8 files changed, 85 insertions, 82 deletions

diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index ef300ef75..dd8b61408 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -67,24 +67,26 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{
 	_exportCommand:  true,
 	//// `info` must be executed in an user namespace.
 	//// If this change, please also update libpod.refreshRootless()
-	_loginCommand:    true,
-	_logoutCommand:   true,
-	_mountCommand:    true,
-	_killCommand:     true,
-	_pauseCommand:    true,
-	_podRmCommand:    true,
-	_podKillCommand:  true,
-	_podStatsCommand: true,
-	_podStopCommand:  true,
-	_podTopCommand:   true,
-	_restartCommand:  true,
-	_rmCommand:       true,
-	_runCommand:      true,
-	_unpauseCommand:  true,
-	_searchCommand:   true,
-	_statsCommand:    true,
-	_stopCommand:     true,
-	_topCommand:      true,
+	_loginCommand:      true,
+	_logoutCommand:     true,
+	_mountCommand:      true,
+	_killCommand:       true,
+	_pauseCommand:      true,
+	_podRmCommand:      true,
+	_podKillCommand:    true,
+	_podRestartCommand: true,
+	_podStatsCommand:   true,
+	_podStopCommand:    true,
+	_podTopCommand:     true,
+	_restartCommand:    true,
+	&_psCommand:        true,
+	_rmCommand:         true,
+	_runCommand:        true,
+	_unpauseCommand:    true,
+	_searchCommand:     true,
+	_statsCommand:      true,
+	_stopCommand:       true,
+	_topCommand:        true,
 }
 
 var rootCmd = &cobra.Command{
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index eeb1aad64..10221a339 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -186,7 +187,7 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
 		if err != nil {
 			return err
 		}
-		createConfig, err := kubeContainerToCreateConfig(container, runtime, newImage, namespaces, volumes)
+		createConfig, err := kubeContainerToCreateConfig(ctx, container, runtime, newImage, namespaces, volumes)
 		if err != nil {
 			return err
 		}
@@ -231,7 +232,7 @@ func getPodPorts(containers []v1.Container) []ocicni.PortMapping {
 }
 
 // kubeContainerToCreateConfig takes a v1.Container and returns a createconfig describing a container
-func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Runtime, newImage *image2.Image, namespaces map[string]string, volumes map[string]string) (*createconfig.CreateConfig, error) {
+func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container, runtime *libpod.Runtime, newImage *image2.Image, namespaces map[string]string, volumes map[string]string) (*createconfig.CreateConfig, error) {
 	var (
 		containerConfig createconfig.CreateConfig
 		envs            map[string]string
@@ -243,6 +244,14 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
 	containerConfig.Name = containerYAML.Name
 	containerConfig.Tty = containerYAML.TTY
 	containerConfig.WorkDir = containerYAML.WorkingDir
+
+	imageData, _ := newImage.Inspect(ctx)
+
+	containerConfig.User = "0"
+	if imageData != nil {
+		containerConfig.User = imageData.Config.User
+	}
+
 	if containerConfig.SecurityOpts != nil {
 		if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
 			containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
@@ -280,6 +289,7 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
 	for _, e := range containerYAML.Env {
 		envs[e.Name] = e.Value
 	}
+	containerConfig.Env = envs
 
 	for _, volume := range containerYAML.VolumeMounts {
 		host_path, exists := volumes[volume.Name]
@@ -291,6 +301,5 @@ func kubeContainerToCreateConfig(containerYAML v1.Container, runtime *libpod.Run
 		}
 		containerConfig.Volumes = append(containerConfig.Volumes, fmt.Sprintf("%s:%s", host_path, volume.MountPath))
 	}
-	containerConfig.Env = envs
 	return &containerConfig, nil
 }
diff --git a/cmd/podman/pod_kill.go b/cmd/podman/pod_kill.go
index ebd7db762..c538674a4 100644
--- a/cmd/podman/pod_kill.go
+++ b/cmd/podman/pod_kill.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/pkg/adapter"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -48,6 +49,7 @@ func init() {
 
 // podKillCmd kills one or more pods with a signal
 func podKillCmd(c *cliconfig.PodKillValues) error {
+	rootless.SetSkipStorageSetup(true)
 	runtime, err := adapter.GetRuntime(&c.PodmanCommand)
 	if err != nil {
 		return errors.Wrapf(err, "could not get runtime")
diff --git a/cmd/podman/pod_restart.go b/cmd/podman/pod_restart.go
index 0765b98db..9c8d28424 100644
--- a/cmd/podman/pod_restart.go
+++ b/cmd/podman/pod_restart.go
@@ -2,9 +2,11 @@ package main
 
 import (
 	"fmt"
+	"os"
 
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/pkg/adapter"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -46,12 +48,24 @@ func init() {
 
 func podRestartCmd(c *cliconfig.PodRestartValues) error {
 	var lastError error
+	if os.Geteuid() != 0 {
+		rootless.SetSkipStorageSetup(true)
+	}
 	runtime, err := adapter.GetRuntime(&c.PodmanCommand)
 	if err != nil {
 		return errors.Wrapf(err, "could not get runtime")
 	}
 	defer runtime.Shutdown(false)
 
+	if rootless.IsRootless() {
+		var err error
+
+		c.InputArgs, c.All, c.Latest, err = joinPodNS(runtime, c.All, c.Latest, c.InputArgs)
+		if err != nil {
+			return err
+		}
+	}
+
 	restartIDs, conErrors, restartErrors := runtime.RestartPods(getContext(), c)
 
 	for _, p := range restartIDs {
diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go
index de6966c3b..ad942da2e 100644
--- a/cmd/podman/ps.go
+++ b/cmd/podman/ps.go
@@ -17,6 +17,7 @@ import (
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/libpod/pkg/util"
 	"github.com/cri-o/ocicni/pkg/ocicni"
 	"github.com/docker/go-units"
@@ -200,6 +201,9 @@ func init() {
 }
 
 func psCmd(c *cliconfig.PsValues) error {
+	if os.Geteuid() != 0 {
+		rootless.SetSkipStorageSetup(true)
+	}
 	if c.Bool("trace") {
 		span, _ := opentracing.StartSpanFromContext(Ctx, "psCmd")
 		defer span.Finish()
diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go
index 341cbf978..e6a6d8434 100644
--- a/cmd/podman/restart.go
+++ b/cmd/podman/restart.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"fmt"
 	"os"
 
 	"github.com/containers/libpod/cmd/podman/cliconfig"
@@ -61,6 +60,15 @@ func restartCmd(c *cliconfig.RestartValues) error {
 	if os.Geteuid() != 0 {
 		rootless.SetSkipStorageSetup(true)
 	}
+	if rootless.IsRootless() {
+		// If we are in the re-execed rootless environment,
+		// override the arg to deal only with one container.
+		if os.Geteuid() == 0 {
+			c.All = false
+			c.Latest = false
+			c.InputArgs = []string{rootless.Argument()}
+		}
+	}
 
 	args := c.InputArgs
 	runOnly := c.Running
@@ -107,6 +115,20 @@ func restartCmd(c *cliconfig.RestartValues) error {
 		}
 	}
 
+	if os.Geteuid() != 0 {
+		// In rootless mode we can deal with one container at at time.
+		for _, c := range restartContainers {
+			_, ret, err := joinContainerOrCreateRootlessUserNS(runtime, c)
+			if err != nil {
+				return err
+			}
+			if ret != 0 {
+				os.Exit(ret)
+			}
+		}
+		os.Exit(0)
+	}
+
 	maxWorkers := shared.Parallelize("restart")
 	if c.GlobalIsSet("max-workers") {
 		maxWorkers = c.GlobalFlags.MaxWorks
@@ -114,22 +136,6 @@ func restartCmd(c *cliconfig.RestartValues) error {
 
 	logrus.Debugf("Setting maximum workers to %d", maxWorkers)
 
-	if rootless.IsRootless() {
-		// With rootless containers we cannot really restart an existing container
-		// as we would need to join the mount namespace as well to be able to reuse
-		// the storage.
-		if err := stopRootlessContainers(restartContainers, timeout, useTimeout, maxWorkers); err != nil {
-			return err
-		}
-		became, ret, err := rootless.BecomeRootInUserNS()
-		if err != nil {
-			return err
-		}
-		if became {
-			os.Exit(ret)
-		}
-	}
-
 	// We now have a slice of all the containers to be restarted. Iterate them to
 	// create restart Funcs with a timeout as needed
 	for _, ctr := range restartContainers {
@@ -152,46 +158,3 @@ func restartCmd(c *cliconfig.RestartValues) error {
 	restartErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, restartFuncs)
 	return printParallelOutput(restartErrors, errCount)
 }
-
-func stopRootlessContainers(stopContainers []*libpod.Container, timeout uint, useTimeout bool, maxWorkers int) error {
-	var stopFuncs []shared.ParallelWorkerInput
-	for _, ctr := range stopContainers {
-		state, err := ctr.State()
-		if err != nil {
-			return err
-		}
-		if state != libpod.ContainerStateRunning {
-			continue
-		}
-
-		ctrTimeout := ctr.StopTimeout()
-		if useTimeout {
-			ctrTimeout = timeout
-		}
-
-		c := ctr
-		f := func() error {
-			return c.StopWithTimeout(ctrTimeout)
-		}
-
-		stopFuncs = append(stopFuncs, shared.ParallelWorkerInput{
-			ContainerID:  c.ID(),
-			ParallelFunc: f,
-		})
-
-		restartErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, stopFuncs)
-		var lastError error
-		for _, result := range restartErrors {
-			if result != nil {
-				if errCount > 1 {
-					fmt.Println(result.Error())
-				}
-				lastError = result
-			}
-		}
-		if lastError != nil {
-			return lastError
-		}
-	}
-	return nil
-}
diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go
index 299420bb6..253771e14 100644
--- a/cmd/podman/rm.go
+++ b/cmd/podman/rm.go
@@ -108,6 +108,7 @@ func rmCmd(c *cliconfig.RmValues) error {
 			c.Latest = false
 			c.InputArgs = []string{rootless.Argument()}
 		} else {
+			exitCode = 0
 			var containers []*libpod.Container
 			if c.All {
 				containers, err = runtime.GetContainers()
@@ -121,6 +122,10 @@ func rmCmd(c *cliconfig.RmValues) error {
 				for _, c := range c.InputArgs {
 					container, err = runtime.LookupContainer(c)
 					if err != nil {
+						if errors.Cause(err) == libpod.ErrNoSuchCtr {
+							exitCode = 1
+							continue
+						}
 						return err
 					}
 					containers = append(containers, container)
@@ -136,7 +141,7 @@ func rmCmd(c *cliconfig.RmValues) error {
 					os.Exit(ret)
 				}
 			}
-			os.Exit(0)
+			os.Exit(exitCode)
 		}
 	}
 
diff --git a/cmd/podman/version.go b/cmd/podman/version.go
index 336be892e..31b0b8e82 100644
--- a/cmd/podman/version.go
+++ b/cmd/podman/version.go
@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"os"
+	"strings"
 	"text/tabwriter"
 	"time"
 
@@ -43,6 +44,9 @@ func versionCmd(c *cliconfig.VersionValues) error {
 
 	versionOutputFormat := c.Format
 	if versionOutputFormat != "" {
+		if strings.Join(strings.Fields(versionOutputFormat), "") == "{{json.}}" {
+			versionOutputFormat = formats.JSONString
+		}
 		var out formats.Writer
 		switch versionOutputFormat {
 		case formats.JSONString: