8 files changed, 56 insertions, 13 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 31dbee572..f789b0069 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -563,7 +563,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 // systemd expects to have /run, /run/lock and /tmp on tmpfs
 // It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
 func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
-	options := []string{"rw", "rprivate", "noexec", "nosuid", "nodev"}
+	options := []string{"rw", "rprivate", "nosuid", "nodev"}
 	for _, dest := range []string{"/run", "/run/lock"} {
 		if MountExists(mounts, dest) {
 			continue
@@ -627,7 +627,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 			Destination: "/sys/fs/cgroup/systemd",
 			Type:        "bind",
 			Source:      "/sys/fs/cgroup/systemd",
-			Options:     []string{"bind", "nodev", "noexec", "nosuid", "rprivate"},
+			Options:     []string{"bind", "nodev", "nosuid", "rprivate"},
 		}
 		g.AddMount(systemdMnt)
 		g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent")
@@ -1584,6 +1584,17 @@ func (c *Container) generatePasswd() (string, error) {
 	if _, err := os.Stat(passwdPath); err == nil {
 		return passwdPath, nil
 	}
+	// Check if container has a /etc/passwd - if it doesn't do nothing.
+	passwdPath, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/passwd")
+	if err != nil {
+		return "", errors.Wrapf(err, "error creating path to container %s /etc/passwd", c.ID())
+	}
+	if _, err := os.Stat(passwdPath); err != nil {
+		if os.IsNotExist(err) {
+			return "", nil
+		}
+		return "", errors.Wrapf(err, "unable to access container %s /etc/passwd", c.ID())
+	}
 	pwd := ""
 	if c.config.User != "" {
 		entry, err := c.generateUserPasswdEntry()
diff --git a/libpod/image/docker_registry_options.go b/libpod/image/docker_registry_options.go
index c434f0259..257b7ae8d 100644
--- a/libpod/image/docker_registry_options.go
+++ b/libpod/image/docker_registry_options.go
@@ -30,6 +30,8 @@ type DockerRegistryOptions struct {
 	OSChoice string
 	// If not "", overrides the use of platform.GOARCH when choosing an image or verifying architecture match.
 	ArchitectureChoice string
+	// If not "", overrides_VARIANT_ instead of the running architecture variant for choosing images.
+	VariantChoice string
 	// RegistriesConfPath can be used to override the default path of registries.conf.
 	RegistriesConfPath string
 }
@@ -43,6 +45,7 @@ func (o DockerRegistryOptions) GetSystemContext(parent *types.SystemContext, add
 		DockerArchiveAdditionalTags: additionalDockerArchiveTags,
 		OSChoice:                    o.OSChoice,
 		ArchitectureChoice:          o.ArchitectureChoice,
+		VariantChoice:               o.VariantChoice,
 		BigFilesTemporaryDir:        parse.GetTempDir(),
 	}
 	if parent != nil {
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 6106084d5..dee2ce0ee 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -1246,7 +1246,12 @@ func areParentAndChild(parent, child *imgspecv1.Image) bool {
 	// the child and candidate parent should share all of the
 	// candidate parent's diff IDs, which together would have
 	// controlled which layers were used
-	if len(parent.RootFS.DiffIDs) > len(child.RootFS.DiffIDs) {
+
+	// issue #7444 describes a panic where the length of child.RootFS.DiffIDs
+	// is checked but child is nil.  Adding a simple band-aid approach to prevent
+	// the problem until the origin of the problem can be worked out in the issue
+	// itself.
+	if child == nil || len(parent.RootFS.DiffIDs) > len(child.RootFS.DiffIDs) {
 		return false
 	}
 	childUsesCandidateDiffs := true
diff --git a/libpod/image/pull.go b/libpod/image/pull.go
index 641698d03..bdcda4016 100644
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@@ -228,6 +228,7 @@ func (ir *Runtime) pullImageFromHeuristicSource(ctx context.Context, inputName s
 	if dockerOptions != nil {
 		sc.OSChoice = dockerOptions.OSChoice
 		sc.ArchitectureChoice = dockerOptions.ArchitectureChoice
+		sc.VariantChoice = dockerOptions.VariantChoice
 	}
 	sc.BlobInfoCacheDir = filepath.Join(ir.store.GraphRoot(), "cache")
 	srcRef, err := alltransports.ParseImageName(inputName)
@@ -260,6 +261,7 @@ func (ir *Runtime) pullImageFromReference(ctx context.Context, srcRef types.Imag
 	if dockerOptions != nil {
 		sc.OSChoice = dockerOptions.OSChoice
 		sc.ArchitectureChoice = dockerOptions.ArchitectureChoice
+		sc.VariantChoice = dockerOptions.VariantChoice
 	}
 	goal, err := ir.pullGoalFromImageReference(ctx, srcRef, transports.ImageName(srcRef), sc)
 	if err != nil {
diff --git a/libpod/kube.go b/libpod/kube.go
index 0068427a5..5f2c9e0fd 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -48,12 +48,22 @@ func (p *Pod) GenerateForKube() (*v1.Pod, []v1.ServicePort, error) {
 		return nil, servicePorts, errors.Errorf("pod %s only has an infra container", p.ID())
 	}
 
+	extraHost := make([]v1.HostAlias, 0)
 	if p.HasInfraContainer() {
 		infraContainer, err := p.getInfraContainer()
 		if err != nil {
 			return nil, servicePorts, err
 		}
-
+		for _, host := range infraContainer.config.ContainerNetworkConfig.HostAdd {
+			hostSli := strings.SplitN(host, ":", 2)
+			if len(hostSli) != 2 {
+				return nil, servicePorts, errors.New("invalid hostAdd")
+			}
+			extraHost = append(extraHost, v1.HostAlias{
+				IP:        hostSli[1],
+				Hostnames: []string{hostSli[0]},
+			})
+		}
 		ports, err = ocicniPortMappingToContainerPort(infraContainer.config.PortMappings)
 		if err != nil {
 			return nil, servicePorts, err
@@ -61,7 +71,11 @@ func (p *Pod) GenerateForKube() (*v1.Pod, []v1.ServicePort, error) {
 		servicePorts = containerPortsToServicePorts(ports)
 	}
 	pod, err := p.podWithContainers(allContainers, ports)
-	return pod, servicePorts, err
+	if err != nil {
+		return nil, servicePorts, err
+	}
+	pod.Spec.HostAliases = extraHost
+	return pod, servicePorts, nil
 }
 
 func (p *Pod) getInfraContainer() (*Container, error) {
diff --git a/libpod/lock/shm/shm_lock_test.go b/libpod/lock/shm/shm_lock_test.go
index 362821c62..cb83c7c2c 100644
--- a/libpod/lock/shm/shm_lock_test.go
+++ b/libpod/lock/shm/shm_lock_test.go
@@ -27,6 +27,8 @@ const lockPath = "/libpod_test"
 
 // We need a test main to ensure that the SHM is created before the tests run
 func TestMain(m *testing.M) {
+	// Remove prior /dev/shm/libpod_test
+	os.RemoveAll("/dev/shm" + lockPath)
 	shmLock, err := CreateSHMLock(lockPath, numLocks)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error creating SHM for tests: %v\n", err)
@@ -73,6 +75,8 @@ func runLockTest(t *testing.T, testFunc func(*testing.T, *SHMLocks)) {
 
 // Test that creating an SHM with a bad size rounds up to a good size
 func TestCreateNewSHMBadSizeRoundsUp(t *testing.T) {
+	// Remove prior /dev/shm/test1
+	os.RemoveAll("/dev/shm/test1")
 	// Odd number, not a power of 2, should never be a word size on a system
 	lock, err := CreateSHMLock("/test1", 7)
 	assert.NoError(t, err)
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 82d91c3f6..f66835771 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -120,7 +120,7 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime
 			if os.IsNotExist(err) {
 				continue
 			}
-			return nil, errors.Wrapf(err, "cannot stat %s", path)
+			return nil, errors.Wrapf(err, "cannot stat OCI runtime %s path %q", name, path)
 		}
 		if !stat.Mode().IsRegular() {
 			continue
diff --git a/libpod/reset.go b/libpod/reset.go
index cae4d3a04..f8828fed4 100644
--- a/libpod/reset.go
+++ b/libpod/reset.go
@@ -2,12 +2,14 @@ package libpod
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"path/filepath"
 
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/storage"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -103,14 +105,16 @@ func (r *Runtime) Reset(ctx context.Context) error {
 		prevError = err
 	}
 
-	if rootless.IsRootless() {
-		configPath := filepath.Join(os.Getenv("HOME"), ".config/containers")
-		if err := os.RemoveAll(configPath); err != nil {
-			if prevError != nil {
-				logrus.Error(prevError)
-			}
-			prevError = err
+	if storageConfPath, err := storage.DefaultConfigFile(rootless.IsRootless()); err == nil {
+		if _, err = os.Stat(storageConfPath); err == nil {
+			fmt.Printf("A storage.conf file exists at %s\n", storageConfPath)
+			fmt.Println("You should remove this file if you did not modified the configuration.")
 		}
+	} else {
+		if prevError != nil {
+			logrus.Error(prevError)
+		}
+		prevError = err
 	}
 
 	return prevError