12 files changed, 77 insertions, 34 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 5c56ff036..4d15c04c5 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -774,9 +774,9 @@ func (c *Container) ExecSessions() ([]string, error) {
 	return ids, nil
 }
 
-// ExecSession retrieves detailed information on a single active exec session in
-// a container
-func (c *Container) ExecSession(id string) (*ExecSession, error) {
+// execSessionNoCopy returns the associated exec session to id.
+// Note that the session is not a deep copy.
+func (c *Container) execSessionNoCopy(id string) (*ExecSession, error) {
 	if !c.batched {
 		c.lock.Lock()
 		defer c.lock.Unlock()
@@ -791,6 +791,17 @@ func (c *Container) ExecSession(id string) (*ExecSession, error) {
 		return nil, errors.Wrapf(define.ErrNoSuchExecSession, "no exec session with ID %s found in container %s", id, c.ID())
 	}
 
+	return session, nil
+}
+
+// ExecSession retrieves detailed information on a single active exec session in
+// a container
+func (c *Container) ExecSession(id string) (*ExecSession, error) {
+	session, err := c.execSessionNoCopy(id)
+	if err != nil {
+		return nil, err
+	}
+
 	returnSession := new(ExecSession)
 	if err := JSONDeepCopy(session, returnSession); err != nil {
 		return nil, errors.Wrapf(err, "error copying contents of container %s exec session %s", c.ID(), session.ID())
@@ -1095,7 +1106,7 @@ func (c *Container) AutoRemove() bool {
 	if spec.Annotations == nil {
 		return false
 	}
-	return c.Spec().Annotations[define.InspectAnnotationAutoremove] == define.InspectResponseTrue
+	return spec.Annotations[define.InspectAnnotationAutoremove] == define.InspectResponseTrue
 }
 
 // Timezone returns the timezone configured inside the container.
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 2d5b07a35..50be0eea4 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -229,6 +229,10 @@ func (c *Container) Kill(signal uint) error {
 // This function returns when the attach finishes. It does not hold the lock for
 // the duration of its runtime, only using it at the beginning to verify state.
 func (c *Container) Attach(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize) error {
+	switch c.LogDriver() {
+	case define.PassthroughLogging:
+		return errors.Wrapf(define.ErrNoLogs, "this container is using the 'passthrough' log driver, cannot attach")
+	}
 	if !c.batched {
 		c.lock.Lock()
 		if err := c.syncContainer(); err != nil {
diff --git a/libpod/container_exec.go b/libpod/container_exec.go
index 1cb45a118..f99fb7d3f 100644
--- a/libpod/container_exec.go
+++ b/libpod/container_exec.go
@@ -747,7 +747,7 @@ func (c *Container) Exec(config *ExecConfig, streams *define.AttachStreams, resi
 		return -1, err
 	}
 
-	session, err := c.ExecSession(sessionID)
+	session, err := c.execSessionNoCopy(sessionID)
 	if err != nil {
 		if errors.Cause(err) == define.ErrNoSuchExecSession {
 			// TODO: If a proper Context is ever plumbed in here, we
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index e81f2ec5f..3f9738411 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -2004,7 +2004,7 @@ func (c *Container) setupOCIHooks(ctx context.Context, config *spec.Spec) (map[s
 				}
 				return nil, err
 			}
-			ociHooks, err := manager.Hooks(config, c.Spec().Annotations, len(c.config.UserVolumes) > 0)
+			ociHooks, err := manager.Hooks(config, c.config.Spec.Annotations, len(c.config.UserVolumes) > 0)
 			if err != nil {
 				return nil, err
 			}
@@ -2021,7 +2021,7 @@ func (c *Container) setupOCIHooks(ctx context.Context, config *spec.Spec) (map[s
 			return nil, err
 		}
 
-		allHooks, err = manager.Hooks(config, c.Spec().Annotations, len(c.config.UserVolumes) > 0)
+		allHooks, err = manager.Hooks(config, c.config.Spec.Annotations, len(c.config.UserVolumes) > 0)
 		if err != nil {
 			return nil, err
 		}
diff --git a/libpod/container_log.go b/libpod/container_log.go
index a65b2a44f..18840bff2 100644
--- a/libpod/container_log.go
+++ b/libpod/container_log.go
@@ -18,7 +18,7 @@ import (
 var logDrivers []string
 
 func init() {
-	logDrivers = append(logDrivers, define.KubernetesLogging, define.NoLogging)
+	logDrivers = append(logDrivers, define.KubernetesLogging, define.NoLogging, define.PassthroughLogging)
 }
 
 // Log is a runtime function that can read one or more container logs.
@@ -34,6 +34,8 @@ func (r *Runtime) Log(ctx context.Context, containers []*Container, options *log
 // ReadLog reads a containers log based on the input options and returns log lines over a channel.
 func (c *Container) ReadLog(ctx context.Context, options *logs.LogOptions, logChannel chan *logs.LogLine) error {
 	switch c.LogDriver() {
+	case define.PassthroughLogging:
+		return errors.Wrapf(define.ErrNoLogs, "this container is using the 'passthrough' log driver, cannot read logs")
 	case define.NoLogging:
 		return errors.Wrapf(define.ErrNoLogs, "this container is using the 'none' log driver, cannot read logs")
 	case define.JournaldLogging:
diff --git a/libpod/define/config.go b/libpod/define/config.go
index 6c426f2ec..7a0d39e42 100644
--- a/libpod/define/config.go
+++ b/libpod/define/config.go
@@ -78,6 +78,9 @@ const JSONLogging = "json-file"
 // NoLogging is the string conmon expects when specifying to use no log driver whatsoever
 const NoLogging = "none"
 
+// PassthroughLogging is the string conmon expects when specifying to use the passthrough driver
+const PassthroughLogging = "passthrough"
+
 // Strings used for --sdnotify option to podman
 const (
 	SdNotifyModeContainer = "container"
diff --git a/libpod/kube.go b/libpod/kube.go
index d17ca1114..57d99f3ef 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -253,7 +253,9 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po
 			// We add the original port declarations from the libpod infra container
 			// to the first kubernetes container description because otherwise we loose
 			// the original container/port bindings.
-			if first && len(ports) > 0 {
+			// Add the port configuration to the first regular container or the first
+			// init container if only init containers have been created in the pod.
+			if first && len(ports) > 0 && (!isInit || len(containers) == 2) {
 				ctr.Ports = ports
 				first = false
 			}
@@ -424,7 +426,7 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
 	// NOTE: a privileged container mounts all of /dev/*.
 	if !c.Privileged() && len(c.config.Spec.Linux.Devices) > 0 {
 		// TODO Enable when we can support devices and their names
-		kubeContainer.VolumeDevices = generateKubeVolumeDeviceFromLinuxDevice(c.Spec().Linux.Devices)
+		kubeContainer.VolumeDevices = generateKubeVolumeDeviceFromLinuxDevice(c.config.Spec.Linux.Devices)
 		return kubeContainer, kubeVolumes, nil, errors.Wrapf(define.ErrNotImplemented, "linux devices")
 	}
 
diff --git a/libpod/oci_attach_linux.go b/libpod/oci_attach_linux.go
index 9ae46eeda..d4d4a1076 100644
--- a/libpod/oci_attach_linux.go
+++ b/libpod/oci_attach_linux.go
@@ -40,7 +40,9 @@ func openUnixSocket(path string) (*net.UnixConn, error) {
 // Does not check if state is appropriate
 // started is only required if startContainer is true
 func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-chan define.TerminalSize, startContainer bool, started chan bool, attachRdy chan<- bool) error {
-	if !streams.AttachOutput && !streams.AttachError && !streams.AttachInput {
+	passthrough := c.LogDriver() == define.PassthroughLogging
+
+	if !streams.AttachOutput && !streams.AttachError && !streams.AttachInput && !passthrough {
 		return errors.Wrapf(define.ErrInvalidArg, "must provide at least one stream to attach to")
 	}
 	if startContainer && started == nil {
@@ -52,24 +54,27 @@ func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-
 		return err
 	}
 
-	logrus.Debugf("Attaching to container %s", c.ID())
+	var conn *net.UnixConn
+	if !passthrough {
+		logrus.Debugf("Attaching to container %s", c.ID())
 
-	registerResizeFunc(resize, c.bundlePath())
+		registerResizeFunc(resize, c.bundlePath())
 
-	attachSock, err := c.AttachSocketPath()
-	if err != nil {
-		return err
-	}
+		attachSock, err := c.AttachSocketPath()
+		if err != nil {
+			return err
+		}
 
-	conn, err := openUnixSocket(attachSock)
-	if err != nil {
-		return errors.Wrapf(err, "failed to connect to container's attach socket: %v", attachSock)
-	}
-	defer func() {
-		if err := conn.Close(); err != nil {
-			logrus.Errorf("Unable to close socket: %q", err)
+		conn, err = openUnixSocket(attachSock)
+		if err != nil {
+			return errors.Wrapf(err, "failed to connect to container's attach socket: %v", attachSock)
 		}
-	}()
+		defer func() {
+			if err := conn.Close(); err != nil {
+				logrus.Errorf("unable to close socket: %q", err)
+			}
+		}()
+	}
 
 	// If starting was requested, start the container and notify when that's
 	// done.
@@ -80,6 +85,10 @@ func (c *Container) attach(streams *define.AttachStreams, keys string, resize <-
 		started <- true
 	}
 
+	if passthrough {
+		return nil
+	}
+
 	receiveStdoutError, stdinDone := setupStdioChannels(streams, conn, detachKeys)
 	if attachRdy != nil {
 		attachRdy <- true
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index f82fc4ce6..71a7b29fa 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1288,6 +1288,8 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p
 		logDriverArg = define.JournaldLogging
 	case define.NoLogging:
 		logDriverArg = define.NoLogging
+	case define.PassthroughLogging:
+		logDriverArg = define.PassthroughLogging
 	case define.JSONLogging:
 		fallthrough
 	//lint:ignore ST1015 the default case has to be here
diff --git a/libpod/options.go b/libpod/options.go
index a80f51c6a..553af43fd 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1114,7 +1114,7 @@ func WithLogDriver(driver string) CtrCreateOption {
 		switch driver {
 		case "":
 			return errors.Wrapf(define.ErrInvalidArg, "log driver must be set")
-		case define.JournaldLogging, define.KubernetesLogging, define.JSONLogging, define.NoLogging:
+		case define.JournaldLogging, define.KubernetesLogging, define.JSONLogging, define.NoLogging, define.PassthroughLogging:
 			break
 		default:
 			return errors.Wrapf(define.ErrInvalidArg, "invalid log driver")
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 161d5a533..27885bf5c 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -706,19 +706,32 @@ func (r *Runtime) TmpDir() (string, error) {
 	return r.config.Engine.TmpDir, nil
 }
 
-// GetConfig returns a copy of the configuration used by the runtime
-func (r *Runtime) GetConfig() (*config.Config, error) {
+// GetConfig returns the configuration used by the runtime.
+// Note that the returned value is not a copy and must hence
+// only be used in a reading fashion.
+func (r *Runtime) GetConfigNoCopy() (*config.Config, error) {
 	r.lock.RLock()
 	defer r.lock.RUnlock()
 
 	if !r.valid {
 		return nil, define.ErrRuntimeStopped
 	}
+	return r.config, nil
+}
+
+// GetConfig returns a copy of the configuration used by the runtime.
+// Please use GetConfigNoCopy() in case you only want to read from
+// but not write to the returned config.
+func (r *Runtime) GetConfig() (*config.Config, error) {
+	rtConfig, err := r.GetConfigNoCopy()
+	if err != nil {
+		return nil, err
+	}
 
 	config := new(config.Config)
 
 	// Copy so the caller won't be able to modify the actual config
-	if err := JSONDeepCopy(r.config, config); err != nil {
+	if err := JSONDeepCopy(rtConfig, config); err != nil {
 		return nil, errors.Wrapf(err, "error copying config")
 	}
 
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 93bfdd54b..00979a500 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -193,10 +193,7 @@ func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConf
 		ctr.config.LogPath = ""
 	}
 
-	ctr.config.Spec = new(spec.Spec)
-	if err := JSONDeepCopy(rSpec, ctr.config.Spec); err != nil {
-		return nil, errors.Wrapf(err, "error copying runtime spec while creating container")
-	}
+	ctr.config.Spec = rSpec
 	ctr.config.CreatedTime = time.Now()
 
 	ctr.state.BindMounts = make(map[string]string)
@@ -481,7 +478,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 	}
 
 	switch ctr.config.LogDriver {
-	case define.NoLogging:
+	case define.NoLogging, define.PassthroughLogging:
 		break
 	case define.JournaldLogging:
 		ctr.initializeJournal(ctx)