19 files changed, 100 insertions, 51 deletions

diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go
index b8796f9b3..5b5225f02 100644
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@@ -42,6 +42,8 @@ type MainFlags struct {
 	ConnectionName       string
 	RemoteConfigFilePath string
 	Port                 int
+	IdentityFile         string
+	IgnoreHosts          bool
 }
 
 type AttachValues struct {
diff --git a/cmd/podman/common.go b/cmd/podman/common.go
index 0115e6ef1..2a3f8f3ad 100644
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@@ -11,6 +11,7 @@ import (
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/rootless"
+	"github.com/containers/libpod/pkg/sysinfo"
 	"github.com/fatih/camelcase"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/pkg/errors"
@@ -374,8 +375,8 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
 		"PID namespace to use",
 	)
 	createFlags.Int64(
-		"pids-limit", 0,
-		"Tune container pids limit (set -1 for unlimited)",
+		"pids-limit", sysinfo.GetDefaultPidsLimit(),
+		"Tune container pids limit (set 0 for unlimited)",
 	)
 	createFlags.String(
 		"pod", "",
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 36262fd4d..96b4ac2a2 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -6,9 +6,9 @@ import (
 	"os"
 	"strings"
 
-	"github.com/containers/image/docker"
-	"github.com/containers/image/pkg/docker/config"
-	"github.com/containers/image/types"
+	"github.com/containers/image/v4/docker"
+	"github.com/containers/image/v4/pkg/docker/config"
+	"github.com/containers/image/v4/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index 66dc82363..6d6db4b41 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -3,8 +3,8 @@ package main
 import (
 	"fmt"
 
-	"github.com/containers/image/docker"
-	"github.com/containers/image/pkg/docker/config"
+	"github.com/containers/image/v4/docker"
+	"github.com/containers/image/v4/pkg/docker/config"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go
index 917096e17..bdffb6b1e 100644
--- a/cmd/podman/main_local.go
+++ b/cmd/podman/main_local.go
@@ -200,17 +200,12 @@ func setupRootless(cmd *cobra.Command, args []string) error {
 		return errors.Wrapf(err, "could not get pause process pid file path")
 	}
 
-	if _, err := os.Stat(pausePidPath); err == nil {
-		became, ret, err := rootless.TryJoinFromFilePaths("", false, []string{pausePidPath})
-		if err != nil {
-			logrus.Errorf("cannot join pause process.  You may need to remove %s and stop all containers", pausePidPath)
-			logrus.Errorf("you can use `%s system migrate` to recreate the pause process and restart the containers", os.Args[0])
-			logrus.Errorf(err.Error())
-			os.Exit(1)
-		}
-		if became {
-			os.Exit(ret)
-		}
+	became, ret, err := rootless.TryJoinPauseProcess(pausePidPath)
+	if err != nil {
+		return err
+	}
+	if became {
+		os.Exit(ret)
 	}
 
 	// if there is no pid file, try to join existing containers, and create a pause process.
@@ -225,7 +220,7 @@ func setupRootless(cmd *cobra.Command, args []string) error {
 		paths = append(paths, ctr.Config().ConmonPidFile)
 	}
 
-	became, ret, err := rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
+	became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
 	if err := movePauseProcessToScope(); err != nil {
 		conf, err := runtime.GetConfig()
 		if err != nil {
diff --git a/cmd/podman/main_remote.go b/cmd/podman/main_remote.go
index f617422e6..623f4098e 100644
--- a/cmd/podman/main_remote.go
+++ b/cmd/podman/main_remote.go
@@ -3,9 +3,11 @@
 package main
 
 import (
-	"github.com/pkg/errors"
+	"os"
 	"os/user"
+	"strconv"
 
+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
 
@@ -13,14 +15,32 @@ const remote = true
 
 func init() {
 	var username string
-	if curruser, err := user.Current(); err == nil {
-		username = curruser.Username
+	if username = os.Getenv("PODMAN_USER"); username == "" {
+		if curruser, err := user.Current(); err == nil {
+			username = curruser.Username
+		}
+	}
+	host := os.Getenv("PODMAN_HOST")
+	port := 22
+	if portstr := os.Getenv("PODMAN_PORT"); portstr != "" {
+		if p, err := strconv.Atoi(portstr); err == nil {
+			port = p
+		}
+	}
+	key := os.Getenv("PODMAN_IDENTITY_FILE")
+	ignore := false
+	if ignorestr := os.Getenv("PODMAN_IGNORE_HOSTS"); ignorestr != "" {
+		if b, err := strconv.ParseBool(ignorestr); err == nil {
+			ignore = b
+		}
 	}
 	rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.ConnectionName, "connection", "", "remote connection name")
 	rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteConfigFilePath, "remote-config-path", "", "alternate path for configuration file")
 	rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteUserName, "username", username, "username on the remote host")
-	rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.Port, "port", 22, "port on remote host")
-	rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteHost, "remote-host", "", "remote host")
+	rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.Port, "port", port, "port on remote host")
+	rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteHost, "remote-host", host, "remote host")
+	rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.IdentityFile, "identity-file", key, "identity-file")
+	rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.IgnoreHosts, "ignore-hosts", ignore, "ignore hosts")
 	// TODO maybe we allow the altering of this for bridge connections?
 	// rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.VarlinkAddress, "varlink-address", adapter.DefaultAddress, "address of the varlink socket")
 	rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.LogLevel, "log-level", "error", "Log messages above specified level: debug, info, warn, error, fatal or panic. Logged to ~/.config/containers/podman.log")
diff --git a/cmd/podman/network_create.go b/cmd/podman/network_create.go
index 378a92568..11f13faad 100644
--- a/cmd/podman/network_create.go
+++ b/cmd/podman/network_create.go
@@ -4,11 +4,12 @@ package main
 
 import (
 	"fmt"
-	"github.com/containers/libpod/pkg/network"
 	"net"
 
 	"github.com/containers/libpod/cmd/podman/cliconfig"
+	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/pkg/adapter"
+	"github.com/containers/libpod/pkg/network"
 	"github.com/containers/libpod/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -58,6 +59,9 @@ func networkcreateCmd(c *cliconfig.NetworkCreateValues) error {
 	if len(c.InputArgs) > 1 {
 		return errors.Errorf("only one network can be created at a time")
 	}
+	if len(c.InputArgs) > 0 && !libpod.NameRegex.MatchString(c.InputArgs[0]) {
+		return libpod.RegexError
+	}
 	runtime, err := adapter.GetRuntimeNoStore(getContext(), &c.PodmanCommand)
 	if err != nil {
 		return err
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index 53f133929..f8a658297 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -6,10 +6,10 @@ import (
 	"os"
 	"strings"
 
-	"github.com/containers/image/docker"
-	dockerarchive "github.com/containers/image/docker/archive"
-	"github.com/containers/image/transports/alltransports"
-	"github.com/containers/image/types"
+	"github.com/containers/image/v4/docker"
+	dockerarchive "github.com/containers/image/v4/docker/archive"
+	"github.com/containers/image/v4/transports/alltransports"
+	"github.com/containers/image/v4/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
diff --git a/cmd/podman/push.go b/cmd/podman/push.go
index 52fbc652e..36c4988a1 100644
--- a/cmd/podman/push.go
+++ b/cmd/podman/push.go
@@ -6,9 +6,9 @@ import (
 	"os"
 	"strings"
 
-	"github.com/containers/image/directory"
-	"github.com/containers/image/manifest"
-	"github.com/containers/image/types"
+	"github.com/containers/image/v4/directory"
+	"github.com/containers/image/v4/manifest"
+	"github.com/containers/image/v4/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
diff --git a/cmd/podman/remoteclientconfig/config.go b/cmd/podman/remoteclientconfig/config.go
index 13880a868..3faa7954a 100644
--- a/cmd/podman/remoteclientconfig/config.go
+++ b/cmd/podman/remoteclientconfig/config.go
@@ -9,10 +9,12 @@ type RemoteConfig struct {
 
 // RemoteConnection describes the attributes of a podman-remote endpoint
 type RemoteConnection struct {
-	Destination string `toml:"destination"`
-	Username    string `toml:"username"`
-	IsDefault   bool   `toml:"default"`
-	Port        int    `toml:"port"`
+	Destination  string `toml:"destination"`
+	Username     string `toml:"username"`
+	IsDefault    bool   `toml:"default"`
+	Port         int    `toml:"port"`
+	IdentityFile string `toml:"identity_file"`
+	IgnoreHosts  bool   `toml:"ignore_hosts"`
 }
 
 // GetConfigFilePath is a simple helper to export the configuration file's
diff --git a/cmd/podman/remoteclientconfig/configfile_test.go b/cmd/podman/remoteclientconfig/configfile_test.go
index ea2224ea7..0bcac29a8 100644
--- a/cmd/podman/remoteclientconfig/configfile_test.go
+++ b/cmd/podman/remoteclientconfig/configfile_test.go
@@ -143,7 +143,7 @@ func TestRemoteConfig_GetDefault(t *testing.T) {
 		wantErr bool
 	}{
 		// A good toml should return the connection that is marked isDefault
-		{"good", fields{Connections: makeGoodResult().Connections}, &RemoteConnection{"192.168.1.1", "myuser", true, 22}, false},
+		{"good", fields{Connections: makeGoodResult().Connections}, &RemoteConnection{"192.168.1.1", "myuser", true, 22, "", false}, false},
 		// If nothing is marked as isDefault and there is more than one connection, error should occur
 		{"nodefault", fields{Connections: noDefault}, nil, true},
 		// if nothing is marked as isDefault but there is only one connection, the one connection is considered the default
@@ -183,9 +183,9 @@ func TestRemoteConfig_GetRemoteConnection(t *testing.T) {
 		wantErr bool
 	}{
 		// Good connection
-		{"goodhomer", fields{Connections: makeGoodResult().Connections}, args{name: "homer"}, &RemoteConnection{"192.168.1.1", "myuser", true, 22}, false},
+		{"goodhomer", fields{Connections: makeGoodResult().Connections}, args{name: "homer"}, &RemoteConnection{"192.168.1.1", "myuser", true, 22, "", false}, false},
 		// Good connection
-		{"goodbart", fields{Connections: makeGoodResult().Connections}, args{name: "bart"}, &RemoteConnection{"foobar.com", "root", false, 22}, false},
+		{"goodbart", fields{Connections: makeGoodResult().Connections}, args{name: "bart"}, &RemoteConnection{"foobar.com", "root", false, 22, "", false}, false},
 		// Getting an unknown connection should result in error
 		{"noexist", fields{Connections: makeGoodResult().Connections}, args{name: "foobar"}, nil, true},
 		// Getting a connection when there are none should result in an error
diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go
index 9e3ce4d0b..89062f524 100644
--- a/cmd/podman/rm.go
+++ b/cmd/podman/rm.go
@@ -13,7 +13,7 @@ var (
 	rmCommand     cliconfig.RmValues
 	rmDescription = fmt.Sprintf(`Removes one or more containers from the host. The container name or ID can be used.
 
-  Command does not remove images. Running containers will not be removed without the -f option.`)
+  Command does not remove images. Running or unusable containers will not be removed without the -f option.`)
 	_rmCommand = &cobra.Command{
 		Use:   "rm [flags] CONTAINER [CONTAINER...]",
 		Short: "Remove one or more containers",
@@ -29,7 +29,8 @@ var (
 		},
 		Example: `podman rm imageID
   podman rm mywebserver myflaskserver 860a4b23
-  podman rm --force --all`,
+  podman rm --force --all
+  podman rm -f c684f0d469f2`,
 	}
 )
 
@@ -39,7 +40,7 @@ func init() {
 	rmCommand.SetUsageTemplate(UsageTemplate())
 	flags := rmCommand.Flags()
 	flags.BoolVarP(&rmCommand.All, "all", "a", false, "Remove all containers")
-	flags.BoolVarP(&rmCommand.Force, "force", "f", false, "Force removal of a running container.  The default is false")
+	flags.BoolVarP(&rmCommand.Force, "force", "f", false, "Force removal of a running or unusable container.  The default is false")
 	flags.BoolVarP(&rmCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
 	flags.BoolVar(&rmCommand.Storage, "storage", false, "Remove container from storage library")
 	flags.BoolVarP(&rmCommand.Volumes, "volumes", "v", false, "Remove the volumes associated with the container")
diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go
index db6d390d5..0369612b9 100644
--- a/cmd/podman/runlabel.go
+++ b/cmd/podman/runlabel.go
@@ -6,7 +6,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/containers/image/types"
+	"github.com/containers/image/v4/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
 	"github.com/containers/libpod/cmd/podman/shared"
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index f4c51bff1..9dad69297 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 
 	"github.com/containers/buildah/pkg/formats"
-	"github.com/containers/image/types"
+	"github.com/containers/image/v4/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
diff --git a/cmd/podman/shared/container.go b/cmd/podman/shared/container.go
index 5122d37d1..022377b1f 100644
--- a/cmd/podman/shared/container.go
+++ b/cmd/podman/shared/container.go
@@ -13,7 +13,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/containers/image/types"
+	"github.com/containers/image/v4/types"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/image"
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index fc8197721..9020613c5 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -12,7 +12,7 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/containers/image/manifest"
+	"github.com/containers/image/v4/manifest"
 	"github.com/containers/libpod/cmd/podman/shared/parse"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/image"
@@ -686,6 +686,11 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
 		logDriver = c.String("log-driver")
 	}
 
+	pidsLimit := c.Int64("pids-limit")
+	if c.String("cgroups") == "disabled" && !c.Changed("pids-limit") {
+		pidsLimit = 0
+	}
+
 	config := &cc.CreateConfig{
 		Annotations:       annotations,
 		BuiltinImgVolumes: ImageVolumes,
@@ -764,7 +769,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
 			MemorySwappiness:  int(memorySwappiness),
 			KernelMemory:      memoryKernel,
 			OomScoreAdj:       c.Int("oom-score-adj"),
-			PidsLimit:         c.Int64("pids-limit"),
+			PidsLimit:         pidsLimit,
 			Ulimit:            c.StringSlice("ulimit"),
 		},
 		RestartPolicy: c.String("restart"),
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go
index 79bc3f02b..b6e82ba0b 100644
--- a/cmd/podman/sign.go
+++ b/cmd/podman/sign.go
@@ -8,9 +8,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/containers/image/signature"
-	"github.com/containers/image/transports"
-	"github.com/containers/image/transports/alltransports"
+	"github.com/containers/image/v4/signature"
+	"github.com/containers/image/v4/transports"
+	"github.com/containers/image/v4/transports/alltransports"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
 	"github.com/containers/libpod/libpod/image"
diff --git a/cmd/podman/start.go b/cmd/podman/start.go
index 737a6d9f1..2d2cf74d2 100644
--- a/cmd/podman/start.go
+++ b/cmd/podman/start.go
@@ -60,6 +60,9 @@ func startCmd(c *cliconfig.StartValues) error {
 	}
 
 	sigProxy := c.SigProxy || attach
+	if c.Flag("sig-proxy").Changed {
+		sigProxy = c.SigProxy
+	}
 
 	if sigProxy && !attach {
 		return errors.Wrapf(define.ErrInvalidArg, "you cannot use sig-proxy without --attach")
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index 7239f5d2e..2408dc80c 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -727,10 +727,12 @@ method GetAttachSockets(name: string) -> (sockets: Sockets)
 # or name, a [ContainerNotFound](#ContainerNotFound) error is returned.
 method WaitContainer(name: string, interval: int) -> (exitcode: int)
 
-# RemoveContainer requires the name or ID of container as well a boolean representing whether a running container can be stopped and removed, and a boolean
+# RemoveContainer requires the name or ID of a container as well as a boolean that
+# indicates whether a container should be forcefully removed (e.g., by stopping it), and a boolean
 # indicating whether to remove builtin volumes. Upon successful removal of the
 # container, its ID is returned.  If the
 # container cannot be found by name or ID, a [ContainerNotFound](#ContainerNotFound) error will be returned.
+# See also [EvictContainer](EvictContainer).
 # #### Example
 # ~~~
 # $ varlink call -m unix:/run/podman/io.podman/io.podman.RemoveContainer '{"name": "62f4fd98cb57"}'
@@ -740,6 +742,20 @@ method WaitContainer(name: string, interval: int) -> (exitcode: int)
 # ~~~
 method RemoveContainer(name: string, force: bool, removeVolumes: bool) -> (container: string)
 
+# EvictContainer requires the name or ID of a container as well as a boolean that
+# indicates to remove builtin volumes. Upon successful eviction of the container,
+# its ID is returned.  If the container cannot be found by name or ID,
+# a [ContainerNotFound](#ContainerNotFound) error will be returned.
+# See also [RemoveContainer](RemoveContainer).
+# #### Example
+# ~~~
+# $ varlink call -m unix:/run/podman/io.podman/io.podman.EvictContainer '{"name": "62f4fd98cb57"}'
+# {
+#   "container": "62f4fd98cb57f529831e8f90610e54bba74bd6f02920ffb485e15376ed365c20"
+# }
+# ~~~
+method EvictContainer(name: string, removeVolumes: bool) -> (container: string)
+
 # DeleteStoppedContainers will delete all containers that are not running. It will return a list the deleted
 # container IDs.  See also [RemoveContainer](RemoveContainer).
 # #### Example