11 files changed, 154 insertions, 43 deletions

diff --git a/libpod/container_api.go b/libpod/container_api.go
index aef37dd59..a9808a30e 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -249,7 +249,7 @@ func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <-
 	// attaching, and I really do not want to do that right now.
 	// Send a SIGWINCH after attach succeeds so that most programs will
 	// redraw the screen for the new attach session.
-	attachRdy := make(chan bool)
+	attachRdy := make(chan bool, 1)
 	if c.config.Spec.Process != nil && c.config.Spec.Process.Terminal {
 		go func() {
 			<-attachRdy
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index eff390e46..a1b4334fb 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1412,7 +1412,8 @@ func (c *Container) generateResolvConf() (string, error) {
 
 	// Determine the endpoint for resolv.conf in case it is a symlink
 	resolvPath, err := filepath.EvalSymlinks(resolvConf)
-	if err != nil {
+	// resolv.conf doesn't have to exists
+	if err != nil && !os.IsNotExist(err) {
 		return "", err
 	}
 
@@ -1422,7 +1423,8 @@ func (c *Container) generateResolvConf() (string, error) {
 	}
 
 	contents, err := ioutil.ReadFile(resolvPath)
-	if err != nil {
+	// resolv.conf doesn't have to exists
+	if err != nil && !os.IsNotExist(err) {
 		return "", errors.Wrapf(err, "unable to read %s", resolvPath)
 	}
 
@@ -1541,11 +1543,38 @@ func (c *Container) getHosts() string {
 		}
 	}
 
-	if c.config.NetMode.IsSlirp4netns() {
-		// When using slirp4netns, the interface gets a static IP
-		hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", "10.0.2.100", c.Hostname(), c.Config().Name)
-	}
 	hosts += c.cniHosts()
+
+	// If not making a network namespace, add our own hostname.
+	if c.Hostname() != "" {
+		if c.config.NetMode.IsSlirp4netns() {
+			// When using slirp4netns, the interface gets a static IP
+			hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", "10.0.2.100", c.Hostname(), c.config.Name)
+		} else {
+			hasNetNS := false
+			netNone := false
+			for _, ns := range c.config.Spec.Linux.Namespaces {
+				if ns.Type == spec.NetworkNamespace {
+					hasNetNS = true
+					if ns.Path == "" && !c.config.CreateNetNS {
+						netNone = true
+					}
+					break
+				}
+			}
+			if !hasNetNS {
+				// 127.0.1.1 and host's hostname to match Docker
+				osHostname, err := os.Hostname()
+				if err != nil {
+					osHostname = c.Hostname()
+				}
+				hosts += fmt.Sprintf("127.0.1.1 %s\n", osHostname)
+			}
+			if netNone {
+				hosts += fmt.Sprintf("127.0.1.1 %s\n", c.Hostname())
+			}
+		}
+	}
 	return hosts
 }
 
diff --git a/libpod/events.go b/libpod/events.go
index b519fe324..95317eb01 100644
--- a/libpod/events.go
+++ b/libpod/events.go
@@ -26,6 +26,12 @@ func (c *Container) newContainerEvent(status events.Status) {
 	e.Name = c.Name()
 	e.Image = c.config.RootfsImageName
 	e.Type = events.Container
+
+	e.Details = events.Details{
+		ID:         e.ID,
+		Attributes: c.Labels(),
+	}
+
 	if err := c.runtime.eventer.Write(e); err != nil {
 		logrus.Errorf("unable to write pod event: %q", err)
 	}
diff --git a/libpod/events/config.go b/libpod/events/config.go
index bb35c03c0..2ec3111fe 100644
--- a/libpod/events/config.go
+++ b/libpod/events/config.go
@@ -36,6 +36,18 @@ type Event struct {
 	Time time.Time
 	// Type of event that occurred
 	Type Type
+
+	Details
+}
+
+// Details describes specifics about certain events, specifically around
+// container events
+type Details struct {
+	// ID is the event ID
+	ID string
+	// Attributes can be used to describe specifics about the event
+	// in the case of a container event, labels for example
+	Attributes map[string]string
 }
 
 // EventerOptions describe options that need to be passed to create
diff --git a/libpod/events/events.go b/libpod/events/events.go
index 722c9595e..42939d64c 100644
--- a/libpod/events/events.go
+++ b/libpod/events/events.go
@@ -69,7 +69,14 @@ func (e *Event) ToHumanReadable() string {
 	var humanFormat string
 	switch e.Type {
 	case Container, Pod:
-		humanFormat = fmt.Sprintf("%s %s %s %s (image=%s, name=%s)", e.Time, e.Type, e.Status, e.ID, e.Image, e.Name)
+		humanFormat = fmt.Sprintf("%s %s %s %s (image=%s, name=%s", e.Time, e.Type, e.Status, e.ID, e.Image, e.Name)
+		// check if the container has labels and add it to the output
+		if len(e.Attributes) > 0 {
+			for k, v := range e.Attributes {
+				humanFormat += fmt.Sprintf(", %s=%s", k, v)
+			}
+		}
+		humanFormat += ")"
 	case Image:
 		humanFormat = fmt.Sprintf("%s %s %s %s %s", e.Time, e.Type, e.Status, e.ID, e.Name)
 	case System:
diff --git a/libpod/events/filters.go b/libpod/events/filters.go
index c50474007..62891d32c 100644
--- a/libpod/events/filters.go
+++ b/libpod/events/filters.go
@@ -55,6 +55,24 @@ func generateEventFilter(filter, filterValue string) (func(e *Event) bool, error
 		return func(e *Event) bool {
 			return string(e.Type) == filterValue
 		}, nil
+
+	case "LABEL":
+		return func(e *Event) bool {
+			var found bool
+			// iterate labels and see if we match a key and value
+			for eventKey, eventValue := range e.Attributes {
+				filterValueSplit := strings.SplitN(filterValue, "=", 2)
+				// if the filter isn't right, just return false
+				if len(filterValueSplit) < 2 {
+					return false
+				}
+				if eventKey == filterValueSplit[0] && eventValue == filterValueSplit[1] {
+					found = true
+					break
+				}
+			}
+			return found
+		}, nil
 	}
 	return nil, errors.Errorf("%s is an invalid filter", filter)
 }
@@ -73,7 +91,7 @@ func generateEventUntilOption(timeUntil time.Time) func(e *Event) bool {
 }
 
 func parseFilter(filter string) (string, string, error) {
-	filterSplit := strings.Split(filter, "=")
+	filterSplit := strings.SplitN(filter, "=", 2)
 	if len(filterSplit) != 2 {
 		return "", "", errors.Errorf("%s is an invalid filter", filter)
 	}
diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go
index dc55dbc77..5e3be8009 100644
--- a/libpod/events/journal_linux.go
+++ b/libpod/events/journal_linux.go
@@ -4,6 +4,7 @@ package events
 
 import (
 	"context"
+	"encoding/json"
 	"strconv"
 	"time"
 
@@ -46,6 +47,15 @@ func (e EventJournalD) Write(ee Event) error {
 		if ee.ContainerExitCode != 0 {
 			m["PODMAN_EXIT_CODE"] = strconv.Itoa(ee.ContainerExitCode)
 		}
+		// If we have container labels, we need to convert them to a string so they
+		// can be recorded with the event
+		if len(ee.Details.Attributes) > 0 {
+			b, err := json.Marshal(ee.Details.Attributes)
+			if err != nil {
+				return err
+			}
+			m["PODMAN_LABELS"] = string(b)
+		}
 	case Volume:
 		m["PODMAN_NAME"] = ee.Name
 	}
@@ -59,35 +69,39 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error {
 	if err != nil {
 		return errors.Wrapf(err, "failed to generate event options")
 	}
-	j, err := sdjournal.NewJournal() //nolint
+	j, err := sdjournal.NewJournal()
 	if err != nil {
 		return err
 	}
-	// TODO AddMatch and Seek seem to conflict
-	// Issue filed upstream -> https://github.com/coreos/go-systemd/issues/315
-	// Leaving commented code in case upstream fixes things
-	//podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} //nolint
-	//if err := j.AddMatch(podmanJournal.String()); err != nil {
-	//	return errors.Wrap(err, "failed to add filter for event log")
-	//}
+
+	// match only podman journal entries
+	podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"}
+	if err := j.AddMatch(podmanJournal.String()); err != nil {
+		return errors.Wrap(err, "failed to add journal filter for event log")
+	}
+
 	if len(options.Since) == 0 && len(options.Until) == 0 && options.Stream {
 		if err := j.SeekTail(); err != nil {
 			return errors.Wrap(err, "failed to seek end of journal")
 		}
-	} else {
-		podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} //nolint
-		if err := j.AddMatch(podmanJournal.String()); err != nil {
-			return errors.Wrap(err, "failed to add filter for event log")
+		// After SeekTail calling Next moves to a random entry.
+		// To prevent this we have to call Previous first.
+		// see: https://bugs.freedesktop.org/show_bug.cgi?id=64614
+		if _, err := j.Previous(); err != nil {
+			return errors.Wrap(err, "failed to move journal cursor to previous entry")
 		}
 	}
+
 	// the api requires a next|prev before getting a cursor
 	if _, err := j.Next(); err != nil {
-		return err
+		return errors.Wrap(err, "failed to move journal cursor to next entry")
 	}
+
 	prevCursor, err := j.GetCursor()
 	if err != nil {
-		return err
+		return errors.Wrap(err, "failed to get journal cursor")
 	}
+
 	for {
 		select {
 		case <-ctx.Done():
@@ -96,30 +110,26 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error {
 		default:
 			// fallthrough
 		}
+
 		if _, err := j.Next(); err != nil {
-			return err
+			return errors.Wrap(err, "failed to move journal cursor to next entry")
 		}
 		newCursor, err := j.GetCursor()
 		if err != nil {
-			return err
+			return errors.Wrap(err, "failed to get journal cursor")
 		}
 		if prevCursor == newCursor {
 			if len(options.Until) > 0 || !options.Stream {
 				break
 			}
-			_ = j.Wait(sdjournal.IndefiniteWait) //nolint
+			_ = j.Wait(sdjournal.IndefiniteWait)
 			continue
 		}
 		prevCursor = newCursor
+
 		entry, err := j.GetEntry()
 		if err != nil {
-			return err
-		}
-		// TODO this keeps us from feeding the podman event parser with
-		// with regular journal content; it can be removed if the above
-		// problem with AddMatch is resolved.
-		if entry.Fields["PODMAN_EVENT"] == "" {
-			continue
+			return errors.Wrap(err, "failed to read journal entry")
 		}
 		newEvent, err := newEventFromJournalEntry(entry)
 		if err != nil {
@@ -174,6 +184,19 @@ func newEventFromJournalEntry(entry *sdjournal.JournalEntry) (*Event, error) { /
 				newEvent.ContainerExitCode = intCode
 			}
 		}
+
+		// we need to check for the presence of labels recorded to a container event
+		if stringLabels, ok := entry.Fields["PODMAN_LABELS"]; ok && len(stringLabels) > 0 {
+			labels := make(map[string]string, 0)
+			if err := json.Unmarshal([]byte(stringLabels), &labels); err != nil {
+				return nil, err
+			}
+
+			// if we have labels, add them to the event
+			if len(labels) > 0 {
+				newEvent.Details = Details{Attributes: labels}
+			}
+		}
 	case Image:
 		newEvent.ID = entry.Fields["PODMAN_ID"]
 	}
diff --git a/libpod/image/filters.go b/libpod/image/filters.go
index db647954f..4aff0a7b5 100644
--- a/libpod/image/filters.go
+++ b/libpod/image/filters.go
@@ -82,7 +82,7 @@ func LabelFilter(ctx context.Context, labelfilter string) ResultFilter {
 	// We need to handle both label=key and label=key=value
 	return func(i *Image) bool {
 		var value string
-		splitFilter := strings.Split(labelfilter, "=")
+		splitFilter := strings.SplitN(labelfilter, "=", 2)
 		key := splitFilter[0]
 		if len(splitFilter) > 1 {
 			value = splitFilter[1]
@@ -157,7 +157,7 @@ func (ir *Runtime) createFilterFuncs(filters []string, img *Image) ([]ResultFilt
 	var filterFuncs []ResultFilter
 	ctx := context.Background()
 	for _, filter := range filters {
-		splitFilter := strings.Split(filter, "=")
+		splitFilter := strings.SplitN(filter, "=", 2)
 		if len(splitFilter) < 2 {
 			return nil, errors.Errorf("invalid filter syntax %s", filter)
 		}
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 0900944eb..301954703 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -177,7 +177,7 @@ func (ir *Runtime) New(ctx context.Context, name, signaturePolicyPath, authfile
 // SaveImages stores one more images in a multi-image archive.
 // Note that only `docker-archive` supports storing multiple
 // image.
-func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format string, outputFile string, quiet bool) (finalErr error) {
+func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format string, outputFile string, quiet, removeSignatures bool) (finalErr error) {
 	if format != DockerArchive {
 		return errors.Errorf("multi-image archives are only supported in in the %q format", DockerArchive)
 	}
@@ -264,7 +264,7 @@ func (ir *Runtime) SaveImages(ctx context.Context, namesOrIDs []string, format s
 		}
 
 		img := imageMap[id]
-		copyOptions := getCopyOptions(sys, writer, nil, nil, SigningOptions{}, "", img.tags)
+		copyOptions := getCopyOptions(sys, writer, nil, nil, SigningOptions{RemoveSignatures: removeSignatures}, "", img.tags)
 		copyOptions.DestinationCtx.SystemRegistriesConfPath = registries.SystemRegistriesConfPath()
 
 		// For copying, we need a source reference that we can create
@@ -469,7 +469,7 @@ func (ir *Runtime) getLocalImage(inputName string) (string, *storage.Image, erro
 		if err != nil {
 			return "", nil, err
 		}
-		img, err := ir.store.Image(ref.String())
+		img, err := ir.store.Image(reference.TagNameOnly(ref).String())
 		if err == nil {
 			return ref.String(), img, nil
 		}
@@ -1584,7 +1584,7 @@ func (i *Image) Comment(ctx context.Context, manifestType string) (string, error
 }
 
 // Save writes a container image to the filesystem
-func (i *Image) Save(ctx context.Context, source, format, output string, moreTags []string, quiet, compress bool) error {
+func (i *Image) Save(ctx context.Context, source, format, output string, moreTags []string, quiet, compress, removeSignatures bool) error {
 	var (
 		writer       io.Writer
 		destRef      types.ImageReference
@@ -1636,7 +1636,7 @@ func (i *Image) Save(ctx context.Context, source, format, output string, moreTag
 			return err
 		}
 	}
-	if err := i.PushImageToReference(ctx, destRef, manifestType, "", "", "", writer, compress, SigningOptions{}, &DockerRegistryOptions{}, additionaltags); err != nil {
+	if err := i.PushImageToReference(ctx, destRef, manifestType, "", "", "", writer, compress, SigningOptions{RemoveSignatures: removeSignatures}, &DockerRegistryOptions{}, additionaltags); err != nil {
 		return errors.Wrapf(err, "unable to save %q", source)
 	}
 	i.newImageEvent(events.Save)
diff --git a/libpod/image/search.go b/libpod/image/search.go
index 5f5845989..b9acf4a20 100644
--- a/libpod/image/search.go
+++ b/libpod/image/search.go
@@ -263,7 +263,7 @@ func searchRepositoryTags(registry, term string, sc *types.SystemContext, option
 func ParseSearchFilter(filter []string) (*SearchFilter, error) {
 	sFilter := new(SearchFilter)
 	for _, f := range filter {
-		arr := strings.Split(f, "=")
+		arr := strings.SplitN(f, "=", 2)
 		switch arr[0] {
 		case "stars":
 			if len(arr) < 2 {
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index f87c311ce..9ff6e40b7 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -254,9 +254,11 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	if ctr.config.NetworkOptions != nil {
 		slirpOptions := ctr.config.NetworkOptions["slirp4netns"]
 		for _, o := range slirpOptions {
-			parts := strings.Split(o, "=")
+			parts := strings.SplitN(o, "=", 2)
+			if len(parts) < 2 {
+				return errors.Errorf("unknown option for slirp4netns: %q", o)
+			}
 			option, value := parts[0], parts[1]
-
 			switch option {
 			case "cidr":
 				ipv4, _, err := net.ParseCIDR(value)
@@ -823,6 +825,20 @@ func getContainerNetIO(ctr *Container) (*netlink.LinkStatistics, error) {
 // Produce an InspectNetworkSettings containing information on the container
 // network.
 func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, error) {
+	if c.config.NetNsCtr != "" {
+		netNsCtr, err := c.runtime.GetContainer(c.config.NetNsCtr)
+		if err != nil {
+			return nil, err
+		}
+		// Have to sync to ensure that state is populated
+		if err := netNsCtr.syncContainer(); err != nil {
+			return nil, err
+		}
+		logrus.Debugf("Container %s shares network namespace, retrieving network info of container %s", c.ID(), c.config.NetNsCtr)
+
+		return netNsCtr.getContainerNetworkInfo()
+	}
+
 	settings := new(define.InspectNetworkSettings)
 	settings.Ports = makeInspectPortBindings(c.config.PortMappings)