4 files changed, 101 insertions, 2 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 2f45e559d..24b45e479 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -566,6 +566,14 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 		s.Devices = append(s.Devices, specs.LinuxDevice{Path: dev})
 	}
 
+	for _, rule := range c.DeviceCGroupRule {
+		dev, err := parseLinuxResourcesDeviceAccess(rule)
+		if err != nil {
+			return err
+		}
+		s.DeviceCGroupRule = append(s.DeviceCGroupRule, dev)
+	}
+
 	s.Init = c.Init
 	s.InitPath = c.InitPath
 	s.Stdin = c.Interactive
@@ -885,3 +893,58 @@ func parseSecrets(secrets []string) ([]specgen.Secret, map[string]string, error)
 	}
 	return mount, envs, nil
 }
+
+var cgroupDeviceType = map[string]bool{
+	"a": true, // all
+	"b": true, // block device
+	"c": true, // character device
+}
+
+var cgroupDeviceAccess = map[string]bool{
+	"r": true, //read
+	"w": true, //write
+	"m": true, //mknod
+}
+
+// parseLinuxResourcesDeviceAccess parses the raw string passed with the --device-access-add flag
+func parseLinuxResourcesDeviceAccess(device string) (specs.LinuxDeviceCgroup, error) {
+	var devType, access string
+	var major, minor *int64
+
+	value := strings.Split(device, " ")
+	if len(value) != 3 {
+		return specs.LinuxDeviceCgroup{}, fmt.Errorf("invalid device cgroup rule requires type, major:Minor, and access rules: %q", device)
+	}
+
+	devType = value[0]
+	if !cgroupDeviceType[devType] {
+		return specs.LinuxDeviceCgroup{}, fmt.Errorf("invalid device type in device-access-add: %s", devType)
+	}
+
+	number := strings.SplitN(value[1], ":", 2)
+	i, err := strconv.ParseInt(number[0], 10, 64)
+	if err != nil {
+		return specs.LinuxDeviceCgroup{}, err
+	}
+	major = &i
+	if len(number) == 2 && number[1] != "*" {
+		i, err := strconv.ParseInt(number[1], 10, 64)
+		if err != nil {
+			return specs.LinuxDeviceCgroup{}, err
+		}
+		minor = &i
+	}
+	access = value[2]
+	for _, c := range strings.Split(access, "") {
+		if !cgroupDeviceAccess[c] {
+			return specs.LinuxDeviceCgroup{}, fmt.Errorf("invalid device access in device-access-add: %s", c)
+		}
+	}
+	return specs.LinuxDeviceCgroup{
+		Allow:  true,
+		Type:   devType,
+		Major:  major,
+		Minor:  minor,
+		Access: access,
+	}, nil
+}
diff --git a/cmd/podman/containers/logs.go b/cmd/podman/containers/logs.go
index 0d745291e..00a8d4b52 100644
--- a/cmd/podman/containers/logs.go
+++ b/cmd/podman/containers/logs.go
@@ -19,6 +19,8 @@ type logsOptionsWrapper struct {
 	entities.ContainerLogsOptions
 
 	SinceRaw string
+
+	UntilRaw string
 }
 
 var (
@@ -101,6 +103,10 @@ func logsFlags(cmd *cobra.Command) {
 	flags.StringVar(&logsOptions.SinceRaw, sinceFlagName, "", "Show logs since TIMESTAMP")
 	_ = cmd.RegisterFlagCompletionFunc(sinceFlagName, completion.AutocompleteNone)
 
+	untilFlagName := "until"
+	flags.StringVar(&logsOptions.UntilRaw, untilFlagName, "", "Show logs until TIMESTAMP")
+	_ = cmd.RegisterFlagCompletionFunc(untilFlagName, completion.AutocompleteNone)
+
 	tailFlagName := "tail"
 	flags.Int64Var(&logsOptions.Tail, tailFlagName, -1, "Output the specified number of LINES at the end of the logs.  Defaults to -1, which prints all lines")
 	_ = cmd.RegisterFlagCompletionFunc(tailFlagName, completion.AutocompleteNone)
@@ -120,6 +126,14 @@ func logs(_ *cobra.Command, args []string) error {
 		}
 		logsOptions.Since = since
 	}
+	if logsOptions.UntilRaw != "" {
+		// parse time, error out if something is wrong
+		until, err := util.ParseInputTime(logsOptions.UntilRaw)
+		if err != nil {
+			return errors.Wrapf(err, "error parsing --until %q", logsOptions.UntilRaw)
+		}
+		logsOptions.Until = until
+	}
 	logsOptions.StdoutWriter = os.Stdout
 	logsOptions.StderrWriter = os.Stderr
 	return registry.ContainerEngine().ContainerLogs(registry.GetContext(), args, logsOptions.ContainerLogsOptions)
diff --git a/cmd/podman/images/import.go b/cmd/podman/images/import.go
index bed2d4105..bc80417cc 100644
--- a/cmd/podman/images/import.go
+++ b/cmd/podman/images/import.go
@@ -3,6 +3,9 @@ package images
 import (
 	"context"
 	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
 	"strings"
 
 	"github.com/containers/common/pkg/completion"
@@ -97,6 +100,22 @@ func importCon(cmd *cobra.Command, args []string) error {
 	default:
 		return errors.Errorf("too many arguments. Usage TARBALL [REFERENCE]")
 	}
+
+	if source == "-" {
+		outFile, err := ioutil.TempFile("", "podman")
+		if err != nil {
+			return errors.Errorf("error creating file %v", err)
+		}
+		defer os.Remove(outFile.Name())
+		defer outFile.Close()
+
+		_, err = io.Copy(outFile, os.Stdin)
+		if err != nil {
+			return errors.Errorf("error copying file %v", err)
+		}
+		source = outFile.Name()
+	}
+
 	errFileName := parse.ValidateFileName(source)
 	errURL := parse.ValidURL(source)
 	if errURL == nil {
diff --git a/cmd/podman/parse/net.go b/cmd/podman/parse/net.go
index f93c4ab1e..870690db3 100644
--- a/cmd/podman/parse/net.go
+++ b/cmd/podman/parse/net.go
@@ -180,9 +180,12 @@ func ValidateFileName(filename string) error {
 
 // ValidURL checks a string urlStr is a url or not
 func ValidURL(urlStr string) error {
-	_, err := url.ParseRequestURI(urlStr)
+	url, err := url.ParseRequestURI(urlStr)
 	if err != nil {
-		return errors.Wrapf(err, "invalid url path: %q", urlStr)
+		return errors.Wrapf(err, "invalid url %q", urlStr)
+	}
+	if url.Scheme == "" {
+		return errors.Errorf("invalid url %q: missing scheme", urlStr)
 	}
 	return nil
 }