15 files changed, 119 insertions, 43 deletions
diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go
index ba8ab7a8b..425d85c9d 100644
--- a/cmd/podman/common/netflags.go
+++ b/cmd/podman/common/netflags.go
@@ -53,6 +53,13 @@ func DefineNetFlags(cmd *cobra.Command) {
 	)
 	_ = cmd.RegisterFlagCompletionFunc(ipFlagName, completion.AutocompleteNone)
 
+	ip6FlagName := "ip6"
+	netFlags.String(
+		ip6FlagName, "",
+		"Specify a static IPv6 address for the container",
+	)
+	_ = cmd.RegisterFlagCompletionFunc(ip6FlagName, completion.AutocompleteNone)
+
 	macAddressFlagName := "mac-address"
 	netFlags.String(
 		macAddressFlagName, "",
@@ -185,7 +192,7 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti
 		opts.Networks = networks
 	}
 
-	if flags.Changed("ip") || flags.Changed("mac-address") || flags.Changed("network-alias") {
+	if flags.Changed("ip") || flags.Changed("ip6") || flags.Changed("mac-address") || flags.Changed("network-alias") {
 		// if there is no network we add the default
 		if len(opts.Networks) == 0 {
 			opts.Networks = map[string]types.PerNetworkOptions{
@@ -193,29 +200,31 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti
 			}
 		}
 
-		ip, err := flags.GetString("ip")
-		if err != nil {
-			return nil, err
-		}
-		if ip != "" {
-			// if pod create --infra=false
-			if infra, err := flags.GetBool("infra"); err == nil && !infra {
-				return nil, errors.Wrap(define.ErrInvalidArg, "cannot set --ip without infra container")
+		for _, ipFlagName := range []string{"ip", "ip6"} {
+			ip, err := flags.GetString(ipFlagName)
+			if err != nil {
+				return nil, err
 			}
+			if ip != "" {
+				// if pod create --infra=false
+				if infra, err := flags.GetBool("infra"); err == nil && !infra {
+					return nil, errors.Wrapf(define.ErrInvalidArg, "cannot set --%s without infra container", ipFlagName)
+				}
 
-			staticIP := net.ParseIP(ip)
-			if staticIP == nil {
-				return nil, errors.Errorf("%s is not an ip address", ip)
-			}
-			if !opts.Network.IsBridge() && !opts.Network.IsDefault() {
-				return nil, errors.Wrap(define.ErrInvalidArg, "--ip can only be set when the network mode is bridge")
-			}
-			if len(opts.Networks) != 1 {
-				return nil, errors.Wrap(define.ErrInvalidArg, "--ip can only be set for a single network")
-			}
-			for name, netOpts := range opts.Networks {
-				netOpts.StaticIPs = append(netOpts.StaticIPs, staticIP)
-				opts.Networks[name] = netOpts
+				staticIP := net.ParseIP(ip)
+				if staticIP == nil {
+					return nil, errors.Errorf("%q is not an ip address", ip)
+				}
+				if !opts.Network.IsBridge() && !opts.Network.IsDefault() {
+					return nil, errors.Wrapf(define.ErrInvalidArg, "--%s can only be set when the network mode is bridge", ipFlagName)
+				}
+				if len(opts.Networks) != 1 {
+					return nil, errors.Wrapf(define.ErrInvalidArg, "--%s can only be set for a single network", ipFlagName)
+				}
+				for name, netOpts := range opts.Networks {
+					netOpts.StaticIPs = append(netOpts.StaticIPs, staticIP)
+					opts.Networks[name] = netOpts
+				}
 			}
 		}
 
diff --git a/docs/source/_static/api.html b/docs/source/_static/api.html
index fbc945d87..6d467d099 100644
--- a/docs/source/_static/api.html
+++ b/docs/source/_static/api.html
@@ -18,7 +18,7 @@
     </style>
   </head>
   <body>
-    <redoc spec-url='https://storage.googleapis.com/libpod-master-releases/swagger-latest.yaml' sort-props-alphabetically></redoc>
+    <redoc spec-url='https://storage.googleapis.com/libpod-master-releases/swagger-latest.yaml' sort-props-alphabetically sort-operations-alphabetically></redoc>
     <script src="https://cdn.jsdelivr.net/npm/redoc@next/bundles/redoc.standalone.js"> </script>
   </body>
 </html>
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 3d4b867d4..e3647b194 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -474,19 +474,24 @@ Path to the container-init binary.
 
 Keep STDIN open even if not attached. The default is *false*.
 
-#### **--ip6**=*ip*
+#### **--ip**=*ipv4*
 
-Not implemented
-
-#### **--ip**=*ip*
-
-Specify a static IP address for the container, for example **10.88.64.128**.
+Specify a static IPv4 address for the container, for example **10.88.64.128**.
 This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once -
 and if the container is not joining another container's network namespace via **--network=container:_id_**.
 The address must be within the network's IP address pool (default **10.88.0.0/16**).
 
 To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option.
 
+#### **--ip6**=*ipv6*
+
+Specify a static IPv6 address for the container, for example **fd46:db93:aa76:ac37::10**.
+This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once -
+and if the container is not joining another container's network namespace via **--network=container:_id_**.
+The address must be within the network's IPv6 address pool.
+
+To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
+
 
 #### **--ipc**=*ipc*
 
diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md
index b1b029429..56c3e7d34 100644
--- a/docs/source/markdown/podman-pod-create.1.md
+++ b/docs/source/markdown/podman-pod-create.1.md
@@ -127,6 +127,15 @@ The address must be within the network's IP address pool (default **10.88.0.0/16
 
 To specify multiple static IP addresses per pod, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option.
 
+#### **--ip6**=*ipv6*
+
+Specify a static IPv6 address for the pod, for example **fd46:db93:aa76:ac37::10**.
+This option can only be used if the pod is joined to only a single network - i.e., **--network=network-name** is used at most once -
+and if the pod is not joining another container's network namespace via **--network=container:_id_**.
+The address must be within the network's IPv6 address pool.
+
+To specify multiple static IPv6 addresses per pod, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
+
 #### **--label**=*label*, **-l**
 
 Add metadata to a pod (e.g., --label com.example.key=value).
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index 6c565e3d1..b98e563ef 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -497,19 +497,24 @@ Path to the container-init binary.
 
 When set to **true**, keep stdin open even if not attached. The default is **false**.
 
-#### **--ip6**=*ip*
+#### **--ip**=*ipv4*
 
-Not implemented.
-
-#### **--ip**=*ip*
-
-Specify a static IP address for the container, for example **10.88.64.128**.
+Specify a static IPv4 address for the container, for example **10.88.64.128**.
 This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once -
 and if the container is not joining another container's network namespace via **--network=container:_id_**.
 The address must be within the network's IP address pool (default **10.88.0.0/16**).
 
 To specify multiple static IP addresses per container, set multiple networks using the **--network** option with a static IP address specified for each using the `ip` mode for that option.
 
+#### **--ip6**=*ipv6*
+
+Specify a static IPv6 address for the container, for example **fd46:db93:aa76:ac37::10**.
+This option can only be used if the container is joined to only a single network - i.e., **--network=network-name** is used at most once -
+and if the container is not joining another container's network namespace via **--network=container:_id_**.
+The address must be within the network's IPv6 address pool.
+
+To specify multiple static IPv6 addresses per container, set multiple networks using the **--network** option with a static IPv6 address specified for each using the `ip6` mode for that option.
+
 #### **--ipc**=*mode*
 
 Set the IPC namespace mode for a container. The default is to create
diff --git a/docs/source/markdown/podman-search.1.md b/docs/source/markdown/podman-search.1.md
index 9e166fcc2..9c075a1e0 100644
--- a/docs/source/markdown/podman-search.1.md
+++ b/docs/source/markdown/podman-search.1.md
@@ -62,7 +62,7 @@ Valid placeholders for the Go template are listed below:
 | --------------- | ---------------------------- |
 | .Index          | Registry                     |
 | .Name           | Image name                   |
-| .Descriptions   | Image description            |
+| .Description    | Image description            |
 | .Stars          | Star count of image          |
 | .Official       | "[OK]" if image is official  |
 | .Automated      | "[OK]" if image is automated |
diff --git a/docs/tutorials/mac_experimental.md b/docs/tutorials/mac_experimental.md
index 8df64dc99..b5b815fe5 100644
--- a/docs/tutorials/mac_experimental.md
+++ b/docs/tutorials/mac_experimental.md
@@ -90,7 +90,7 @@ that you were given.  It will be used in two of the steps below.
 
 ## Test podman
 
-1. podman machine init --image-path /path/to/image
+1. podman machine init --image-path /path/to/image --cpus 2
 2. podman machine start
 3. podman images
 4. git clone http://github.com/baude/alpine_nginx && cd alpine_nginx
diff --git a/libpod/healthcheck_linux.go b/libpod/healthcheck_linux.go
index 2c19e0a61..a1f3e8491 100644
--- a/libpod/healthcheck_linux.go
+++ b/libpod/healthcheck_linux.go
@@ -73,6 +73,16 @@ func (c *Container) removeTransientFiles(ctx context.Context) error {
 	defer conn.Close()
 	timerFile := fmt.Sprintf("%s.timer", c.ID())
 	serviceFile := fmt.Sprintf("%s.service", c.ID())
+
+	// If the service has failed (the healthcheck has failed), then
+	// the .service file is not removed on stopping the unit file. If
+	// we check the properties of the service, it will automatically
+	// reset the state.  But checking the state takes msecs vs usecs to
+	// blindly call reset.
+	if err := conn.ResetFailedUnitContext(ctx, serviceFile); err != nil {
+		logrus.Debugf("failed to reset unit file: %q", err)
+	}
+
 	// We want to ignore errors where the timer unit and/or service unit has already
 	// been removed. The error return is generic so we have to check against the
 	// string in the error
diff --git a/libpod/network/internal/util/util.go b/libpod/network/internal/util/util.go
index bf9d70aba..d9b9a8dc0 100644
--- a/libpod/network/internal/util/util.go
+++ b/libpod/network/internal/util/util.go
@@ -78,7 +78,7 @@ func GetUsedSubnets(n NetUtil) ([]*net.IPNet, error) {
 	return append(subnets, liveSubnets...), nil
 }
 
-// GetFreeIPv6NetworkSubnet returns a unused ipv4 subnet
+// GetFreeIPv4NetworkSubnet returns a unused ipv4 subnet
 func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet) (*types.Subnet, error) {
 	// the default podman network is 10.88.0.0/16
 	// start locking for free /24 networks
diff --git a/pkg/api/handlers/compat/containers.go b/pkg/api/handlers/compat/containers.go
index 4f101ce84..5a06722ec 100644
--- a/pkg/api/handlers/compat/containers.go
+++ b/pkg/api/handlers/compat/containers.go
@@ -360,7 +360,7 @@ func LibpodToContainer(l *libpod.Container, sz bool) (*handlers.Container, error
 		ID:         l.ID(),
 		Names:      []string{fmt.Sprintf("/%s", l.Name())},
 		Image:      imageName,
-		ImageID:    imageID,
+		ImageID:    "sha256:" + imageID,
 		Command:    strings.Join(l.Command(), " "),
 		Created:    l.CreatedTime().Unix(),
 		Ports:      ports,
diff --git a/pkg/api/server/docs.go b/pkg/api/server/docs.go
index 83d9ef160..2127e7d82 100644
--- a/pkg/api/server/docs.go
+++ b/pkg/api/server/docs.go
@@ -1,4 +1,4 @@
-// Package api Provides an API for the  Libpod library
+// Package api Provides an API for the Libpod library
 //
 // This documentation describes the Podman v2.0 RESTful API.
 // It replaces the Podman v1.0 API and was initially delivered
@@ -45,7 +45,7 @@
 //     Schemes: http, https
 //     Host: podman.io
 //     BasePath: /
-//     Version: 3.2.0
+//     Version: 4.0.0
 //     License: Apache-2.0 https://opensource.org/licenses/Apache-2.0
 //     Contact: Podman <podman@lists.podman.io> https://podman.io/community/
 //
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index 390057c32..11edf265f 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -665,8 +665,8 @@ func CreateCidFile(cidfile string, id string) error {
 	return nil
 }
 
-// DefaultCPUPeriod is the default CPU period is 100us, which is the same default
-// as Kubernetes.
+// DefaultCPUPeriod is the default CPU period (100ms) in microseconds, which is
+// the same default as Kubernetes.
 const DefaultCPUPeriod uint64 = 100000
 
 // CoresToPeriodAndQuota converts a fraction of cores to the equivalent
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index e931ceebe..5a02ca3cb 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -46,6 +46,10 @@ t GET /containers/json?all=true 200 \
   .[0].Image=$IMAGE \
   $network_expect
 
+# compat API imageid with sha256: prefix
+t GET containers/json?limit=1 200 \
+  .[0].ImageID~sha256:[0-9a-f]\\{64\\}
+
 # Make sure `limit` works.
 t GET libpod/containers/json?limit=1 200 \
   length=1 \
diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go
index eb7dc9d11..2f3c3025a 100644
--- a/test/e2e/run_staticip_test.go
+++ b/test/e2e/run_staticip_test.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	. "github.com/containers/podman/v3/test/utils"
+	"github.com/containers/storage/pkg/stringid"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gexec"
@@ -65,6 +66,20 @@ var _ = Describe("Podman run with --ip flag", func() {
 		Expect(result.OutputToString()).To(ContainSubstring(ip + "/16"))
 	})
 
+	It("Podman run with specified static IPv6 has correct IP", func() {
+		netName := "ipv6-" + stringid.GenerateNonCryptoID()
+		ipv6 := "fd46:db93:aa76:ac37::10"
+		net := podmanTest.Podman([]string{"network", "create", "--subnet", "fd46:db93:aa76:ac37::/64", netName})
+		net.WaitWithDefaultTimeout()
+		defer podmanTest.removeCNINetwork(netName)
+		Expect(net).To(Exit(0))
+
+		result := podmanTest.Podman([]string{"run", "-ti", "--network", netName, "--ip6", ipv6, ALPINE, "ip", "addr"})
+		result.WaitWithDefaultTimeout()
+		Expect(result).Should(Exit(0))
+		Expect(result.OutputToString()).To(ContainSubstring(ipv6 + "/64"))
+	})
+
 	It("Podman run with --network bridge:ip=", func() {
 		ip := GetRandomIPAddress()
 		result := podmanTest.Podman([]string{"run", "-ti", "--network", "bridge:ip=" + ip, ALPINE, "ip", "addr"})
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 130cf5492..d81a0758c 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -778,6 +778,25 @@ EOF
     is "$output" "1.2.3.4 foo.com.*" "users can add hosts even without /etc/hosts"
 }
 
+# rhbz#1854566 : $IMAGE has incorrect permission 555 on the root '/' filesystem
+@test "podman run image with filesystem permission" {
+    # make sure the IMAGE image have permissiong of 555 like filesystem RPM expects
+    run_podman run --rm $IMAGE stat -c %a /
+    is "$output" "555" "directory permissions on /"
+}
+
+# rhbz#1763007 : the --log-opt for podman run does not work as expected
+@test "podman run with log-opt option" {
+    # Pseudorandom size of the form N.NNN. The '| 1' handles '0.NNN' or 'N.NN0',
+    # which podman displays as 'NNN kB' or 'N.NN MB' respectively.
+    size=$(printf "%d.%03d" $(($RANDOM % 10 | 1)) $(($RANDOM % 100 | 1)))
+    run_podman run -d --rm --log-opt max-size=${size}m $IMAGE sleep 5
+    cid=$output
+    run_podman inspect --format "{{ .HostConfig.LogConfig.Size }}" $cid
+    is "$output" "${size}MB"
+    run_podman rm -t 0 -f $cid
+}
+
 @test "podman run --kernel-memory warning" {
     # Not sure what situations this fails in, but want to make sure warning shows.
     run_podman '?' run --rm --kernel-memory 100 $IMAGE false