7 files changed, 45 insertions, 59 deletions
diff --git a/libpod/image/image_test.go b/libpod/image/image_test.go
index 3e6e7b9db..d95a22f76 100644
--- a/libpod/image/image_test.go
+++ b/libpod/image/image_test.go
@@ -13,6 +13,7 @@ import (
 	"github.com/containers/storage/pkg/reexec"
 	"github.com/opencontainers/go-digest"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 var (
@@ -93,6 +94,8 @@ func TestImage_NewFromLocal(t *testing.T) {
 	// Need images to be present for this test
 	ir, err := NewImageRuntimeFromOptions(so)
 	assert.NoError(t, err)
+	defer cleanup(workdir, ir)
+
 	ir.Eventer = events.NewNullEventer()
 	bb, err := ir.New(context.Background(), "docker.io/library/busybox:latest", "", "", writer, nil, SigningOptions{}, nil, util.PullImageMissing, nil)
 	assert.NoError(t, err)
@@ -106,13 +109,10 @@ func TestImage_NewFromLocal(t *testing.T) {
 		assert.NoError(t, err)
 		for _, name := range image.names {
 			newImage, err := ir.NewFromLocal(name)
-			assert.NoError(t, err)
+			require.NoError(t, err)
 			assert.Equal(t, newImage.ID(), image.img.ID())
 		}
 	}
-
-	// Shutdown the runtime and remove the temporary storage
-	cleanup(workdir, ir)
 }
 
 // TestImage_New tests pulling the image by various names, tags, and from
@@ -125,30 +125,31 @@ func TestImage_New(t *testing.T) {
 	var names []string
 	workdir, err := mkWorkDir()
 	assert.NoError(t, err)
-
 	so := storage.StoreOptions{
 		RunRoot:   workdir,
 		GraphRoot: workdir,
 	}
 	ir, err := NewImageRuntimeFromOptions(so)
 	assert.NoError(t, err)
+	defer cleanup(workdir, ir)
+
 	ir.Eventer = events.NewNullEventer()
 	// Build the list of pull names
 	names = append(names, bbNames...)
 	writer := os.Stdout
 
+	opts := DockerRegistryOptions{
+		RegistriesConfPath: "testdata/registries.conf",
+	}
 	// Iterate over the names and delete the image
 	// after the pull
 	for _, img := range names {
-		newImage, err := ir.New(context.Background(), img, "", "", writer, nil, SigningOptions{}, nil, util.PullImageMissing, nil)
-		assert.NoError(t, err)
+		newImage, err := ir.New(context.Background(), img, "", "", writer, &opts, SigningOptions{}, nil, util.PullImageMissing, nil)
+		require.NoError(t, err, img)
 		assert.NotEqual(t, newImage.ID(), "")
 		err = newImage.Remove(context.Background(), false)
 		assert.NoError(t, err)
 	}
-
-	// Shutdown the runtime and remove the temporary storage
-	cleanup(workdir, ir)
 }
 
 // TestImage_MatchRepoTag tests the various inputs we need to match
@@ -161,20 +162,24 @@ func TestImage_MatchRepoTag(t *testing.T) {
 	//Set up
 	workdir, err := mkWorkDir()
 	assert.NoError(t, err)
-
 	so := storage.StoreOptions{
 		RunRoot:   workdir,
 		GraphRoot: workdir,
 	}
 	ir, err := NewImageRuntimeFromOptions(so)
-	assert.NoError(t, err)
+	require.NoError(t, err)
+	defer cleanup(workdir, ir)
+
+	opts := DockerRegistryOptions{
+		RegistriesConfPath: "testdata/registries.conf",
+	}
 	ir.Eventer = events.NewNullEventer()
-	newImage, err := ir.New(context.Background(), "busybox", "", "", os.Stdout, nil, SigningOptions{}, nil, util.PullImageMissing, nil)
-	assert.NoError(t, err)
+	newImage, err := ir.New(context.Background(), "busybox", "", "", os.Stdout, &opts, SigningOptions{}, nil, util.PullImageMissing, nil)
+	require.NoError(t, err)
 	err = newImage.TagImage("foo:latest")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	err = newImage.TagImage("foo:bar")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 
 	// Tests start here.
 	for _, name := range bbNames {
@@ -187,23 +192,19 @@ func TestImage_MatchRepoTag(t *testing.T) {
 
 	// foo should resolve to foo:latest
 	repoTag, err := newImage.MatchRepoTag("foo")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, "localhost/foo:latest", repoTag)
 
 	// foo:bar should resolve to foo:bar
 	repoTag, err = newImage.MatchRepoTag("foo:bar")
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	assert.Equal(t, "localhost/foo:bar", repoTag)
-	// Shutdown the runtime and remove the temporary storage
-	cleanup(workdir, ir)
 }
 
 // TestImage_RepoDigests tests RepoDigest generation.
 func TestImage_RepoDigests(t *testing.T) {
 	dgst, err := digest.Parse("sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc")
-	if err != nil {
-		t.Fatal(err)
-	}
+	require.NoError(t, err)
 
 	for _, tt := range []struct {
 		name     string
@@ -235,10 +236,7 @@ func TestImage_RepoDigests(t *testing.T) {
 				},
 			}
 			actual, err := image.RepoDigests()
-			if err != nil {
-				t.Fatal(err)
-			}
-
+			require.NoError(t, err)
 			assert.Equal(t, test.expected, actual)
 
 			image = &Image{
@@ -248,10 +246,7 @@ func TestImage_RepoDigests(t *testing.T) {
 				},
 			}
 			actual, err = image.RepoDigests()
-			if err != nil {
-				t.Fatal(err)
-			}
-
+			require.NoError(t, err)
 			assert.Equal(t, test.expected, actual)
 		})
 	}
diff --git a/libpod/image/pull.go b/libpod/image/pull.go
index 58160b52f..6517fbd07 100644
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@@ -245,6 +245,7 @@ func (ir *Runtime) pullImageFromHeuristicSource(ctx context.Context, inputName s
 		sc.OSChoice = dockerOptions.OSChoice
 		sc.ArchitectureChoice = dockerOptions.ArchitectureChoice
 		sc.VariantChoice = dockerOptions.VariantChoice
+		sc.SystemRegistriesConfPath = dockerOptions.RegistriesConfPath
 	}
 	if signaturePolicyPath == "" {
 		sc.SignaturePolicyPath = ir.SignaturePolicyPath
@@ -306,7 +307,12 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
 		}
 	}()
 
-	systemRegistriesConfPath := registries.SystemRegistriesConfPath()
+	var systemRegistriesConfPath string
+	if dockerOptions != nil && dockerOptions.RegistriesConfPath != "" {
+		systemRegistriesConfPath = dockerOptions.RegistriesConfPath
+	} else {
+		systemRegistriesConfPath = registries.SystemRegistriesConfPath()
+	}
 
 	var (
 		images     []string
diff --git a/libpod/image/testdata/registries.conf b/libpod/image/testdata/registries.conf
new file mode 100644
index 000000000..16622a1ac
--- /dev/null
+++ b/libpod/image/testdata/registries.conf
@@ -0,0 +1,4 @@
+short-name-mode="enforcing"
+
+[aliases]
+"busybox"="docker.io/library/busybox"
diff --git a/libpod/options.go b/libpod/options.go
index 85862cc17..24e9d74f4 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1577,8 +1577,6 @@ func WithVolumeLabels(labels map[string]string) VolumeCreateOption {
 }
 
 // WithVolumeOptions sets the options of the volume.
-// If the "local" driver has been selected, options will be validated. There are
-// currently 3 valid options for the "local" driver - o, type, and device.
 func WithVolumeOptions(options map[string]string) VolumeCreateOption {
 	return func(volume *Volume) error {
 		if volume.valid {
@@ -1587,13 +1585,6 @@ func WithVolumeOptions(options map[string]string) VolumeCreateOption {
 
 		volume.config.Options = make(map[string]string)
 		for key, value := range options {
-			switch key {
-			case "type", "device", "o", "UID", "GID":
-				volume.config.Options[key] = value
-			default:
-				return errors.Wrapf(define.ErrInvalidArg, "unrecognized volume option %q is not supported with local driver", key)
-			}
-
 			volume.config.Options[key] = value
 		}
 
@@ -1627,19 +1618,6 @@ func WithVolumeGID(gid int) VolumeCreateOption {
 	}
 }
 
-// WithVolumeNeedsChown sets the NeedsChown flag for the volume.
-func WithVolumeNeedsChown() VolumeCreateOption {
-	return func(volume *Volume) error {
-		if volume.valid {
-			return define.ErrVolumeFinalized
-		}
-
-		volume.state.NeedsChown = true
-
-		return nil
-	}
-}
-
 // withSetAnon sets a bool notifying libpod that this volume is anonymous and
 // should be removed when containers using it are removed and volumes are
 // specified for removal.
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 19690d79b..537618b65 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -392,7 +392,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 		logrus.Debugf("Creating new volume %s for container", vol.Name)
 
 		// The volume does not exist, so we need to create it.
-		volOptions := []VolumeCreateOption{WithVolumeName(vol.Name), WithVolumeUID(ctr.RootUID()), WithVolumeGID(ctr.RootGID()), WithVolumeNeedsChown()}
+		volOptions := []VolumeCreateOption{WithVolumeName(vol.Name), WithVolumeUID(ctr.RootUID()), WithVolumeGID(ctr.RootGID())}
 		if isAnonymous {
 			volOptions = append(volOptions, withSetAnon())
 		}
diff --git a/libpod/volume_internal.go b/libpod/volume_internal.go
index c1dbe00fd..694cdd149 100644
--- a/libpod/volume_internal.go
+++ b/libpod/volume_internal.go
@@ -17,6 +17,7 @@ func newVolume(runtime *Runtime) *Volume {
 	volume.config.Labels = make(map[string]string)
 	volume.config.Options = make(map[string]string)
 	volume.state.NeedsCopyUp = true
+	volume.state.NeedsChown = true
 	return volume
 }
 
diff --git a/libpod/volume_internal_linux.go b/libpod/volume_internal_linux.go
index 67ac41874..92391de1d 100644
--- a/libpod/volume_internal_linux.go
+++ b/libpod/volume_internal_linux.go
@@ -32,8 +32,10 @@ func (v *Volume) mount() error {
 		return nil
 	}
 
-	// We cannot mount volumes as rootless.
-	if rootless.IsRootless() {
+	// We cannot mount 'local' volumes as rootless.
+	if !v.UsesVolumeDriver() && rootless.IsRootless() {
+		// This check should only be applied to 'local' driver
+		// so Volume Drivers must be excluded
 		return errors.Wrapf(define.ErrRootless, "cannot mount volumes without root privileges")
 	}
 
@@ -137,8 +139,8 @@ func (v *Volume) unmount(force bool) error {
 		return nil
 	}
 
-	// We cannot unmount volumes as rootless.
-	if rootless.IsRootless() {
+	// We cannot unmount 'local' volumes as rootless.
+	if !v.UsesVolumeDriver() && rootless.IsRootless() {
 		// If force is set, just clear the counter and bail without
 		// error, so we can remove volumes from the state if they are in
 		// an awkward configuration.