkHidden("signature-policy")
+	if !registry.IsRemote() {
+		flags.StringVar(&importOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
+		_ = flags.MarkHidden("signature-policy")
+	}
 }
 
 func importCon(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/images/load.go b/cmd/podman/images/load.go
index c39ae624e..5cd410f5c 100644
--- a/cmd/podman/images/load.go
+++ b/cmd/podman/images/load.go
@@ -64,8 +64,10 @@ func loadFlags(cmd *cobra.Command) {
 	_ = cmd.RegisterFlagCompletionFunc(inputFlagName, completion.AutocompleteDefault)
 
 	flags.BoolVarP(&loadOpts.Quiet, "quiet", "q", false, "Suppress the output")
-	flags.StringVar(&loadOpts.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file")
-	_ = flags.MarkHidden("signature-policy")
+	if !registry.IsRemote() {
+		flags.StringVar(&loadOpts.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file")
+		_ = flags.MarkHidden("signature-policy")
+	}
 }
 
 func load(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go
index a990d1626..2a5fd86cc 100644
--- a/cmd/podman/images/pull.go
+++ b/cmd/podman/images/pull.go
@@ -101,7 +101,6 @@ func pullFlags(cmd *cobra.Command) {
 
 	flags.Bool("disable-content-trust", false, "This is a Docker specific option and is a NOOP")
 	flags.BoolVarP(&pullOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
-	flags.StringVar(&pullOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 	flags.BoolVar(&pullOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 
 	authfileFlagName := "authfile"
@@ -113,7 +112,10 @@ func pullFlags(cmd *cobra.Command) {
 		flags.StringVar(&pullOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys")
 		_ = cmd.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault)
 	}
-	_ = flags.MarkHidden("signature-policy")
+	if !registry.IsRemote() {
+		flags.StringVar(&pullOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+		_ = flags.MarkHidden("signature-policy")
+	}
 }
 
 // imagePull is implement the command for pulling images.
diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go
index a13976612..cf787a71f 100644
--- a/cmd/podman/images/push.go
+++ b/cmd/podman/images/push.go
@@ -101,7 +101,6 @@ func pushFlags(cmd *cobra.Command) {
 
 	flags.BoolVarP(&pushOptions.Quiet, "quiet", "q", false, "Suppress output information when pushing images")
 	flags.BoolVar(&pushOptions.RemoveSignatures, "remove-signatures", false, "Discard any pre-existing signatures in the image")
-	flags.StringVar(&pushOptions.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
 
 	signByFlagName := "sign-by"
 	flags.StringVar(&pushOptions.SignBy, signByFlagName, "", "Add a signature at the destination using the specified key")
@@ -117,7 +116,10 @@ func pushFlags(cmd *cobra.Command) {
 		_ = flags.MarkHidden("remove-signatures")
 		_ = flags.MarkHidden("sign-by")
 	}
-	_ = flags.MarkHidden("signature-policy")
+	if !registry.IsRemote() {
+		flags.StringVar(&pushOptions.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
+		_ = flags.MarkHidden("signature-policy")
+	}
 }
 
 // imagePush is implement the command for pushing images.
diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go
index 581b29113..11b5d7d34 100644
--- a/cmd/podman/play/kube.go
+++ b/cmd/podman/play/kube.go
@@ -108,8 +108,6 @@ func init() {
 		flags.StringVar(&kubeOptions.CertDir, certDirFlagName, "", "`Pathname` of a directory containing TLS certificates and keys")
 		_ = kubeCmd.RegisterFlagCompletionFunc(certDirFlagName, completion.AutocompleteDefault)
 
-		flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
-
 		seccompProfileRootFlagName := "seccomp-profile-root"
 		flags.StringVar(&kubeOptions.SeccompProfileRoot, seccompProfileRootFlagName, defaultSeccompRoot, "Directory path for seccomp profiles")
 		_ = kubeCmd.RegisterFlagCompletionFunc(seccompProfileRootFlagName, completion.AutocompleteDefault)
@@ -121,7 +119,12 @@ func init() {
 		buildFlagName := "build"
 		flags.BoolVar(&kubeOptions.Build, buildFlagName, false, "Build all images in a YAML (given Containerfiles exist)")
 	}
-	_ = flags.MarkHidden("signature-policy")
+
+	if !registry.IsRemote() {
+		flags.StringVar(&kubeOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+
+		_ = flags.MarkHidden("signature-policy")
+	}
 }
 
 func kube(cmd *cobra.Command, args []string) error {
diff --git a/docs/tutorials/basic_networking.md b/docs/tutorials/basic_networking.md
index e47661ddf..e1f2f1346 100644
--- a/docs/tutorials/basic_networking.md
+++ b/docs/tutorials/basic_networking.md
@@ -291,5 +291,5 @@ same network namespace, the DB and Web container can communicate with each other
 using localhost (127.0.0.1).  Furthermore, they are also both addressable by the
 IP address (and DNS name if applicable) assigned to the Pod itself.
 
-For more information on container to container networking, see Configuring container
-networking with Podman.
+For more information on container to container networking, see [Configuring container
+networking with Podman](https://www.redhat.com/sysadmin/container-networking-podman).
diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go
index dd28f6deb..8aab29658 100644
--- a/pkg/api/handlers/compat/networks.go
+++ b/pkg/api/handlers/compat/networks.go
@@ -2,6 +2,7 @@ package compat
 
 import (
 	"encoding/json"
+	"fmt"
 	"net"
 	"net/http"
 
@@ -69,12 +70,20 @@ func convertLibpodNetworktoDockerNetwork(runtime *libpod.Runtime, network nettyp
 			return nil, err
 		}
 		if netData, ok := data.NetworkSettings.Networks[network.Name]; ok {
+			ipv4Address := ""
+			if netData.IPAddress != "" {
+				ipv4Address = fmt.Sprintf("%s/%d", netData.IPAddress, netData.IPPrefixLen)
+			}
+			ipv6Address := ""
+			if netData.GlobalIPv6Address != "" {
+				ipv6Address = fmt.Sprintf("%s/%d", netData.GlobalIPv6Address, netData.GlobalIPv6PrefixLen)
+			}
 			containerEndpoint := types.EndpointResource{
-				Name:        netData.NetworkID,
+				Name:        con.Name(),
 				EndpointID:  netData.EndpointID,
 				MacAddress:  netData.MacAddress,
-				IPv4Address: netData.IPAddress,
-				IPv6Address: netData.GlobalIPv6Address,
+				IPv4Address: ipv4Address,
+				IPv6Address: ipv6Address,
 			}
 			containerEndpoints[con.ID()] = containerEndpoint
 		}
diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at
index fd8dfd32b..713f677fa 100644
--- a/test/apiv2/35-networks.at
+++ b/test/apiv2/35-networks.at
@@ -170,4 +170,31 @@ t DELETE libpod/networks/macvlan1 200 \
   .[0].Name~macvlan1 \
   .[0].Err=null
 
+#
+# test networks with containers
+#
+podman pull $IMAGE &>/dev/null
+
+# Ensure clean slate
+podman rm -a -f &>/dev/null
+
+# create a network
+podman network create --subnet 10.10.253.0/24 --gateway 10.10.253.1 network5
+t GET libpod/networks/json?filters='{"name":["network5"]}' 200 \
+  .[0].id~[0-9a-f]\\{64\\}
+nid=$(jq -r '.[0].id' <<<"$output")
+# create a pod on a network
+CNAME=mynettest
+podman run --network network5 --name $CNAME --ip 10.10.253.2 --mac-address 0a:01:73:78:43:18 -td $IMAGE top
+t GET libpod/containers/json?all=true 200 \
+  .[0].Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.[0].Id' <<<"$output")
+# compat api inspect network
+t GET networks/$nid 200 .Name="network5" \
+  .Containers[\"$cid\"].Name=$CNAME \
+  .Containers[\"$cid\"].MacAddress=0a:01:73:78:43:18 \
+  .Containers[\"$cid\"].IPv4Address=10.10.253.2/24
+# clean the network
+podman network rm -f network5
+
 # vim: filetype=sh
diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go
index f237d24b9..216432216 100644
--- a/test/e2e/create_test.go
+++ b/test/e2e/create_test.go
@@ -362,14 +362,18 @@ var _ = Describe("Podman create", func() {
 	})
 
 	It("podman create --signature-policy", func() {
-		SkipIfRemote("SigPolicy not handled by remote")
 		session := podmanTest.Podman([]string{"create", "--pull=always", "--signature-policy", "/no/such/file", ALPINE})
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(ExitWithError())
 
 		session = podmanTest.Podman([]string{"create", "--pull=always", "--signature-policy", "/etc/containers/policy.json", ALPINE})
 		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
+		if IsRemote() {
+			Expect(session).To(ExitWithError())
+			Expect(session.ErrorToString()).To(ContainSubstring("unknown flag"))
+		} else {
+			Expect(session).Should(Exit(0))
+		}
 	})
 
 	It("podman create with unset label", func() {
diff --git a/test/e2e/import_test.go b/test/e2e/import_test.go
index 5531bed8c..e1c89753e 100644
--- a/test/e2e/import_test.go
+++ b/test/e2e/import_test.go
@@ -171,6 +171,12 @@ var _ = Describe("Podman import", func() {
 
 		result := podmanTest.Podman([]string{"import", "--signature-policy", "/etc/containers/policy.json", outfile})
 		result.WaitWithDefaultTimeout()
+		if IsRemote() {
+			Expect(result).To(ExitWithError())
+			Expect(result.ErrorToString()).To(ContainSubstring("unknown flag"))
+			result := podmanTest.Podman([]string{"import", outfile})
+			result.WaitWithDefaultTimeout()
+		}
 		Expect(result).Should(Exit(0))
 	})
 })
diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go
index e79c1eb8a..030e9f80b 100644
--- a/test/e2e/load_test.go
+++ b/test/e2e/load_test.go
@@ -104,7 +104,15 @@ var _ = Describe("Podman load", func() {
 
 		result := podmanTest.Podman([]string{"load", "--signature-policy", "/etc/containers/policy.json", "-i", outfile})
 		result.WaitWithDefaultTimeout()
-		Expect(result).Should(Exit(0))
+		if IsRemote() {
+			Expect(result).To(ExitWithError())
+			Expect(result.ErrorToString()).To(ContainSubstring("unknown flag"))
+			result = podmanTest.Podman([]string{"load", "-i", outfile})
+			result.WaitWithDefaultTimeout()
+			Expect(result).Should(Exit(0))
+		} else {
+			Expect(result).Should(Exit(0))
+		}
 	})
 
 	It("podman load with quiet flag", func() {
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index ec64d2166..aa9037e56 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -83,14 +83,18 @@ var _ = Describe("Podman run", func() {
 	})
 
 	It("podman run --signature-policy", func() {
-		SkipIfRemote("SigPolicy not handled by remote")
 		session := podmanTest.Podman([]string{"run", "--pull=always", "--signature-policy", "/no/such/file", ALPINE})
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(ExitWithError())
 
 		session = podmanTest.Podman([]string{"run", "--pull=always", "--signature-policy", "/etc/containers/policy.json", ALPINE})
 		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
+		if IsRemote() {
+			Expect(session).To(ExitWithError())
+			Expect(session.ErrorToString()).To(ContainSubstring("unknown flag"))
+		} else {
+			Expect(session).Should(Exit(0))
+		}
 	})
 
 	It("podman run --rm with --restart", func() {
diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go
index 9f3f750b7..a8fb6c7b3 100644
--- a/test/e2e/save_test.go
+++ b/test/e2e/save_test.go
@@ -194,14 +194,16 @@ default-docker:
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 
-		session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
-
-		outfile := filepath.Join(podmanTest.TempDir, "temp.tar")
-		save := podmanTest.Podman([]string{"save", "remove-signatures=true", "-o", outfile, "localhost:5000/alpine"})
-		save.WaitWithDefaultTimeout()
-		Expect(save).To(ExitWithError())
+		if !IsRemote() {
+			session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"})
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(Exit(0))
+
+			outfile := filepath.Join(podmanTest.TempDir, "temp.tar")
+			save := podmanTest.Podman([]string{"save", "remove-signatures=true", "-o", outfile, "localhost:5000/alpine"})
+			save.WaitWithDefaultTimeout()
+			Expect(save).To(ExitWithError())
+		}
 	})
 
 	It("podman save image with digest reference", func() {