3 files changed, 47 insertions, 11 deletions
diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go
index 4cb8a8c54..8240cc193 100644
--- a/cmd/podman/cp.go
+++ b/cmd/podman/cp.go
@@ -272,6 +272,10 @@ func copy(src, destPath, dest string, idMappingOpts storage.IDMappingOptions, ch
 		}
 		return nil
 	}
+
+	if destDirIsExist || strings.HasSuffix(dest, string(os.PathSeparator)) {
+		destPath = filepath.Join(destPath, filepath.Base(srcPath))
+	}
 	// Copy the file, preserving attributes.
 	logrus.Debugf("copying %q to %q", srcPath, destPath)
 	if err = copyFileWithTar(srcPath, destPath); err != nil {
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index cb3ba14c5..2351f5860 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -7,6 +7,7 @@ import (
 	"github.com/containers/libpod/pkg/adapter"
 	"github.com/opentracing/opentracing-go"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -72,6 +73,10 @@ func createInit(c *cliconfig.PodmanCommand) error {
 		defer span.Finish()
 	}
 
+	if c.IsSet("privileged") && c.IsSet("security-opt") {
+		logrus.Warn("setting security options with --privileged has no effect")
+	}
+
 	// Docker-compatibility: the "-h" flag for run/create is reserved for
 	// the hostname (see https://github.com/containers/libpod/issues/1367).
 
diff --git a/cmd/podman/unshare.go b/cmd/podman/unshare.go
index 1db647dba..4a4e371db 100644
--- a/cmd/podman/unshare.go
+++ b/cmd/podman/unshare.go
@@ -3,10 +3,14 @@
 package main
 
 import (
+	"fmt"
 	"os"
 	"os/exec"
 
-	"github.com/containers/buildah/pkg/unshare"
+	"github.com/containers/libpod/cmd/podman/cliconfig"
+	"github.com/containers/libpod/cmd/podman/libpodruntime"
+	"github.com/containers/libpod/libpod"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -17,38 +21,61 @@ var (
 		Use:   "unshare [flags] [COMMAND [ARG]]",
 		Short: "Run a command in a modified user namespace",
 		Long:  unshareDescription,
-		RunE:  unshareCmd,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			unshareCommand.InputArgs = args
+			unshareCommand.GlobalFlags = MainGlobalOpts
+			return unshareCmd(&unshareCommand)
+		},
 		Example: `podman unshare id
   podman unshare cat /proc/self/uid_map,
   podman unshare podman-script.sh`,
 	}
+	unshareCommand cliconfig.PodmanCommand
 )
 
 func init() {
-	_unshareCommand.SetUsageTemplate(UsageTemplate())
+	unshareCommand.Command = _unshareCommand
+	unshareCommand.SetHelpTemplate(HelpTemplate())
+	unshareCommand.SetUsageTemplate(UsageTemplate())
 	flags := _unshareCommand.Flags()
 	flags.SetInterspersed(false)
 }
 
+func unshareEnv(config *libpod.RuntimeConfig) []string {
+	return append(os.Environ(), "_CONTAINERS_USERNS_CONFIGURED=done",
+		fmt.Sprintf("CONTAINERS_GRAPHROOT=%s", config.StorageConfig.GraphRoot),
+		fmt.Sprintf("CONTAINERS_RUNROOT=%s", config.StorageConfig.RunRoot))
+}
+
 // unshareCmd execs whatever using the ID mappings that we want to use for ourselves
-func unshareCmd(c *cobra.Command, args []string) error {
-	if isRootless := unshare.IsRootless(); !isRootless {
+func unshareCmd(c *cliconfig.PodmanCommand) error {
+
+	if isRootless := rootless.IsRootless(); !isRootless {
 		return errors.Errorf("please use unshare with rootless")
 	}
 	// exec the specified command, if there is one
-	if len(args) < 1 {
+	if len(c.InputArgs) < 1 {
 		// try to exec the shell, if one's set
 		shell, shellSet := os.LookupEnv("SHELL")
 		if !shellSet {
 			return errors.Errorf("no command specified and no $SHELL specified")
 		}
-		args = []string{shell}
+		c.InputArgs = []string{shell}
 	}
-	cmd := exec.Command(args[0], args[1:]...)
-	cmd.Env = unshare.RootlessEnv()
+
+	runtime, err := libpodruntime.GetRuntime(getContext(), c)
+	if err != nil {
+		return err
+	}
+	runtimeConfig, err := runtime.GetConfig()
+	if err != nil {
+		return err
+	}
+
+	cmd := exec.Command(c.InputArgs[0], c.InputArgs[1:]...)
+	cmd.Env = unshareEnv(runtimeConfig)
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
-	unshare.ExecRunnable(cmd)
-	return nil
+	return cmd.Run()
 }