6 files changed, 53 insertions, 38 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 0cce6ca22..cd020e429 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -18,11 +18,6 @@ import (
 	"k8s.io/client-go/tools/remotecommand"
 )
 
-const (
-	defaultExecExitCode             = 125
-	defaultExecExitCodeCannotInvoke = 126
-)
-
 // Init creates a container in the OCI runtime
 func (c *Container) Init(ctx context.Context) (err error) {
 	span, _ := opentracing.StartSpanFromContext(ctx, "containerInit")
@@ -234,7 +229,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
 		defer c.lock.Unlock()
 
 		if err := c.syncContainer(); err != nil {
-			return defaultExecExitCodeCannotInvoke, err
+			return define.ExecErrorCodeCannotInvoke, err
 		}
 	}
 
@@ -242,7 +237,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
 
 	// TODO can probably relax this once we track exec sessions
 	if conState != define.ContainerStateRunning {
-		return defaultExecExitCodeCannotInvoke, errors.Wrapf(define.ErrCtrStateInvalid, "cannot exec into container that is not running")
+		return define.ExecErrorCodeCannotInvoke, errors.Wrapf(define.ErrCtrStateInvalid, "cannot exec into container that is not running")
 	}
 
 	if privileged || c.config.Privileged {
@@ -269,7 +264,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
 
 	logrus.Debugf("Creating new exec session in container %s with session id %s", c.ID(), sessionID)
 	if err := c.createExecBundle(sessionID); err != nil {
-		return defaultExecExitCodeCannotInvoke, err
+		return define.ExecErrorCodeCannotInvoke, err
 	}
 
 	defer func() {
@@ -281,7 +276,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
 
 	pid, attachChan, err := c.ociRuntime.execContainer(c, cmd, capList, env, tty, workDir, user, sessionID, streams, preserveFDs, resize, detachKeys)
 	if err != nil {
-		ec := defaultExecExitCode
+		ec := define.ExecErrorCodeGeneric
 		// Conmon will pass a non-zero exit code from the runtime as a pid here.
 		// we differentiate a pid with an exit code by sending it as negative, so reverse
 		// that change and return the exit code the runtime failed with.
@@ -303,7 +298,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir
 	if err := c.save(); err != nil {
 		// Now we have a PID but we can't save it in the DB
 		// TODO handle this better
-		return defaultExecExitCode, errors.Wrapf(err, "error saving exec sessions %s for container %s", sessionID, c.ID())
+		return define.ExecErrorCodeGeneric, errors.Wrapf(err, "error saving exec sessions %s for container %s", sessionID, c.ID())
 	}
 	c.newContainerEvent(events.Exec)
 	logrus.Debugf("Successfully started exec session %s in container %s", sessionID, c.ID())
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index c4d2af66e..aee8c4657 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -963,24 +963,16 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
 	}
 
 	hostConfig.DnsOptions = make([]string, 0, len(c.config.DNSOption))
-	for _, opt := range c.config.DNSOption {
-		hostConfig.DnsOptions = append(hostConfig.DnsOptions, opt)
-	}
+	hostConfig.DnsOptions = append(hostConfig.DnsOptions, c.config.DNSOption...)
 
 	hostConfig.DnsSearch = make([]string, 0, len(c.config.DNSSearch))
-	for _, search := range c.config.DNSSearch {
-		hostConfig.DnsSearch = append(hostConfig.DnsSearch, search)
-	}
+	hostConfig.DnsSearch = append(hostConfig.DnsSearch, c.config.DNSSearch...)
 
 	hostConfig.ExtraHosts = make([]string, 0, len(c.config.HostAdd))
-	for _, host := range c.config.HostAdd {
-		hostConfig.ExtraHosts = append(hostConfig.ExtraHosts, host)
-	}
+	hostConfig.ExtraHosts = append(hostConfig.ExtraHosts, c.config.HostAdd...)
 
 	hostConfig.GroupAdd = make([]string, 0, len(c.config.Groups))
-	for _, group := range c.config.Groups {
-		hostConfig.GroupAdd = append(hostConfig.GroupAdd, group)
-	}
+	hostConfig.GroupAdd = append(hostConfig.GroupAdd, c.config.Groups...)
 
 	hostConfig.SecurityOpt = []string{}
 	if ctrSpec.Process != nil {
diff --git a/libpod/define/exec_codes.go b/libpod/define/exec_codes.go
new file mode 100644
index 000000000..7184f1e59
--- /dev/null
+++ b/libpod/define/exec_codes.go
@@ -0,0 +1,30 @@
+package define
+
+import (
+	"github.com/pkg/errors"
+)
+
+const (
+	// ExecErrorCodeGeneric is the default error code to return from an exec session if libpod failed
+	// prior to calling the runtime
+	ExecErrorCodeGeneric = 125
+	// ExecErrorCodeCannotInvoke is the error code to return when the runtime fails to invoke a command
+	// an example of this can be found by trying to execute a directory:
+	// `podman exec -l /etc`
+	ExecErrorCodeCannotInvoke = 126
+	// ExecErrorCodeNotFound is the error code to return when a command cannot be found
+	ExecErrorCodeNotFound = 127
+)
+
+// TranslateExecErrorToExitCode takes an error and checks whether it
+// has a predefined exit code associated. If so, it returns that, otherwise it returns
+// the exit code originally stated in libpod.Exec()
+func TranslateExecErrorToExitCode(originalEC int, err error) int {
+	if errors.Cause(err) == ErrOCIRuntimePermissionDenied {
+		return ExecErrorCodeCannotInvoke
+	}
+	if errors.Cause(err) == ErrOCIRuntimeNotFound {
+		return ExecErrorCodeNotFound
+	}
+	return originalEC
+}
diff --git a/libpod/image/image.go b/libpod/image/image.go
index a057bc720..db50e3dbd 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -38,26 +38,19 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// imageConversions is used to cache image "cast" types
-type imageConversions struct {
-	imgRef   types.Image
-	storeRef types.ImageReference
-}
-
 // Image is the primary struct for dealing with images
 // It is still very much a work in progress
 type Image struct {
 	// Adding these two structs for now but will cull when we near
 	// completion of this library.
-	imageConversions
+	imgRef   types.Image
+	storeRef types.ImageReference
 	inspect.ImageData
 	inspect.ImageResult
-	inspectInfo *types.ImageInspectInfo
-	InputName   string
-	//runtime   *libpod.Runtime
+	inspectInfo  *types.ImageInspectInfo
+	InputName    string
 	image        *storage.Image
 	imageruntime *Runtime
-	repotagsMap  map[string][]string
 }
 
 // Runtime contains the store
diff --git a/libpod/oci_attach_linux.go b/libpod/oci_attach_linux.go
index 7157ee2f7..22afa7416 100644
--- a/libpod/oci_attach_linux.go
+++ b/libpod/oci_attach_linux.go
@@ -188,7 +188,9 @@ func setupStdioChannels(streams *AttachStreams, conn *net.UnixConn, detachKeys [
 		var err error
 		if streams.AttachInput {
 			_, err = utils.CopyDetachable(conn, streams.InputStream, detachKeys)
-			conn.CloseWrite()
+			if connErr := conn.CloseWrite(); connErr != nil {
+				logrus.Errorf("unable to close conn: %q", connErr)
+			}
 		}
 		stdinDone <- err
 	}()
diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go
index 1d8654eca..0bcd021db 100644
--- a/libpod/oci_internal_linux.go
+++ b/libpod/oci_internal_linux.go
@@ -19,6 +19,7 @@ import (
 
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/cgroups"
+	"github.com/containers/libpod/pkg/errorhandling"
 	"github.com/containers/libpod/pkg/lookup"
 	"github.com/containers/libpod/pkg/util"
 	"github.com/containers/libpod/utils"
@@ -44,14 +45,14 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Containe
 	if err != nil {
 		return errors.Wrapf(err, "error creating socket pair")
 	}
-	defer parentSyncPipe.Close()
+	defer errorhandling.CloseQuiet(parentSyncPipe)
 
 	childStartPipe, parentStartPipe, err := newPipe()
 	if err != nil {
 		return errors.Wrapf(err, "error creating socket pair for start pipe")
 	}
 
-	defer parentStartPipe.Close()
+	defer errorhandling.CloseQuiet(parentStartPipe)
 
 	var ociLog string
 	if logrus.GetLevel() != logrus.DebugLevel && r.supportsJSON {
@@ -273,7 +274,7 @@ func (r *OCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, pidPath
 		logDriver = JournaldLogging
 	case JSONLogging:
 		fallthrough
-	default:
+	default: //nolint-stylecheck
 		// No case here should happen except JSONLogging, but keep this here in case the options are extended
 		logrus.Errorf("%s logging specified but not supported. Choosing k8s-file logging instead", ctr.LogDriver())
 		fallthrough
@@ -336,7 +337,9 @@ func startCommandGivenSelinux(cmd *exec.Cmd) error {
 	err = cmd.Start()
 	// Ignore error returned from SetProcessLabel("") call,
 	// can't recover.
-	label.SetProcessLabel("")
+	if labelErr := label.SetProcessLabel(""); labelErr != nil {
+		logrus.Errorf("unable to set process label: %q", err)
+	}
 	runtime.UnlockOSThread()
 	return err
 }