1 files changed, 20 insertions, 12 deletions
diff --git a/libpod/oci.go b/libpod/oci.go
index 093bfdd35..e55bd57dc 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -3,7 +3,6 @@ package libpod
 import (
 	"bufio"
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -76,10 +75,10 @@ type syncInfo struct {
 }
 
 // Make a new OCI runtime with provided options
-func newOCIRuntime(name string, path string, conmonPath string, conmonEnv []string, cgroupManager string, tmpDir string, logSizeMax int64, noPivotRoot bool, reservePorts bool) (*OCIRuntime, error) {
+func newOCIRuntime(oruntime OCIRuntimePath, conmonPath string, conmonEnv []string, cgroupManager string, tmpDir string, logSizeMax int64, noPivotRoot bool, reservePorts bool) (*OCIRuntime, error) {
 	runtime := new(OCIRuntime)
-	runtime.name = name
-	runtime.path = path
+	runtime.name = oruntime.Name
+	runtime.path = oruntime.Paths[0]
 	runtime.conmonPath = conmonPath
 	runtime.conmonEnv = conmonEnv
 	runtime.cgroupManager = cgroupManager
@@ -324,7 +323,7 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, res
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", os.Getenv("HOME")))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
 
-	if r.reservePorts {
+	if r.reservePorts && !ctr.config.NetMode.IsSlirp4netns() {
 		ports, err := bindPorts(ctr.config.PortMappings)
 		if err != nil {
 			return err
@@ -357,18 +356,25 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, res
 		// Set the label of the conmon process to be level :s0
 		// This will allow the container processes to talk to fifo-files
 		// passed into the container by conmon
-		var plabel string
+		var (
+			plabel string
+			con    selinux.Context
+		)
 		plabel, err = selinux.CurrentLabel()
 		if err != nil {
 			childPipe.Close()
 			return errors.Wrapf(err, "Failed to get current SELinux label")
 		}
 
-		c := selinux.NewContext(plabel)
+		con, err = selinux.NewContext(plabel)
+		if err != nil {
+			return errors.Wrapf(err, "Failed to get new context from SELinux label")
+		}
+
 		runtime.LockOSThread()
-		if c["level"] != "s0" && c["level"] != "" {
-			c["level"] = "s0"
-			if err = label.SetProcessLabel(c.Get()); err != nil {
+		if con["level"] != "s0" && con["level"] != "" {
+			con["level"] = "s0"
+			if err = label.SetProcessLabel(con.Get()); err != nil {
 				runtime.UnlockOSThread()
 				return err
 			}
@@ -728,7 +734,7 @@ func (r *OCIRuntime) unpauseContainer(ctr *Container) error {
 // TODO: Add --detach support
 // TODO: Convert to use conmon
 // TODO: add --pid-file and use that to generate exec session tracking
-func (r *OCIRuntime) execContainer(c *Container, cmd, capAdd, env []string, tty bool, user, sessionID string) (*exec.Cmd, error) {
+func (r *OCIRuntime) execContainer(c *Container, cmd, capAdd, env []string, tty bool, cwd, user, sessionID string) (*exec.Cmd, error) {
 	if len(cmd) == 0 {
 		return nil, errors.Wrapf(ErrInvalidArg, "must provide a command to execute")
 	}
@@ -749,7 +755,9 @@ func (r *OCIRuntime) execContainer(c *Container, cmd, capAdd, env []string, tty
 
 	args = append(args, "exec")
 
-	args = append(args, "--cwd", c.config.Spec.Process.Cwd)
+	if cwd != "" {
+		args = append(args, "--cwd", cwd)
+	}
 
 	args = append(args, "--pid-file", c.execPidPath(sessionID))