5 files changed, 135 insertions, 23 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 52d3afc0a..0e877d04e 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -180,7 +180,7 @@ func (c *Container) StopWithTimeout(timeout uint) error {
 	if c.state.State == ContainerStateConfigured ||
 		c.state.State == ContainerStateUnknown ||
 		c.state.State == ContainerStatePaused {
-		return errors.Wrapf(ErrCtrStateInvalid, "can only stop created, running, or stopped containers. %s in state %s", c.ID(), c.state.State.String())
+		return errors.Wrapf(ErrCtrStateInvalid, "can only stop created, running, or stopped containers. %s is in state %s", c.ID(), c.state.State.String())
 	}
 
 	if c.state.State == ContainerStateStopped ||
@@ -203,7 +203,7 @@ func (c *Container) Kill(signal uint) error {
 	}
 
 	if c.state.State != ContainerStateRunning {
-		return errors.Wrapf(ErrCtrStateInvalid, "can only kill running containers")
+		return errors.Wrapf(ErrCtrStateInvalid, "can only kill running containers. %s is in state %s", c.ID(), c.state.State.String())
 	}
 
 	defer c.newContainerEvent(events.Kill)
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 0be5427d9..55cc5089b 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -424,7 +424,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 // It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
 func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
 	options := []string{"rw", "rprivate", "noexec", "nosuid", "nodev"}
-	for _, dest := range []string{"/run"} {
+	for _, dest := range []string{"/run", "/run/lock"} {
 		if MountExists(mounts, dest) {
 			continue
 		}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 24bb5f61c..2c50fce85 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -42,11 +42,20 @@ const (
 	SQLiteStateStore RuntimeStateStore = iota
 	// BoltDBStateStore is a state backed by a BoltDB database
 	BoltDBStateStore RuntimeStateStore = iota
+)
+
+var (
+	// InstallPrefix is the prefix where podman will be installed.
+	// It can be overridden at build time.
+	installPrefix = "/usr/local"
+	// EtcDir is the sysconfdir where podman should look for system config files.
+	// It can be overridden at build time.
+	etcDir = "/etc"
 
 	// SeccompDefaultPath defines the default seccomp path
-	SeccompDefaultPath = "/usr/share/containers/seccomp.json"
+	SeccompDefaultPath = installPrefix + "/share/containers/seccomp.json"
 	// SeccompOverridePath if this exists it overrides the default seccomp path
-	SeccompOverridePath = "/etc/crio/seccomp.json"
+	SeccompOverridePath = etcDir + "/crio/seccomp.json"
 
 	// ConfigPath is the path to the libpod configuration file
 	// This file is loaded to replace the builtin default config before
@@ -54,11 +63,11 @@ const (
 	// If it is not present, the builtin default config is used instead
 	// This path can be overridden when the runtime is created by using
 	// NewRuntimeFromConfig() instead of NewRuntime()
-	ConfigPath = "/usr/share/containers/libpod.conf"
+	ConfigPath = installPrefix + "/share/containers/libpod.conf"
 	// OverrideConfigPath is the path to an override for the default libpod
 	// configuration file. If OverrideConfigPath exists, it will be used in
 	// place of the configuration file pointed to by ConfigPath.
-	OverrideConfigPath = "/etc/containers/libpod.conf"
+	OverrideConfigPath = etcDir + "/containers/libpod.conf"
 
 	// DefaultInfraImage to use for infra container
 	DefaultInfraImage = "k8s.gcr.io/pause:3.1"
@@ -300,7 +309,7 @@ func defaultRuntimeConfig() (RuntimeConfig, error) {
 		TmpDir:                "",
 		MaxLogSize:            -1,
 		NoPivotRoot:           false,
-		CNIConfigDir:          "/etc/cni/net.d/",
+		CNIConfigDir:          etcDir + "/cni/net.d/",
 		CNIPluginDir:          []string{"/usr/libexec/cni", "/usr/lib/cni", "/usr/local/lib/cni", "/opt/cni/bin"},
 		InfraCommand:          DefaultInfraCommand,
 		InfraImage:            DefaultInfraImage,
diff --git a/libpod/runtime_cstorage.go b/libpod/runtime_cstorage.go
new file mode 100644
index 000000000..569f63322
--- /dev/null
+++ b/libpod/runtime_cstorage.go
@@ -0,0 +1,118 @@
+package libpod
+
+import (
+	"github.com/containers/storage"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+// StorageContainer represents a container present in c/storage but not in
+// libpod.
+type StorageContainer struct {
+	ID              string
+	Names           []string
+	PresentInLibpod bool
+}
+
+// ListStorageContainers lists all containers visible to c/storage.
+func (r *Runtime) ListStorageContainers() ([]*StorageContainer, error) {
+	r.lock.RLock()
+	defer r.lock.RUnlock()
+
+	finalCtrs := []*StorageContainer{}
+
+	ctrs, err := r.store.Containers()
+	if err != nil {
+		return nil, err
+	}
+
+	for _, ctr := range ctrs {
+		storageCtr := new(StorageContainer)
+		storageCtr.ID = ctr.ID
+		storageCtr.Names = ctr.Names
+
+		// Look up if container is in state
+		hasCtr, err := r.state.HasContainer(ctr.ID)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error looking up container %s in state", ctr.ID)
+		}
+
+		storageCtr.PresentInLibpod = hasCtr
+
+		finalCtrs = append(finalCtrs, storageCtr)
+	}
+
+	return finalCtrs, nil
+}
+
+// RemoveStorageContainer removes a container from c/storage.
+// The container WILL NOT be removed if it exists in libpod.
+// Accepts ID or full name of container.
+// If force is set, the container will be unmounted first to ensure removal.
+func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	targetID, err := r.store.Lookup(idOrName)
+	if err != nil {
+		if err == storage.ErrLayerUnknown {
+			return errors.Wrapf(ErrNoSuchCtr, "no container with ID or name %q found", idOrName)
+		}
+		return errors.Wrapf(err, "error looking up container %q", idOrName)
+	}
+
+	// Lookup returns an ID but it's not guaranteed to be a container ID.
+	// So we can still error here.
+	ctr, err := r.store.Container(targetID)
+	if err != nil {
+		if err == storage.ErrContainerUnknown {
+			return errors.Wrapf(ErrNoSuchCtr, "%q does not refer to a container", idOrName)
+		}
+		return errors.Wrapf(err, "error retrieving container %q", idOrName)
+	}
+
+	// Error out if the container exists in libpod
+	exists, err := r.state.HasContainer(ctr.ID)
+	if err != nil {
+		return err
+	}
+	if exists {
+		return errors.Wrapf(ErrCtrExists, "refusing to remove %q as it exists in libpod as container %s", idOrName, ctr.ID)
+	}
+
+	if !force {
+		timesMounted, err := r.store.Mounted(ctr.ID)
+		if err != nil {
+			if err == storage.ErrContainerUnknown {
+				// Container was removed from under us.
+				// It's gone, so don't bother erroring.
+				logrus.Warnf("Storage for container %s already removed", ctr.ID)
+				return nil
+			}
+			return errors.Wrapf(err, "error looking up container %q mounts", idOrName)
+		}
+		if timesMounted > 0 {
+			return errors.Wrapf(ErrCtrStateInvalid, "container %q is mounted and cannot be removed without using force", idOrName)
+		}
+	} else {
+		if _, err := r.store.Unmount(ctr.ID, true); err != nil {
+			if err == storage.ErrContainerUnknown {
+				// Container again gone, no error
+				logrus.Warnf("Storage for container %s already removed", ctr.ID)
+				return nil
+			}
+			return errors.Wrapf(err, "error unmounting container %q", idOrName)
+		}
+	}
+
+	if err := r.store.DeleteContainer(ctr.ID); err != nil {
+		if err == storage.ErrContainerUnknown {
+			// Container again gone, no error
+			logrus.Warnf("Storage for container %s already removed", ctr.ID)
+			return nil
+		}
+		return errors.Wrapf(err, "error removing storage for container %q", idOrName)
+	}
+
+	return nil
+}
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index cf1f5701d..0871b83a7 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -9,9 +9,7 @@ import (
 	"time"
 
 	"github.com/containers/libpod/libpod/events"
-	"github.com/containers/libpod/libpod/image"
 	"github.com/containers/libpod/pkg/rootless"
-	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/stringid"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
@@ -614,16 +612,3 @@ func (r *Runtime) GetLatestContainer() (*Container, error) {
 	}
 	return ctrs[lastCreatedIndex], nil
 }
-
-// RemoveContainersFromStorage attempt to remove containers from storage that do not exist in libpod database
-func (r *Runtime) RemoveContainersFromStorage(ctrs []string) {
-	for _, i := range ctrs {
-		// if the container does not exist in database, attempt to remove it from storage
-		if _, err := r.LookupContainer(i); err != nil && errors.Cause(err) == image.ErrNoSuchCtr {
-			r.storageService.UnmountContainerImage(i, true)
-			if err := r.storageService.DeleteContainer(i); err != nil && errors.Cause(err) != storage.ErrContainerUnknown {
-				logrus.Errorf("Failed to remove container %q from storage: %s", i, err)
-			}
-		}
-	}
-}