4 files changed, 66 insertions, 27 deletions

diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index aee8c4657..1b6dd829c 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -99,6 +99,7 @@ type InspectContainerData struct {
 	ImageID         string                      `json:"Image"`
 	ImageName       string                      `json:"ImageName"`
 	Rootfs          string                      `json:"Rootfs"`
+	Pod             string                      `json:"Pod"`
 	ResolvConfPath  string                      `json:"ResolvConfPath"`
 	HostnamePath    string                      `json:"HostnamePath"`
 	HostsPath       string                      `json:"HostsPath"`
@@ -717,6 +718,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data)
 		ExitCommand:     config.ExitCommand,
 		Namespace:       config.Namespace,
 		Rootfs:          config.Rootfs,
+		Pod:             config.Pod,
 		ResolvConfPath:  resolvPath,
 		HostnamePath:    hostnamePath,
 		HostsPath:       hostsPath,
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index afcf51a11..6dbd53fbf 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -185,11 +185,11 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	// If network namespace was requested, add it now
 	if c.config.CreateNetNS {
 		if c.config.PostConfigureNetNS {
-			if err := g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, ""); err != nil {
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), ""); err != nil {
 				return nil, err
 			}
 		} else {
-			if err := g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path()); err != nil {
+			if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), c.state.NetNS.Path()); err != nil {
 				return nil, err
 			}
 		}
@@ -310,7 +310,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		}
 	}
 	if c.config.PIDNsCtr != "" {
-		if err := c.addNamespaceContainer(&g, PIDNS, c.config.PIDNsCtr, string(spec.PIDNamespace)); err != nil {
+		if err := c.addNamespaceContainer(&g, PIDNS, c.config.PIDNsCtr, spec.PIDNamespace); err != nil {
 			return nil, err
 		}
 	}
@@ -340,7 +340,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	g.AddAnnotation("org.opencontainers.image.stopSignal", fmt.Sprintf("%d", c.config.StopSignal))
 
 	for _, i := range c.config.Spec.Linux.Namespaces {
-		if string(i.Type) == spec.UTSNamespace {
+		if i.Type == spec.UTSNamespace {
 			hostname := c.Hostname()
 			g.SetHostname(hostname)
 			g.AddProcessEnv("HOSTNAME", hostname)
@@ -466,37 +466,55 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
 		g.AddMount(tmpfsMnt)
 	}
 
-	// rootless containers have no write access to /sys/fs/cgroup, so don't
-	// add any mount into the container.
-	if !rootless.IsRootless() {
-		cgroupPath, err := c.CGroupPath()
-		if err != nil {
-			return err
-		}
-		sourcePath := filepath.Join("/sys/fs/cgroup/systemd", cgroupPath)
+	unified, err := cgroups.IsCgroup2UnifiedMode()
+	if err != nil {
+		return err
+	}
+
+	g.RemoveMount("/sys/fs/cgroup")
 
+	if unified {
+		sourcePath := filepath.Join("/sys/fs/cgroup")
 		systemdMnt := spec.Mount{
-			Destination: "/sys/fs/cgroup/systemd",
+			Destination: "/sys/fs/cgroup",
 			Type:        "bind",
 			Source:      sourcePath,
-			Options:     []string{"bind", "private"},
+			Options:     []string{"bind", "private", "rw"},
 		}
 		g.AddMount(systemdMnt)
 	} else {
-		systemdMnt := spec.Mount{
-			Destination: "/sys/fs/cgroup/systemd",
-			Type:        "bind",
-			Source:      "/sys/fs/cgroup/systemd",
-			Options:     []string{"bind", "nodev", "noexec", "nosuid"},
+		// rootless containers have no write access to /sys/fs/cgroup, so don't
+		// add any mount into the container.
+		if !rootless.IsRootless() {
+			cgroupPath, err := c.CGroupPath()
+			if err != nil {
+				return err
+			}
+			sourcePath := filepath.Join("/sys/fs/cgroup", cgroupPath)
+
+			systemdMnt := spec.Mount{
+				Destination: "/sys/fs/cgroup",
+				Type:        "bind",
+				Source:      sourcePath,
+				Options:     []string{"bind", "private"},
+			}
+			g.AddMount(systemdMnt)
+		} else {
+			systemdMnt := spec.Mount{
+				Destination: "/sys/fs/cgroup",
+				Type:        "bind",
+				Source:      "/sys/fs/cgroup",
+				Options:     []string{"bind", "nodev", "noexec", "nosuid"},
+			}
+			g.AddMount(systemdMnt)
 		}
-		g.AddMount(systemdMnt)
 	}
 
 	return nil
 }
 
 // Add an existing container's namespace to the spec
-func (c *Container) addNamespaceContainer(g *generate.Generator, ns LinuxNS, ctr string, specNS string) error {
+func (c *Container) addNamespaceContainer(g *generate.Generator, ns LinuxNS, ctr string, specNS spec.LinuxNamespaceType) error {
 	nsCtr, err := c.runtime.state.Container(ctr)
 	if err != nil {
 		return errors.Wrapf(err, "error retrieving dependency %s of container %s from state", ctr, c.ID())
@@ -508,7 +526,7 @@ func (c *Container) addNamespaceContainer(g *generate.Generator, ns LinuxNS, ctr
 		return err
 	}
 
-	if err := g.AddOrReplaceLinuxNamespace(specNS, nsPath); err != nil {
+	if err := g.AddOrReplaceLinuxNamespace(string(specNS), nsPath); err != nil {
 		return err
 	}
 
@@ -787,7 +805,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 
 	// We want to have the same network namespace as before.
 	if c.config.CreateNetNS {
-		if err := g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, c.state.NetNS.Path()); err != nil {
+		if err := g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), c.state.NetNS.Path()); err != nil {
 			return err
 		}
 	}
diff --git a/libpod/oci.go b/libpod/oci.go
index 193e66aaf..2eb004b84 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -106,8 +106,19 @@ func newOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *R
 		}
 		foundPath = true
 		runtime.path = path
+		logrus.Debugf("using runtime %q", path)
 		break
 	}
+
+	// Search the $PATH as last fallback
+	if !foundPath {
+		if foundRuntime, err := exec.LookPath(name); err == nil {
+			foundPath = true
+			runtime.path = foundRuntime
+			logrus.Debugf("using runtime %q from $PATH: %q", name, foundRuntime)
+		}
+	}
+
 	if !foundPath {
 		return nil, errors.Wrapf(define.ErrInvalidArg, "no valid executable found for OCI runtime %s", name)
 	}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index bb6bfbfcc..ffdbc32f1 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"os/user"
 	"path/filepath"
 	"strings"
@@ -740,8 +741,19 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
 		}
 		foundConmon = true
 		runtime.conmonPath = path
+		logrus.Debugf("using conmon: %q", path)
 		break
 	}
+
+	// Search the $PATH as last fallback
+	if !foundConmon {
+		if conmon, err := exec.LookPath("conmon"); err == nil {
+			foundConmon = true
+			runtime.conmonPath = conmon
+			logrus.Debugf("using conmon from $PATH: %q", conmon)
+		}
+	}
+
 	if !foundConmon {
 		return errors.Wrapf(define.ErrInvalidArg,
 			"could not find a working conmon binary (configured options: %v)",
@@ -938,10 +950,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
 
 	// Initialize remaining OCI runtimes
 	for name, paths := range runtime.config.OCIRuntimes {
-		if len(paths) == 0 {
-			return errors.Wrapf(define.ErrInvalidArg, "must provide at least 1 path to OCI runtime %s", name)
-		}
-
 		supportsJSON := false
 		for _, r := range runtime.config.RuntimeSupportsJSON {
 			if r == name {