4 files changed, 74 insertions, 5 deletions
diff --git a/libpod/define/info.go b/libpod/define/info.go
index f0e05801c..00146da48 100644
--- a/libpod/define/info.go
+++ b/libpod/define/info.go
@@ -12,6 +12,15 @@ type Info struct {
 }
 
 //HostInfo describes the libpod host
+type SecurityInfo struct {
+	AppArmorEnabled     bool   `json:"apparmorEnabled"`
+	DefaultCapabilities string `json:"capabilities"`
+	Rootless            bool   `json:"rootless"`
+	SECCOMPEnabled      bool   `json:"seccompEnabled"`
+	SELinuxEnabled      bool   `json:"selinuxEnabled"`
+}
+
+//HostInfo describes the libpod host
 type HostInfo struct {
 	Arch           string                 `json:"arch"`
 	BuildahVersion string                 `json:"buildahVersion"`
@@ -29,8 +38,8 @@ type HostInfo struct {
 	OCIRuntime     *OCIRuntimeInfo        `json:"ociRuntime"`
 	OS             string                 `json:"os"`
 	RemoteSocket   *RemoteSocket          `json:"remoteSocket,omitempty"`
-	Rootless       bool                   `json:"rootless"`
 	RuntimeInfo    map[string]interface{} `json:"runtimeInfo,omitempty"`
+	Security       SecurityInfo           `json:"security"`
 	Slirp4NetNS    SlirpInfo              `json:"slirp4netns,omitempty"`
 	SwapFree       int64                  `json:"swapFree"`
 	SwapTotal      int64                  `json:"swapTotal"`
diff --git a/libpod/filters/containers.go b/libpod/filters/containers.go
index 2520c4f30..505429de6 100644
--- a/libpod/filters/containers.go
+++ b/libpod/filters/containers.go
@@ -203,6 +203,37 @@ func GenerateContainerFilterFuncs(filter string, filterValues []string, r *libpo
 			}
 			return false
 		}, nil
+	case "pod":
+		var pods []*libpod.Pod
+		for _, podNameOrID := range filterValues {
+			p, err := r.LookupPod(podNameOrID)
+			if err != nil {
+				if errors.Cause(err) == define.ErrNoSuchPod {
+					continue
+				}
+				return nil, err
+			}
+			pods = append(pods, p)
+		}
+		return func(c *libpod.Container) bool {
+			// if no pods match, quick out
+			if len(pods) < 1 {
+				return false
+			}
+			// if the container has no pod id, quick out
+			if len(c.PodID()) < 1 {
+				return false
+			}
+			for _, p := range pods {
+				// we already looked up by name or id, so id match
+				// here is ok
+				if p.ID() == c.PodID() {
+					return true
+				}
+			}
+			return false
+		}, nil
+
 	}
 	return nil, errors.Errorf("%s is an invalid filter", filter)
 }
diff --git a/libpod/filters/helpers.go b/libpod/filters/helpers.go
new file mode 100644
index 000000000..859db3a9a
--- /dev/null
+++ b/libpod/filters/helpers.go
@@ -0,0 +1,20 @@
+package lpfilters
+
+import (
+	"net/url"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+func ParseFilterArgumentsIntoFilters(filters []string) (url.Values, error) {
+	parsedFilters := make(url.Values)
+	for _, f := range filters {
+		t := strings.SplitN(f, "=", 2)
+		if len(t) < 2 {
+			return parsedFilters, errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f)
+		}
+		parsedFilters.Add(t[0], t[1])
+	}
+	return parsedFilters, nil
+}
diff --git a/libpod/info.go b/libpod/info.go
index 2f64a107e..1b3550abd 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -13,6 +13,8 @@ import (
 	"time"
 
 	"github.com/containers/buildah"
+	"github.com/containers/common/pkg/apparmor"
+	"github.com/containers/common/pkg/seccomp"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/libpod/linkmode"
 	"github.com/containers/podman/v2/pkg/cgroups"
@@ -20,6 +22,7 @@ import (
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/system"
+	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -98,10 +101,16 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) {
 		MemFree:        mi.MemFree,
 		MemTotal:       mi.MemTotal,
 		OS:             runtime.GOOS,
-		Rootless:       rootless.IsRootless(),
-		Slirp4NetNS:    define.SlirpInfo{},
-		SwapFree:       mi.SwapFree,
-		SwapTotal:      mi.SwapTotal,
+		Security: define.SecurityInfo{
+			AppArmorEnabled:     apparmor.IsEnabled(),
+			DefaultCapabilities: strings.Join(r.config.Containers.DefaultCapabilities, ","),
+			Rootless:            rootless.IsRootless(),
+			SECCOMPEnabled:      seccomp.IsEnabled(),
+			SELinuxEnabled:      selinux.GetEnabled(),
+		},
+		Slirp4NetNS: define.SlirpInfo{},
+		SwapFree:    mi.SwapFree,
+		SwapTotal:   mi.SwapTotal,
 	}
 
 	// CGroups version