9 files changed, 190 insertions, 71 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index bff64aa95..f30f622ac 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1912,6 +1912,7 @@ func (c *Container) appendHosts(path string, netCtr *Container) (string, error)
 // and returns a string in a format that can be written to the host file
 func (c *Container) getHosts() string {
 	var hosts string
+
 	if len(c.config.HostAdd) > 0 {
 		for _, host := range c.config.HostAdd {
 			// the host format has already been verified at this point
@@ -1922,36 +1923,33 @@ func (c *Container) getHosts() string {
 
 	hosts += c.cniHosts()
 
-	// If not making a network namespace, add our own hostname.
+	// Add hostname for slirp4netns
 	if c.Hostname() != "" {
 		if c.config.NetMode.IsSlirp4netns() {
 			// When using slirp4netns, the interface gets a static IP
 			slirp4netnsIP, err := GetSlirp4netnsIP(c.slirp4netnsSubnet)
 			if err != nil {
-				logrus.Warn("failed to determine slirp4netnsIP: ", err.Error())
+				logrus.Warnf("failed to determine slirp4netnsIP: %v", err.Error())
 			} else {
 				hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", slirp4netnsIP.String(), c.Hostname(), c.config.Name)
 			}
-		} else {
-			hasNetNS := false
-			netNone := false
-			for _, ns := range c.config.Spec.Linux.Namespaces {
-				if ns.Type == spec.NetworkNamespace {
-					hasNetNS = true
-					if ns.Path == "" && !c.config.CreateNetNS {
-						netNone = true
-					}
-					break
+		}
+
+		// Do we have a network namespace?
+		netNone := false
+		for _, ns := range c.config.Spec.Linux.Namespaces {
+			if ns.Type == spec.NetworkNamespace {
+				if ns.Path == "" && !c.config.CreateNetNS {
+					netNone = true
 				}
+				break
 			}
-			if !hasNetNS {
-				// 127.0.1.1 and host's hostname to match Docker
-				osHostname, _ := os.Hostname()
-				hosts += fmt.Sprintf("127.0.1.1 %s %s %s\n", osHostname, c.Hostname(), c.config.Name)
-			}
-			if netNone {
-				hosts += fmt.Sprintf("127.0.1.1 %s %s\n", c.Hostname(), c.config.Name)
-			}
+		}
+
+		// If we are net=none (have a network namespace, but not connected to
+		// anything) add the container's name and hostname to localhost.
+		if netNone {
+			hosts += fmt.Sprintf("127.0.0.1 %s %s\n", c.Hostname(), c.config.Name)
 		}
 	}
 
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 0f3e03e06..8e9b5997c 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -1214,7 +1214,29 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro
 		}
 	}
 	c.state.NetworkStatus = tmpNetworkStatus
-	return c.save()
+	err = c.save()
+	if err != nil {
+		return err
+	}
+
+	// OCICNI will set the loopback adpter down on teardown so we should set it up again
+	err = c.state.NetNS.Do(func(_ ns.NetNS) error {
+		link, err := netlink.LinkByName("lo")
+		if err != nil {
+			return err
+		}
+		err = netlink.LinkSetUp(link)
+		return err
+	})
+	if err != nil {
+		logrus.Warnf("failed to set loopback adpter up in the container: %v", err)
+	}
+	// Reload ports when there are still connected networks, maybe we removed the network interface with the child ip.
+	// Reloading without connected networks does not make sense, so we can skip this step.
+	if rootless.IsRootless() && len(tmpNetworkStatus) > 0 {
+		return c.reloadRootlessRLKPortMapping()
+	}
+	return nil
 }
 
 // ConnectNetwork connects a container to a given network
@@ -1306,7 +1328,16 @@ func (c *Container) NetworkConnect(nameOrID, netName string, aliases []string) e
 		networkStatus[index] = networkResults[0]
 		c.state.NetworkStatus = networkStatus
 	}
-	return c.save()
+	err = c.save()
+	if err != nil {
+		return err
+	}
+	// The first network needs a port reload to set the correct child ip for the rootlessport process.
+	// Adding a second network does not require a port reload because the child ip is still valid.
+	if rootless.IsRootless() && len(networks) == 0 {
+		return c.reloadRootlessRLKPortMapping()
+	}
+	return nil
 }
 
 // DisconnectContainerFromNetwork removes a container from its CNI network
diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go
index 410b377ec..5858364ff 100644
--- a/libpod/networking_slirp4netns.go
+++ b/libpod/networking_slirp4netns.go
@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/containers/podman/v3/pkg/errorhandling"
+	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/pkg/rootlessport"
 	"github.com/containers/podman/v3/pkg/servicereaper"
 	"github.com/pkg/errors"
@@ -466,29 +467,16 @@ func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath strin
 		}
 	}
 
-	slirp4netnsIP, err := GetSlirp4netnsIP(ctr.slirp4netnsSubnet)
-	if err != nil {
-		return errors.Wrapf(err, "failed to get slirp4ns ip")
-	}
-	childIP := slirp4netnsIP.String()
-outer:
-	for _, r := range ctr.state.NetworkStatus {
-		for _, i := range r.IPs {
-			ipv4 := i.Address.IP.To4()
-			if ipv4 != nil {
-				childIP = ipv4.String()
-				break outer
-			}
-		}
-	}
-
+	childIP := getRootlessPortChildIP(ctr)
 	cfg := rootlessport.Config{
-		Mappings:  ctr.config.PortMappings,
-		NetNSPath: netnsPath,
-		ExitFD:    3,
-		ReadyFD:   4,
-		TmpDir:    ctr.runtime.config.Engine.TmpDir,
-		ChildIP:   childIP,
+		Mappings:    ctr.config.PortMappings,
+		NetNSPath:   netnsPath,
+		ExitFD:      3,
+		ReadyFD:     4,
+		TmpDir:      ctr.runtime.config.Engine.TmpDir,
+		ChildIP:     childIP,
+		ContainerID: ctr.config.ID,
+		RootlessCNI: ctr.config.NetMode.IsBridge() && rootless.IsRootless(),
 	}
 	cfgJSON, err := json.Marshal(cfg)
 	if err != nil {
@@ -617,3 +605,62 @@ func (r *Runtime) setupRootlessPortMappingViaSlirp(ctr *Container, cmd *exec.Cmd
 	logrus.Debug("slirp4netns port-forwarding setup via add_hostfwd is ready")
 	return nil
 }
+
+func getRootlessPortChildIP(c *Container) string {
+	if c.config.NetMode.IsSlirp4netns() {
+		slirp4netnsIP, err := GetSlirp4netnsIP(c.slirp4netnsSubnet)
+		if err != nil {
+			return ""
+		}
+		return slirp4netnsIP.String()
+	}
+
+	for _, r := range c.state.NetworkStatus {
+		for _, i := range r.IPs {
+			ipv4 := i.Address.IP.To4()
+			if ipv4 != nil {
+				return ipv4.String()
+			}
+		}
+	}
+	return ""
+}
+
+// reloadRootlessRLKPortMapping will trigger a reload for the port mappings in the rootlessport process.
+// This should only be called by network connect/disconnect and only as rootless.
+func (c *Container) reloadRootlessRLKPortMapping() error {
+	childIP := getRootlessPortChildIP(c)
+	logrus.Debugf("reloading rootless ports for container %s, childIP is %s", c.config.ID, childIP)
+
+	var conn net.Conn
+	var err error
+	// try three times to connect to the socket, maybe it is not ready yet
+	for i := 0; i < 3; i++ {
+		conn, err = net.Dial("unix", filepath.Join(c.runtime.config.Engine.TmpDir, "rp", c.config.ID))
+		if err == nil {
+			break
+		}
+		time.Sleep(250 * time.Millisecond)
+	}
+	if err != nil {
+		// This is not a hard error for backwards compatibility. A container started
+		// with an old version did not created the rootlessport socket.
+		logrus.Warnf("Could not reload rootless port mappings, port forwarding may no longer work correctly: %v", err)
+		return nil
+	}
+	defer conn.Close()
+	enc := json.NewEncoder(conn)
+	err = enc.Encode(childIP)
+	if err != nil {
+		return errors.Wrap(err, "port reloading failed")
+	}
+	b, err := ioutil.ReadAll(conn)
+	if err != nil {
+		return errors.Wrap(err, "port reloading failed")
+	}
+	data := string(b)
+	if data != "OK" {
+		return errors.Errorf("port reloading failed: %s", data)
+	}
+	return nil
+}
diff --git a/libpod/options.go b/libpod/options.go
index 17a36008d..b021b9f50 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1645,6 +1645,32 @@ func WithVolumeUID(uid int) VolumeCreateOption {
 	}
 }
 
+// WithVolumeSize sets the maximum size of the volume
+func WithVolumeSize(size uint64) VolumeCreateOption {
+	return func(volume *Volume) error {
+		if volume.valid {
+			return define.ErrVolumeFinalized
+		}
+
+		volume.config.Size = size
+
+		return nil
+	}
+}
+
+// WithVolumeInodes sets the maximum inodes of the volume
+func WithVolumeInodes(inodes uint64) VolumeCreateOption {
+	return func(volume *Volume) error {
+		if volume.valid {
+			return define.ErrVolumeFinalized
+		}
+
+		volume.config.Inodes = inodes
+
+		return nil
+	}
+}
+
 // WithVolumeGID sets the GID that the volume will be created as.
 func WithVolumeGID(gid int) VolumeCreateOption {
 	return func(volume *Volume) error {
diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go
index 3d5bc8bb2..40df98d7c 100644
--- a/libpod/runtime_volume_linux.go
+++ b/libpod/runtime_volume_linux.go
@@ -12,6 +12,7 @@ import (
 	"github.com/containers/podman/v3/libpod/define"
 	"github.com/containers/podman/v3/libpod/events"
 	volplugin "github.com/containers/podman/v3/libpod/plugin"
+	"github.com/containers/storage/drivers/quota"
 	"github.com/containers/storage/pkg/stringid"
 	pluginapi "github.com/docker/go-plugins-helpers/volume"
 	"github.com/pkg/errors"
@@ -68,7 +69,7 @@ func (r *Runtime) newVolume(ctx context.Context, options ...VolumeCreateOption)
 		// Validate options
 		for key := range volume.config.Options {
 			switch key {
-			case "device", "o", "type", "UID", "GID":
+			case "device", "o", "type", "UID", "GID", "SIZE", "INODES":
 				// Do nothing, valid keys
 			default:
 				return nil, errors.Wrapf(define.ErrInvalidArg, "invalid mount option %s for driver 'local'", key)
@@ -106,6 +107,26 @@ func (r *Runtime) newVolume(ctx context.Context, options ...VolumeCreateOption)
 		if err := LabelVolumePath(fullVolPath); err != nil {
 			return nil, err
 		}
+		projectQuotaSupported := false
+
+		q, err := quota.NewControl(r.config.Engine.VolumePath)
+		if err == nil {
+			projectQuotaSupported = true
+		}
+		quota := quota.Quota{}
+		if volume.config.Size > 0 || volume.config.Inodes > 0 {
+			if !projectQuotaSupported {
+				return nil, errors.New("Volume options size and inodes not supported. Filesystem does not support Project Quota")
+			}
+			quota.Size = volume.config.Size
+			quota.Inodes = volume.config.Inodes
+		}
+		if projectQuotaSupported {
+			if err := q.SetQuota(fullVolPath, quota); err != nil {
+				return nil, errors.Wrapf(err, "failed to set size quota size=%d inodes=%d for volume directory %q", volume.config.Size, volume.config.Inodes, fullVolPath)
+			}
+		}
+
 		volume.config.MountPoint = fullVolPath
 	}
 
diff --git a/libpod/util.go b/libpod/util.go
index 7f4a01f28..3b32fb264 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -153,33 +153,22 @@ func queryPackageVersion(cmdArg ...string) string {
 	return strings.Trim(output, "\n")
 }
 
-func equeryVersion(path string) string {
-	return queryPackageVersion("/usr/bin/equery", "b", path)
-}
-
-func pacmanVersion(path string) string {
-	return queryPackageVersion("/usr/bin/pacman", "-Qo", path)
-}
-
-func dpkgVersion(path string) string {
-	return queryPackageVersion("/usr/bin/dpkg", "-S", path)
-}
-
-func rpmVersion(path string) string {
-	return queryPackageVersion("/usr/bin/rpm", "-q", "-f", path)
-}
-
-func packageVersion(program string) string {
-	if out := rpmVersion(program); out != unknownPackage {
-		return out
-	}
-	if out := dpkgVersion(program); out != unknownPackage {
-		return out
+func packageVersion(program string) string { // program is full path
+	packagers := [][]string{
+		{"/usr/bin/rpm", "-q", "-f"},
+		{"/usr/bin/dpkg", "-S"},    // Debian, Ubuntu
+		{"/usr/bin/pacman", "-Qo"}, // Arch
+		{"/usr/bin/qfile", "-qv"},  // Gentoo (quick)
+		{"/usr/bin/equery", "b"},   // Gentoo (slow)
 	}
-	if out := pacmanVersion(program); out != unknownPackage {
-		return out
+
+	for _, cmd := range packagers {
+		cmd = append(cmd, program)
+		if out := queryPackageVersion(cmd...); out != unknownPackage {
+			return out
+		}
 	}
-	return equeryVersion(program)
+	return unknownPackage
 }
 
 func programVersion(mountProgram string) (string, error) {
diff --git a/libpod/volume.go b/libpod/volume.go
index 506c45b5a..8f3dc4fcc 100644
--- a/libpod/volume.go
+++ b/libpod/volume.go
@@ -49,6 +49,10 @@ type VolumeConfig struct {
 	UID int `json:"uid"`
 	// GID the volume will be created as.
 	GID int `json:"gid"`
+	// Size maximum of the volume.
+	Size uint64 `json:"size"`
+	// Inodes maximum of the volume.
+	Inodes uint64 `json:"inodes"`
 }
 
 // VolumeState holds the volume's mutable state.
diff --git a/libpod/volume_internal.go b/libpod/volume_internal.go
index 19008a253..f69f1c044 100644
--- a/libpod/volume_internal.go
+++ b/libpod/volume_internal.go
@@ -49,6 +49,9 @@ func (v *Volume) needsMount() bool {
 	if _, ok := v.config.Options["GID"]; ok {
 		index++
 	}
+	if _, ok := v.config.Options["SIZE"]; ok {
+		index++
+	}
 	// when uid or gid is set there is also the "o" option
 	// set so we have to ignore this one as well
 	if index > 0 {
diff --git a/libpod/volume_internal_linux.go b/libpod/volume_internal_linux.go
index 92391de1d..45cd22385 100644
--- a/libpod/volume_internal_linux.go
+++ b/libpod/volume_internal_linux.go
@@ -104,7 +104,7 @@ func (v *Volume) mount() error {
 
 	logrus.Debugf("Running mount command: %s %s", mountPath, strings.Join(mountArgs, " "))
 	if output, err := mountCmd.CombinedOutput(); err != nil {
-		logrus.Debugf("Mount failed with %v", err)
+		logrus.Debugf("Mount %v failed with %v", mountCmd, err)
 		return errors.Wrapf(errors.Errorf(string(output)), "error mounting volume %s", v.Name())
 	}