4 files changed, 92 insertions, 13 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 9a2345064..ff7c39de2 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -501,6 +501,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	s.CapDrop = c.CapDrop
 	s.Privileged = c.Privileged
 	s.ReadOnlyFilesystem = c.ReadOnly
+	s.ConmonPidFile = c.ConmonPIDFile
 
 	// TODO
 	// ouitside of specgen and oci though
diff --git a/cmd/podman/containers/runlabel.go b/cmd/podman/containers/runlabel.go
new file mode 100644
index 000000000..11fa362b8
--- /dev/null
+++ b/cmd/podman/containers/runlabel.go
@@ -0,0 +1,80 @@
+package containers
+
+import (
+	"context"
+	"os"
+
+	"github.com/containers/common/pkg/auth"
+	"github.com/containers/image/v5/types"
+	"github.com/containers/libpod/cmd/podman/registry"
+	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+// runlabelOptionsWrapper allows for combining API-only with CLI-only options
+// and to convert between them.
+type runlabelOptionsWrapper struct {
+	entities.ContainerRunlabelOptions
+	TLSVerifyCLI bool
+}
+
+var (
+	runlabelOptions     = runlabelOptionsWrapper{}
+	runlabelDescription = "Executes a command as described by a container image label."
+	runlabelCommand     = &cobra.Command{
+		Use:   "runlabel [flags] LABEL IMAGE [ARG...]",
+		Short: "Execute the command described by an image label",
+		Long:  runlabelDescription,
+		RunE:  runlabel,
+		Args:  cobra.MinimumNArgs(2),
+		Example: `podman container runlabel run imageID
+  podman container runlabel --pull install imageID arg1 arg2
+  podman container runlabel --display run myImage`,
+	}
+)
+
+func init() {
+	registry.Commands = append(registry.Commands, registry.CliCommand{
+		Mode:    []entities.EngineMode{entities.ABIMode},
+		Command: runlabelCommand,
+		Parent:  containerCmd,
+	})
+
+	flags := rmCommand.Flags()
+	flags.StringVar(&runlabelOptions.Authfile, "authfile", auth.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+	flags.StringVar(&runlabelOptions.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
+	flags.StringVar(&runlabelOptions.Credentials, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
+	flags.BoolVar(&runlabelOptions.Display, "display", false, "Preview the command that the label would run")
+	flags.StringVarP(&runlabelOptions.Name, "name", "n", "", "Assign a name to the container")
+	flags.StringVar(&runlabelOptions.Optional1, "opt1", "", "Optional parameter to pass for install")
+	flags.StringVar(&runlabelOptions.Optional2, "opt2", "", "Optional parameter to pass for install")
+	flags.StringVar(&runlabelOptions.Optional3, "opt3", "", "Optional parameter to pass for install")
+	flags.BoolP("pull", "p", false, "Pull the image if it does not exist locally prior to executing the label contents")
+	flags.BoolVarP(&runlabelOptions.Quiet, "quiet", "q", false, "Suppress output information when installing images")
+	flags.BoolVar(&runlabelOptions.Replace, "replace", false, "Replace existing container with a new one from the image")
+	flags.StringVar(&runlabelOptions.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+	flags.BoolVar(&runlabelOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+
+	// Hide the optional flags.
+	_ = flags.MarkHidden("opt1")
+	_ = flags.MarkHidden("opt2")
+	_ = flags.MarkHidden("opt3")
+
+	if err := flags.MarkDeprecated("pull", "podman will pull if not found in local storage"); err != nil {
+		logrus.Error("unable to mark pull flag deprecated")
+	}
+}
+
+func runlabel(cmd *cobra.Command, args []string) error {
+	if cmd.Flags().Changed("tls-verify") {
+		runlabelOptions.SkipTLSVerify = types.NewOptionalBool(!runlabelOptions.TLSVerifyCLI)
+	}
+	if runlabelOptions.Authfile != "" {
+		if _, err := os.Stat(runlabelOptions.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", runlabelOptions.Authfile)
+		}
+	}
+	return registry.ContainerEngine().ContainerRunlabel(context.Background(), args[0], args[1], args[2:], runlabelOptions.ContainerRunlabelOptions)
+}
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index dc57758ab..8413861f5 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -8,6 +8,7 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/registry"
 	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/containers/libpod/pkg/registries"
 	"github.com/spf13/cobra"
 )
 
@@ -23,7 +24,7 @@ var (
 		Short: "Login to a container registry",
 		Long:  "Login to a container registry on a specified server.",
 		RunE:  login,
-		Args:  cobra.ExactArgs(1),
+		Args:  cobra.MaximumNArgs(1),
 		Example: `podman login quay.io
   podman login --username ... --password ... quay.io
   podman login --authfile dir/auth.json quay.io`,
@@ -48,6 +49,7 @@ func init() {
 	flags.BoolVarP(&loginOptions.GetLoginSet, "get-login", "", false, "Return the current login user for the registry")
 	loginOptions.Stdin = os.Stdin
 	loginOptions.Stdout = os.Stdout
+	loginOptions.AcceptUnspecifiedRegistry = true
 }
 
 // Implementation of podman-login.
@@ -62,7 +64,8 @@ func login(cmd *cobra.Command, args []string) error {
 		AuthFilePath:                loginOptions.AuthFile,
 		DockerCertPath:              loginOptions.CertDir,
 		DockerInsecureSkipTLSVerify: skipTLS,
+		SystemRegistriesConfPath:    registries.SystemRegistriesConfPath(),
 	}
 	loginOptions.GetLoginSet = cmd.Flag("get-login").Changed
-	return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args[0])
+	return auth.Login(context.Background(), &sysCtx, &loginOptions.LoginOptions, args)
 }
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index c21711fc0..d0afc21b4 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -7,7 +7,7 @@ import (
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/registry"
 	"github.com/containers/libpod/pkg/domain/entities"
-	"github.com/pkg/errors"
+	"github.com/containers/libpod/pkg/registries"
 	"github.com/spf13/cobra"
 )
 
@@ -39,19 +39,14 @@ func init() {
 	flags.AddFlagSet(auth.GetLogoutFlags(&logoutOptions))
 	logoutOptions.Stdin = os.Stdin
 	logoutOptions.Stdout = os.Stdout
+	logoutOptions.AcceptUnspecifiedRegistry = true
 }
 
 // Implementation of podman-logout.
 func logout(cmd *cobra.Command, args []string) error {
-	sysCtx := types.SystemContext{AuthFilePath: logoutOptions.AuthFile}
-
-	registry := ""
-	if len(args) > 0 {
-		if logoutOptions.All {
-			return errors.New("--all takes no arguments")
-		}
-		registry = args[0]
+	sysCtx := types.SystemContext{
+		AuthFilePath:             logoutOptions.AuthFile,
+		SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
 	}
-
-	return auth.Logout(&sysCtx, &logoutOptions, registry)
+	return auth.Logout(&sysCtx, &logoutOptions, args)
 }