9 files changed, 85 insertions, 61 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index b81f3f716..56575c195 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -22,9 +22,9 @@ import (
 	cnitypes "github.com/containernetworking/cni/pkg/types/current"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containers/buildah/pkg/overlay"
-	"github.com/containers/buildah/pkg/secrets"
 	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/common/pkg/subscriptions"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/libpod/events"
 	"github.com/containers/podman/v2/pkg/annotations"
@@ -1435,7 +1435,7 @@ func (c *Container) makeBindMounts() error {
 	}
 
 	// Add Secret Mounts
-	secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.Mountpoint, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
+	secretMounts := subscriptions.MountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.Mountpoint, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
 	for _, mount := range secretMounts {
 		if _, ok := c.state.BindMounts[mount.Destination]; !ok {
 			c.state.BindMounts[mount.Destination] = mount.Source
diff --git a/libpod/container_top_linux.go b/libpod/container_top_linux.go
index d6d4c6084..161367d75 100644
--- a/libpod/container_top_linux.go
+++ b/libpod/container_top_linux.go
@@ -80,8 +80,8 @@ func (c *Container) Top(descriptors []string) ([]string, error) {
 func (c *Container) GetContainerPidInformation(descriptors []string) ([]string, error) {
 	pid := strconv.Itoa(c.state.PID)
 	// TODO: psgo returns a [][]string to give users the ability to apply
-	//       filters on the data.  We need to change the API here and the
-	//       varlink API to return a [][]string if we want to make use of
+	//       filters on the data.  We need to change the API here
+	//       to return a [][]string if we want to make use of
 	//       filtering.
 	opts := psgo.JoinNamespaceOpts{FillMappings: rootless.IsRootless()}
 
diff --git a/libpod/events/config.go b/libpod/events/config.go
index af09a65ae..fc1457289 100644
--- a/libpod/events/config.go
+++ b/libpod/events/config.go
@@ -95,10 +95,6 @@ type Type string
 type Status string
 
 const (
-	// If you add or subtract any values to the following lists, make sure you also update
-	// the switch statements below and the enums for EventType or EventStatus in the
-	// varlink description file.
-
 	// Container - event is related to containers
 	Container Type = "container"
 	// Image - event is related to images
diff --git a/libpod/network/files.go b/libpod/network/files.go
index 34cc5fa73..83cb1c23a 100644
--- a/libpod/network/files.go
+++ b/libpod/network/files.go
@@ -15,6 +15,9 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
+// ErrNoSuchNetworkInterface indicates that no network interface exists
+var ErrNoSuchNetworkInterface = errors.New("unable to find interface name for network")
+
 // GetCNIConfDir get CNI configuration directory
 func GetCNIConfDir(configArg *config.Config) string {
 	if len(configArg.Network.NetworkConfigDir) < 1 {
@@ -172,7 +175,7 @@ func GetInterfaceNameFromConfig(path string) (string, error) {
 		}
 	}
 	if len(name) == 0 {
-		return "", errors.New("unable to find interface name for network")
+		return "", ErrNoSuchNetworkInterface
 	}
 	return name, nil
 }
diff --git a/libpod/network/network.go b/libpod/network/network.go
index 7327a1a7d..0febb52f6 100644
--- a/libpod/network/network.go
+++ b/libpod/network/network.go
@@ -10,6 +10,7 @@ import (
 	"github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v2/libpod/define"
+	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/podman/v2/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -181,21 +182,26 @@ func RemoveNetwork(config *config.Config, name string) error {
 	// Before we delete the configuration file, we need to make sure we can read and parse
 	// it to get the network interface name so we can remove that too
 	interfaceName, err := GetInterfaceNameFromConfig(cniPath)
-	if err != nil {
-		return errors.Wrapf(err, "failed to find network interface name in %q", cniPath)
-	}
-	liveNetworkNames, err := GetLiveNetworkNames()
-	if err != nil {
-		return errors.Wrapf(err, "failed to get live network names")
-	}
-	if util.StringInSlice(interfaceName, liveNetworkNames) {
-		if err := RemoveInterface(interfaceName); err != nil {
-			return errors.Wrapf(err, "failed to delete the network interface %q", interfaceName)
+	if err == nil {
+		// Don't try to remove the network interface if we are not root
+		if !rootless.IsRootless() {
+			liveNetworkNames, err := GetLiveNetworkNames()
+			if err != nil {
+				return errors.Wrapf(err, "failed to get live network names")
+			}
+			if util.StringInSlice(interfaceName, liveNetworkNames) {
+				if err := RemoveInterface(interfaceName); err != nil {
+					return errors.Wrapf(err, "failed to delete the network interface %q", interfaceName)
+				}
+			}
 		}
+	} else if err != ErrNoSuchNetworkInterface {
+		// Don't error if we couldn't find the network interface name
+		return err
 	}
 	// Remove the configuration file
 	if err := os.Remove(cniPath); err != nil {
-		return errors.Wrapf(err, "failed to remove network configuration file %q", cniPath)
+		return errors.Wrap(err, "failed to remove network configuration")
 	}
 	return nil
 }
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 4e7ffaf81..15e470c80 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -1047,21 +1047,25 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro
 		return err
 	}
 
+	if err := c.runtime.state.NetworkDisconnect(c, netName); err != nil {
+		return err
+	}
+
+	c.newNetworkEvent(events.NetworkDisconnect, netName)
 	if c.state.State != define.ContainerStateRunning {
-		return errors.Wrapf(define.ErrCtrStateInvalid, "cannot disconnect container %s from networks as it is not running", nameOrID)
+		return nil
 	}
+
 	if c.state.NetNS == nil {
 		return errors.Wrapf(define.ErrNoNetwork, "unable to disconnect %s from %s", nameOrID, netName)
 	}
+
 	podConfig := c.runtime.getPodNetwork(c.ID(), c.Name(), c.state.NetNS.Path(), []string{netName}, c.config.PortMappings, nil, nil, c.state.NetInterfaceDescriptions)
 	if err := c.runtime.netPlugin.TearDownPod(podConfig); err != nil {
 		return err
 	}
-	if err := c.runtime.state.NetworkDisconnect(c, netName); err != nil {
-		return err
-	}
 
-	// update network status
+	// update network status if container is not running
 	networkStatus := c.state.NetworkStatus
 	// clip out the index of the network
 	tmpNetworkStatus := make([]*cnitypes.Result, len(networkStatus)-1)
@@ -1071,7 +1075,6 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro
 		}
 	}
 	c.state.NetworkStatus = tmpNetworkStatus
-	c.newNetworkEvent(events.NetworkDisconnect, netName)
 	return c.save()
 }
 
@@ -1096,15 +1099,16 @@ func (c *Container) NetworkConnect(nameOrID, netName string, aliases []string) e
 		return err
 	}
 
+	if err := c.runtime.state.NetworkConnect(c, netName, aliases); err != nil {
+		return err
+	}
+	c.newNetworkEvent(events.NetworkConnect, netName)
 	if c.state.State != define.ContainerStateRunning {
-		return errors.Wrapf(define.ErrCtrStateInvalid, "cannot connect container %s to networks as it is not running", nameOrID)
+		return nil
 	}
 	if c.state.NetNS == nil {
 		return errors.Wrapf(define.ErrNoNetwork, "unable to connect %s to %s", nameOrID, netName)
 	}
-	if err := c.runtime.state.NetworkConnect(c, netName, aliases); err != nil {
-		return err
-	}
 
 	ctrNetworks, _, err := c.networks()
 	if err != nil {
@@ -1159,7 +1163,6 @@ func (c *Container) NetworkConnect(nameOrID, netName string, aliases []string) e
 		networkStatus[index] = networkResults[0]
 		c.state.NetworkStatus = networkStatus
 	}
-	c.newNetworkEvent(events.NetworkConnect, netName)
 	return c.save()
 }
 
diff --git a/libpod/pod_top_linux.go b/libpod/pod_top_linux.go
index 15ba02389..0e42c62df 100644
--- a/libpod/pod_top_linux.go
+++ b/libpod/pod_top_linux.go
@@ -53,9 +53,8 @@ func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error) {
 	}
 
 	// TODO: psgo returns a [][]string to give users the ability to apply
-	//       filters on the data.  We need to change the API here and the
-	//       varlink API to return a [][]string if we want to make use of
-	//       filtering.
+	//       filters on the data.  We need to change the API here to return
+	//       a [][]string if we want to make use of filtering.
 	opts := psgo.JoinNamespaceOpts{FillMappings: rootless.IsRootless()}
 	output, err := psgo.JoinNamespaceAndProcessInfoByPidsWithOptions(pids, psgoDescriptors, &opts)
 	if err != nil {
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 792492db6..df3dfae2b 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -162,6 +162,10 @@ func newRuntimeFromConfig(ctx context.Context, conf *config.Config, options ...R
 
 	runtime.config = conf
 
+	if err := SetXdgDirs(); err != nil {
+		return nil, err
+	}
+
 	storeOpts, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID())
 	if err != nil {
 		return nil, err
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index 76419587a..3e4185db1 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -34,40 +34,56 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 	// Set Pod hostname
 	g.Config.Hostname = p.config.Hostname
 
+	var options []CtrCreateOption
+
+	// Command: If user-specified, use that preferentially.
+	// If not set and the config file is set, fall back to that.
+	var infraCtrCommand []string
+	if p.config.InfraContainer.InfraCommand != nil {
+		logrus.Debugf("User-specified infra container entrypoint %v", p.config.InfraContainer.InfraCommand)
+		infraCtrCommand = p.config.InfraContainer.InfraCommand
+	} else if r.config.Engine.InfraCommand != "" {
+		logrus.Debugf("Config-specified infra container entrypoint %s", r.config.Engine.InfraCommand)
+		infraCtrCommand = []string{r.config.Engine.InfraCommand}
+	}
+	// Only if set by the user or containers.conf, we set entrypoint for the
+	// infra container.
+	// This is only used by commit, so it shouldn't matter... But someone
+	// may eventually want to commit an infra container?
+	// TODO: Should we actually do this if set by containers.conf?
+	if infraCtrCommand != nil {
+		// Need to duplicate the array - we are going to add Cmd later
+		// so the current array will be changed.
+		newArr := make([]string, 0, len(infraCtrCommand))
+		newArr = append(newArr, infraCtrCommand...)
+		options = append(options, WithEntrypoint(newArr))
+	}
+
 	isRootless := rootless.IsRootless()
 
-	entrypointSet := len(p.config.InfraContainer.InfraCommand) > 0
-	entryPoint := p.config.InfraContainer.InfraCommand
-	entryCmd := []string{}
-	var options []CtrCreateOption
 	// I've seen circumstances where config is being passed as nil.
 	// Let's err on the side of safety and make sure it's safe to use.
 	if config != nil {
-		// default to entrypoint in image if there is one
-		if !entrypointSet {
-			if len(config.Entrypoint) > 0 {
-				entrypointSet = true
-				entryPoint = config.Entrypoint
-				entryCmd = config.Entrypoint
+		if infraCtrCommand == nil {
+			// If we have no entrypoint and command from the image,
+			// we can't go on - the infra container has no command.
+			if len(config.Entrypoint) == 0 && len(config.Cmd) == 0 {
+				return nil, errors.Errorf("infra container has no command")
 			}
-		} else { // so use the InfraCommand
-			entrypointSet = true
-			entryCmd = entryPoint
-		}
-
-		if len(config.Cmd) > 0 {
-			// We can't use the default pause command, since we're
-			// sourcing from the image. If we didn't already set an
-			// entrypoint, set one now.
-			if !entrypointSet {
+			if len(config.Entrypoint) > 0 {
+				infraCtrCommand = config.Entrypoint
+			} else {
 				// Use the Docker default "/bin/sh -c"
 				// entrypoint, as we're overriding command.
 				// If an image doesn't want this, it can
 				// override entrypoint too.
-				entryCmd = []string{"/bin/sh", "-c"}
+				infraCtrCommand = []string{"/bin/sh", "-c"}
 			}
-			entryCmd = append(entryCmd, config.Cmd...)
 		}
+		if len(config.Cmd) > 0 {
+			infraCtrCommand = append(infraCtrCommand, config.Cmd...)
+		}
+
 		if len(config.Env) > 0 {
 			for _, nameValPair := range config.Env {
 				nameValSlice := strings.Split(nameValPair, "=")
@@ -127,9 +143,9 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 	}
 
 	g.SetRootReadonly(true)
-	g.SetProcessArgs(entryCmd)
+	g.SetProcessArgs(infraCtrCommand)
 
-	logrus.Debugf("Using %q as infra container entrypoint", entryCmd)
+	logrus.Debugf("Using %q as infra container command", infraCtrCommand)
 
 	g.RemoveMount("/dev/shm")
 	if isRootless {
@@ -148,9 +164,6 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm
 	options = append(options, WithRootFSFromImage(imgID, imgName, rawImageName))
 	options = append(options, WithName(containerName))
 	options = append(options, withIsInfra())
-	if entrypointSet {
-		options = append(options, WithEntrypoint(entryPoint))
-	}
 	if len(p.config.InfraContainer.ConmonPidFile) > 0 {
 		options = append(options, WithConmonPidFile(p.config.InfraContainer.ConmonPidFile))
 	}