12 files changed, 82 insertions, 12 deletions
diff --git a/libpod/driver/driver.go b/libpod/driver/driver.go
index f9442fa21..85eda5a21 100644
--- a/libpod/driver/driver.go
+++ b/libpod/driver/driver.go
@@ -38,6 +38,10 @@ func GetDriverData(store cstorage.Store, layerID string) (*Data, error) {
 	if err != nil {
 		return nil, err
 	}
+	if mountTimes, err := store.Mounted(layerID); mountTimes == 0 || err != nil {
+		delete(metaData, "MergedDir")
+	}
+
 	return &Data{
 		Name: name,
 		Data: metaData,
diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go
index 3bc3f6de7..470c76959 100644
--- a/libpod/events/journal_linux.go
+++ b/libpod/events/journal_linux.go
@@ -73,6 +73,11 @@ func (e EventJournalD) Read(options ReadOptions) error {
 		if err := j.SeekTail(); err != nil {
 			return errors.Wrap(err, "failed to seek end of journal")
 		}
+	} else {
+		podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} //nolint
+		if err := j.AddMatch(podmanJournal.String()); err != nil {
+			return errors.Wrap(err, "failed to add filter for event log")
+		}
 	}
 	// the api requires a next|prev before getting a cursor
 	if _, err := j.Next(); err != nil {
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 068491f28..cb7c390c6 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -135,7 +135,7 @@ func (ir *Runtime) NewFromLocal(name string) (*Image, error) {
 
 // New creates a new image object where the image could be local
 // or remote
-func (ir *Runtime) New(ctx context.Context, name, signaturePolicyPath, authfile string, writer io.Writer, dockeroptions *DockerRegistryOptions, signingoptions SigningOptions, forcePull bool, label *string) (*Image, error) {
+func (ir *Runtime) New(ctx context.Context, name, signaturePolicyPath, authfile string, writer io.Writer, dockeroptions *DockerRegistryOptions, signingoptions SigningOptions, label *string, pullType util.PullType) (*Image, error) {
 	span, _ := opentracing.StartSpanFromContext(ctx, "newImage")
 	span.SetTag("type", "runtime")
 	defer span.Finish()
@@ -145,11 +145,13 @@ func (ir *Runtime) New(ctx context.Context, name, signaturePolicyPath, authfile
 		InputName:    name,
 		imageruntime: ir,
 	}
-	if !forcePull {
+	if pullType != util.PullImageAlways {
 		localImage, err := newImage.getLocalImage()
 		if err == nil {
 			newImage.image = localImage
 			return &newImage, nil
+		} else if pullType == util.PullImageNever {
+			return nil, err
 		}
 	}
 
diff --git a/libpod/image/image_test.go b/libpod/image/image_test.go
index e93ebf797..5a6d095f6 100644
--- a/libpod/image/image_test.go
+++ b/libpod/image/image_test.go
@@ -3,12 +3,13 @@ package image
 import (
 	"context"
 	"fmt"
-	"github.com/containers/libpod/libpod/events"
 	"io"
 	"io/ioutil"
 	"os"
 	"testing"
 
+	"github.com/containers/libpod/libpod/events"
+	"github.com/containers/libpod/pkg/util"
 	"github.com/containers/storage"
 	"github.com/opencontainers/go-digest"
 	"github.com/stretchr/testify/assert"
@@ -89,9 +90,9 @@ func TestImage_NewFromLocal(t *testing.T) {
 	ir, err := NewImageRuntimeFromOptions(so)
 	assert.NoError(t, err)
 	ir.Eventer = events.NewNullEventer()
-	bb, err := ir.New(context.Background(), "docker.io/library/busybox:latest", "", "", writer, nil, SigningOptions{}, false, nil)
+	bb, err := ir.New(context.Background(), "docker.io/library/busybox:latest", "", "", writer, nil, SigningOptions{}, nil, util.PullImageMissing)
 	assert.NoError(t, err)
-	bbglibc, err := ir.New(context.Background(), "docker.io/library/busybox:glibc", "", "", writer, nil, SigningOptions{}, false, nil)
+	bbglibc, err := ir.New(context.Background(), "docker.io/library/busybox:glibc", "", "", writer, nil, SigningOptions{}, nil, util.PullImageMissing)
 	assert.NoError(t, err)
 
 	tm, err := makeLocalMatrix(bb, bbglibc)
@@ -139,7 +140,7 @@ func TestImage_New(t *testing.T) {
 	// Iterate over the names and delete the image
 	// after the pull
 	for _, img := range names {
-		newImage, err := ir.New(context.Background(), img, "", "", writer, nil, SigningOptions{}, false, nil)
+		newImage, err := ir.New(context.Background(), img, "", "", writer, nil, SigningOptions{}, nil, util.PullImageMissing)
 		assert.NoError(t, err)
 		assert.NotEqual(t, newImage.ID(), "")
 		err = newImage.Remove(context.Background(), false)
@@ -168,7 +169,7 @@ func TestImage_MatchRepoTag(t *testing.T) {
 	ir, err := NewImageRuntimeFromOptions(so)
 	assert.NoError(t, err)
 	ir.Eventer = events.NewNullEventer()
-	newImage, err := ir.New(context.Background(), "busybox", "", "", os.Stdout, nil, SigningOptions{}, false, nil)
+	newImage, err := ir.New(context.Background(), "busybox", "", "", os.Stdout, nil, SigningOptions{}, nil, util.PullImageMissing)
 	assert.NoError(t, err)
 	err = newImage.TagImage("foo:latest")
 	assert.NoError(t, err)
diff --git a/libpod/oci.go b/libpod/oci.go
index 2eb004b84..4ba3114e3 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -60,6 +60,7 @@ type OCIRuntime struct {
 	noPivot       bool
 	reservePorts  bool
 	supportsJSON  bool
+	sdNotify      bool
 }
 
 // ociError is used to parse the OCI runtime JSON log.  It is not part of the
@@ -87,6 +88,7 @@ func newOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *R
 	runtime.logSizeMax = runtimeCfg.MaxLogSize
 	runtime.noPivot = runtimeCfg.NoPivotRoot
 	runtime.reservePorts = runtimeCfg.EnablePortReservation
+	runtime.sdNotify = runtimeCfg.SDNotify
 
 	// TODO: probe OCI runtime for feature and enable automatically if
 	// available.
diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go
index e2c73f5ed..6e4ee2cf2 100644
--- a/libpod/oci_internal_linux.go
+++ b/libpod/oci_internal_linux.go
@@ -247,10 +247,14 @@ func (r *OCIRuntime) configureConmonEnv(runtimeDir string) ([]string, []*os.File
 	if notify, ok := os.LookupEnv("NOTIFY_SOCKET"); ok {
 		env = append(env, fmt.Sprintf("NOTIFY_SOCKET=%s", notify))
 	}
-	if listenfds, ok := os.LookupEnv("LISTEN_FDS"); ok {
-		env = append(env, fmt.Sprintf("LISTEN_FDS=%s", listenfds), "LISTEN_PID=1")
-		fds := activation.Files(false)
-		extraFiles = append(extraFiles, fds...)
+	if !r.sdNotify {
+		if listenfds, ok := os.LookupEnv("LISTEN_FDS"); ok {
+			env = append(env, fmt.Sprintf("LISTEN_FDS=%s", listenfds), "LISTEN_PID=1")
+			fds := activation.Files(false)
+			extraFiles = append(extraFiles, fds...)
+		}
+	} else {
+		logrus.Debug("disabling SD notify")
 	}
 	return env, extraFiles, nil
 }
diff --git a/libpod/options.go b/libpod/options.go
index 7fbd0016a..d2a67e38c 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -482,6 +482,15 @@ func WithEventsLogger(logger string) RuntimeOption {
 	}
 }
 
+// WithEnableSDNotify sets a runtime option so we know whether to disable socket/FD
+// listening
+func WithEnableSDNotify() RuntimeOption {
+	return func(rt *Runtime) error {
+		rt.config.SDNotify = true
+		return nil
+	}
+}
+
 // Container Creation Options
 
 // WithShmDir sets the directory that should be mounted on /dev/shm.
@@ -1488,6 +1497,24 @@ func WithPodName(name string) PodCreateOption {
 	}
 }
 
+// WithPodHostname sets the hostname of the pod.
+func WithPodHostname(hostname string) PodCreateOption {
+	return func(pod *Pod) error {
+		if pod.valid {
+			return define.ErrPodFinalized
+		}
+
+		// Check the hostname against a regex
+		if !nameRegex.MatchString(hostname) {
+			return regexError
+		}
+
+		pod.config.Hostname = hostname
+
+		return nil
+	}
+}
+
 // WithPodLabels sets the labels of a pod.
 func WithPodLabels(labels map[string]string) PodCreateOption {
 	return func(pod *Pod) error {
diff --git a/libpod/pod.go b/libpod/pod.go
index 60626bfd7..3b9bb9c60 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -36,6 +36,8 @@ type PodConfig struct {
 	// Namespace the pod is in
 	Namespace string `json:"namespace,omitempty"`
 
+	Hostname string `json:"hostname,omitempty"`
+
 	// Labels contains labels applied to the pod
 	Labels map[string]string `json:"labels"`
 	// CgroupParent contains the pod's CGroup parent
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 8a4eee081..2fa8dd424 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -252,6 +252,10 @@ type RuntimeConfig struct {
 	EventsLogFilePath string `toml:"-events_logfile_path"`
 	//DetachKeys is the sequence of keys used to detach a container
 	DetachKeys string `toml:"detach_keys"`
+
+	// SDNotify tells Libpod to allow containers to notify the host
+	// systemd of readiness using the SD_NOTIFY mechanism
+	SDNotify bool
 }
 
 // runtimeConfiguredFrom is a struct used during early runtime init to help
diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go
index da35b7f93..ad6662f03 100644
--- a/libpod/runtime_pod_infra_linux.go
+++ b/libpod/runtime_pod_infra_linux.go
@@ -9,6 +9,7 @@ import (
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/image"
 	"github.com/containers/libpod/pkg/rootless"
+	"github.com/containers/libpod/pkg/util"
 	"github.com/opencontainers/image-spec/specs-go/v1"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
@@ -30,6 +31,9 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID
 		return nil, err
 	}
 
+	// Set Pod hostname
+	g.Config.Hostname = p.config.Hostname
+
 	isRootless := rootless.IsRootless()
 
 	entryCmd := []string{r.config.InfraCommand}
@@ -108,7 +112,7 @@ func (r *Runtime) createInfraContainer(ctx context.Context, p *Pod) (*Container,
 		return nil, define.ErrRuntimeStopped
 	}
 
-	newImage, err := r.ImageRuntime().New(ctx, r.config.InfraImage, "", "", nil, nil, image.SigningOptions{}, false, nil)
+	newImage, err := r.ImageRuntime().New(ctx, r.config.InfraImage, "", "", nil, nil, image.SigningOptions{}, nil, util.PullImageMissing)
 	if err != nil {
 		return nil, err
 	}
diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go
index f38e6e7c1..073c5054d 100644
--- a/libpod/runtime_pod_linux.go
+++ b/libpod/runtime_pod_linux.go
@@ -52,6 +52,10 @@ func (r *Runtime) NewPod(ctx context.Context, options ...PodCreateOption) (_ *Po
 		pod.config.Name = name
 	}
 
+	if pod.config.Hostname == "" {
+		pod.config.Hostname = pod.config.Name
+	}
+
 	// Allocate a lock for the pod
 	lock, err := r.lockManager.AllocateLock()
 	if err != nil {
diff --git a/libpod/util_linux.go b/libpod/util_linux.go
index 78cbc75a7..d5c113daf 100644
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@@ -48,6 +48,9 @@ func makeSystemdCgroup(path string) error {
 		return err
 	}
 
+	if rootless.IsRootless() {
+		return controller.CreateSystemdUserUnit(path, rootless.GetRootlessUID())
+	}
 	return controller.CreateSystemdUnit(path)
 }
 
@@ -57,6 +60,14 @@ func deleteSystemdCgroup(path string) error {
 	if err != nil {
 		return err
 	}
+	if rootless.IsRootless() {
+		conn, err := cgroups.GetUserConnection(rootless.GetRootlessUID())
+		if err != nil {
+			return err
+		}
+		defer conn.Close()
+		return controller.DeleteByPathConn(path, conn)
+	}
 
 	return controller.DeleteByPath(path)
 }