4 files changed, 46 insertions, 3 deletions

diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index e43d54eee..0bb1df7b8 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -2,6 +2,7 @@ package libpod
 
 import (
 	"bytes"
+	"os"
 	"strings"
 	"sync"
 
@@ -658,9 +659,13 @@ func (s *BoltState) UpdateContainer(ctr *Container) error {
 		return err
 	}
 
-	// Handle network namespace
-	if err := replaceNetNS(netNSPath, ctr, newState); err != nil {
-		return err
+	// Handle network namespace.
+	if os.Geteuid() == 0 {
+		// Do it only when root, either on the host or as root in the
+		// user namespace.
+		if err := replaceNetNS(netNSPath, ctr, newState); err != nil {
+			return err
+		}
 	}
 
 	// New state compiled successfully, swap it into the current state
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index a4dcd23be..ac921d737 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -939,6 +939,9 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error {
 
 	// With the spec complete, do an OCI create
 	if err := c.ociRuntime.createContainer(c, nil); err != nil {
+		if strings.Contains(err.Error(), "this version of runc doesn't work on cgroups v2") {
+			logrus.Errorf("oci runtime %q does not support CGroups V2: use system migrate to mitigate", c.ociRuntime.name)
+		}
 		return err
 	}
 
diff --git a/libpod/info.go b/libpod/info.go
index 297086ebb..6caa87038 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -69,6 +69,18 @@ func (r *Runtime) hostInfo() (map[string]interface{}, error) {
 			program["Package"] = packageVersion(path)
 			info["slirp4netns"] = program
 		}
+		uidmappings, err := rootless.ReadMappingsProc("/proc/self/uid_map")
+		if err != nil {
+			return nil, errors.Wrapf(err, "error reading uid mappings")
+		}
+		gidmappings, err := rootless.ReadMappingsProc("/proc/self/gid_map")
+		if err != nil {
+			return nil, errors.Wrapf(err, "error reading gid mappings")
+		}
+		idmappings := make(map[string]interface{})
+		idmappings["uidmap"] = uidmappings
+		idmappings["gidmap"] = gidmappings
+		info["IDMappings"] = idmappings
 	}
 	info["OCIRuntime"] = map[string]interface{}{
 		"path":    r.defaultOCIRuntime.path,
@@ -128,6 +140,7 @@ func (r *Runtime) hostInfo() (map[string]interface{}, error) {
 	}
 	info["hostname"] = host
 	info["eventlogger"] = r.eventer.String()
+
 	return info, nil
 }
 
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 1a2987244..78176a400 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -576,11 +576,33 @@ func (r *Runtime) evictContainer(ctx context.Context, idOrName string, removeVol
 	if !r.valid {
 		return "", define.ErrRuntimeStopped
 	}
+
 	id, err := r.state.LookupContainerID(idOrName)
 	if err != nil {
 		return "", errors.Wrapf(err, "Failed to find container %q in state", idOrName)
 	}
 
+	// Begin by trying a normal removal. Valid containers will be removed normally.
+	tmpCtr, err := r.state.Container(id)
+	if err == nil {
+		logrus.Infof("Container %s successfully retrieved from state, attempting normal removal", id)
+		// Assume force = true for the evict case
+		err = r.removeContainer(ctx, tmpCtr, true, removeVolume, false)
+		if !tmpCtr.valid {
+			// If the container is marked invalid, remove succeeded
+			// in kicking it out of the state - no need to continue.
+			return id, err
+		}
+
+		if err == nil {
+			// Something has gone seriously wrong - no error but
+			// container was not removed.
+			logrus.Errorf("Container %s not removed with no error", id)
+		} else {
+			logrus.Warnf("Failed to removal container %s normally, proceeding with evict: %v", id, err)
+		}
+	}
+
 	// Error out if the container does not exist in libpod
 	exists, err := r.state.HasContainer(id)
 	if err != nil {