1 files changed, 9 insertions, 8 deletions

diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 3681804ea..ff7c39de2 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -335,15 +335,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 		env = envLib.Join(env, fileEnv)
 	}
 
-	// env overrides any previous variables
-	if cmdLineEnv := c.env; len(cmdLineEnv) > 0 {
-		parsedEnv, err := envLib.ParseSlice(cmdLineEnv)
-		if err != nil {
-			return err
-		}
-		env = envLib.Join(env, parsedEnv)
+	parsedEnv, err := envLib.ParseSlice(c.Env)
+	if err != nil {
+		return err
 	}
-	s.Env = env
+
+	s.Env = envLib.Join(env, parsedEnv)
 
 	// LABEL VARIABLES
 	labels, err := parse.GetAllLabels(c.LabelFile, c.Label)
@@ -504,6 +501,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	s.CapDrop = c.CapDrop
 	s.Privileged = c.Privileged
 	s.ReadOnlyFilesystem = c.ReadOnly
+	s.ConmonPidFile = c.ConmonPIDFile
 
 	// TODO
 	// ouitside of specgen and oci though
@@ -534,10 +532,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 			case "label":
 				// TODO selinux opts and label opts are the same thing
 				s.ContainerSecurityConfig.SelinuxOpts = append(s.ContainerSecurityConfig.SelinuxOpts, con[1])
+				s.Annotations[define.InspectAnnotationLabel] = con[1]
 			case "apparmor":
 				s.ContainerSecurityConfig.ApparmorProfile = con[1]
+				s.Annotations[define.InspectAnnotationApparmor] = con[1]
 			case "seccomp":
 				s.SeccompProfilePath = con[1]
+				s.Annotations[define.InspectAnnotationSeccomp] = con[1]
 			default:
 				return fmt.Errorf("invalid --security-opt 2: %q", opt)
 			}