3 files changed, 77 insertions, 1 deletions

diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 4b0e40df2..e975def0a 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -237,7 +237,7 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, cgroup
 	}
 
 	// netMode
-	nsmode, _, err := specgen.ParseNetworkNamespace(cc.HostConfig.NetworkMode.NetworkName())
+	nsmode, _, err := specgen.ParseNetworkNamespace(string(cc.HostConfig.NetworkMode))
 	if err != nil {
 		return nil, nil, err
 	}
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index e0da142ad..c416d0d7b 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -531,6 +531,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 			case "seccomp":
 				s.SeccompProfilePath = con[1]
 				s.Annotations[define.InspectAnnotationSeccomp] = con[1]
+			// this option is for docker compatibility, it is the same as unmask=ALL
+			case "systempaths":
+				if con[1] == "unconfined" {
+					s.ContainerSecurityConfig.Unmask = append(s.ContainerSecurityConfig.Unmask, []string{"ALL"}...)
+				} else {
+					return fmt.Errorf("invalid systempaths option %q, only `unconfined` is supported", con[1])
+				}
 			case "unmask":
 				s.ContainerSecurityConfig.Unmask = append(s.ContainerSecurityConfig.Unmask, strings.Split(con[1], ":")...)
 			default:
diff --git a/cmd/podman/networks/reload.go b/cmd/podman/networks/reload.go
new file mode 100644
index 000000000..16655c18c
--- /dev/null
+++ b/cmd/podman/networks/reload.go
@@ -0,0 +1,69 @@
+package network
+
+import (
+	"fmt"
+
+	"github.com/containers/podman/v2/cmd/podman/common"
+	"github.com/containers/podman/v2/cmd/podman/registry"
+	"github.com/containers/podman/v2/cmd/podman/utils"
+	"github.com/containers/podman/v2/cmd/podman/validate"
+	"github.com/containers/podman/v2/pkg/domain/entities"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+var (
+	networkReloadDescription = `reload container networks, recreating firewall rules`
+	networkReloadCommand     = &cobra.Command{
+		Use:   "reload [options] [CONTAINER...]",
+		Short: "Reload firewall rules for one or more containers",
+		Long:  networkReloadDescription,
+		RunE:  networkReload,
+		Args: func(cmd *cobra.Command, args []string) error {
+			return validate.CheckAllLatestAndCIDFile(cmd, args, false, false)
+		},
+		ValidArgsFunction: common.AutocompleteContainers,
+		Example: `podman network reload --latest
+  podman network reload 3c13ef6dd843
+  podman network reload test1 test2`,
+		Annotations: map[string]string{
+			registry.ParentNSRequired: "",
+		},
+	}
+)
+
+var (
+	reloadOptions entities.NetworkReloadOptions
+)
+
+func reloadFlags(flags *pflag.FlagSet) {
+	flags.BoolVarP(&reloadOptions.All, "all", "a", false, "Reload network configuration of all containers")
+}
+
+func init() {
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Mode:    []entities.EngineMode{entities.ABIMode},
+		Command: networkReloadCommand,
+		Parent:  networkCmd,
+	})
+	reloadFlags(networkReloadCommand.Flags())
+	validate.AddLatestFlag(networkReloadCommand, &reloadOptions.Latest)
+}
+
+func networkReload(cmd *cobra.Command, args []string) error {
+	responses, err := registry.ContainerEngine().NetworkReload(registry.Context(), args, reloadOptions)
+	if err != nil {
+		return err
+	}
+
+	var errs utils.OutputErrors
+	for _, r := range responses {
+		if r.Err == nil {
+			fmt.Println(r.Id)
+		} else {
+			errs = append(errs, r.Err)
+		}
+	}
+
+	return errs.PrintErrors()
+}