8 files changed, 86 insertions, 20 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index d4384b791..b9805faa3 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1513,8 +1513,8 @@ func (c *Container) mountStorage() (_ string, deferredErr error) {
 	mountPoint := c.config.Rootfs
 	// Check if overlay has to be created on top of Rootfs
 	if c.config.RootfsOverlay {
-		overlayDest := c.runtime.store.GraphRoot()
-		contentDir, err := overlay.GenerateStructure(c.runtime.store.GraphRoot(), c.ID(), "rootfs", c.RootUID(), c.RootGID())
+		overlayDest := c.runtime.RunRoot()
+		contentDir, err := overlay.GenerateStructure(overlayDest, c.ID(), "rootfs", c.RootUID(), c.RootGID())
 		if err != nil {
 			return "", errors.Wrapf(err, "rootfs-overlay: failed to create TempDir in the %s directory", overlayDest)
 		}
@@ -1739,11 +1739,11 @@ func (c *Container) cleanupStorage() error {
 
 	// umount rootfs overlay if it was created
 	if c.config.RootfsOverlay {
-		overlayBasePath := filepath.Dir(c.config.StaticDir)
-		overlayBasePath = filepath.Join(overlayBasePath, "rootfs")
+		overlayBasePath := filepath.Dir(c.state.Mountpoint)
 		if err := overlay.Unmount(overlayBasePath); err != nil {
-			// If the container can't remove content report the error
-			logrus.Errorf("Failed to cleanup overlay mounts for %s: %v", c.ID(), err)
+			if cleanupErr != nil {
+				logrus.Errorf("Failed to cleanup overlay mounts for %s: %v", c.ID(), err)
+			}
 			cleanupErr = err
 		}
 	}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index d3151f7e0..2fd519990 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1546,6 +1546,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
 	logrus.Debugf("Restored container %s", c.ID())
 
 	c.state.State = define.ContainerStateRunning
+	c.state.Checkpointed = false
 
 	if !options.Keep {
 		// Delete all checkpoint related files. At this point, in theory, all files
diff --git a/libpod/container_log_linux.go b/libpod/container_log_linux.go
index 562169ce2..4029d0af7 100644
--- a/libpod/container_log_linux.go
+++ b/libpod/container_log_linux.go
@@ -121,7 +121,24 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption
 		}()
 
 		tailQueue := []*logs.LogLine{} // needed for options.Tail
-		doTail := options.Tail > 0
+		doTail := options.Tail >= 0
+		doTailFunc := func() {
+			// Flush *once* we hit the end of the journal.
+			startIndex := int64(len(tailQueue))
+			outputLines := int64(0)
+			for startIndex > 0 && outputLines < options.Tail {
+				startIndex--
+				for startIndex > 0 && tailQueue[startIndex].Partial() {
+					startIndex--
+				}
+				outputLines++
+			}
+			for i := startIndex; i < int64(len(tailQueue)); i++ {
+				logChannel <- tailQueue[i]
+			}
+			tailQueue = nil
+			doTail = false
+		}
 		lastReadCursor := ""
 		for {
 			select {
@@ -152,16 +169,7 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption
 			// Hit the end of the journal (so far?).
 			if cursor == lastReadCursor {
 				if doTail {
-					// Flush *once* we hit the end of the journal.
-					startIndex := int64(len(tailQueue)-1) - options.Tail
-					if startIndex < 0 {
-						startIndex = 0
-					}
-					for i := startIndex; i < int64(len(tailQueue)); i++ {
-						logChannel <- tailQueue[i]
-					}
-					tailQueue = nil
-					doTail = false
+					doTailFunc()
 				}
 				// Unless we follow, quit.
 				if !options.Follow {
@@ -194,6 +202,9 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption
 					return
 				}
 				if status == events.Exited {
+					if doTail {
+						doTailFunc()
+					}
 					return
 				}
 				continue
diff --git a/libpod/container_path_resolution.go b/libpod/container_path_resolution.go
index bb2ef1a73..7db23b783 100644
--- a/libpod/container_path_resolution.go
+++ b/libpod/container_path_resolution.go
@@ -161,7 +161,7 @@ func isPathOnBindMount(c *Container, containerPath string) bool {
 		if cleanedContainerPath == filepath.Clean(m.Destination) {
 			return true
 		}
-		for dest := m.Destination; dest != "/"; dest = filepath.Dir(dest) {
+		for dest := m.Destination; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
 			if cleanedContainerPath == dest {
 				return true
 			}
diff --git a/libpod/kube.go b/libpod/kube.go
index 02ac8ed98..ad5acea78 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v3/libpod/define"
 	"github.com/containers/podman/v3/libpod/network/types"
 	"github.com/containers/podman/v3/pkg/env"
@@ -468,11 +469,23 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
 
 	kubeContainer.Name = removeUnderscores(c.Name())
 	_, image := c.Image()
+
+	// The infra container may have been created with an overlay root FS
+	// instead of an infra image.  If so, set the imageto the default K8s
+	// pause one and make sure it's in the storage by pulling it down if
+	// missing.
+	if image == "" && c.IsInfra() {
+		image = config.DefaultInfraImage
+		if _, err := c.runtime.libimageRuntime.Pull(ctx, image, config.PullPolicyMissing, nil); err != nil {
+			return kubeContainer, nil, nil, nil, err
+		}
+	}
+
 	kubeContainer.Image = image
 	kubeContainer.Stdin = c.Stdin()
 	img, _, err := c.runtime.libimageRuntime.LookupImage(image, nil)
 	if err != nil {
-		return kubeContainer, kubeVolumes, nil, annotations, err
+		return kubeContainer, kubeVolumes, nil, annotations, fmt.Errorf("looking up image %q of container %q: %w", image, c.ID(), err)
 	}
 	imgData, err := img.Inspect(ctx, nil)
 	if err != nil {
diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go
index ffd53ec2b..56e8eca99 100644
--- a/libpod/networking_slirp4netns.go
+++ b/libpod/networking_slirp4netns.go
@@ -16,6 +16,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containers/podman/v3/pkg/errorhandling"
 	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/pkg/rootlessport"
@@ -58,6 +59,8 @@ type slirp4netnsNetworkOptions struct {
 	outboundAddr6       string
 }
 
+const ipv6ConfDefaultAcceptDadSysctl = "/proc/sys/net/ipv6/conf/default/accept_dad"
+
 func checkSlirpFlags(path string) (*slirpFeatures, error) {
 	cmd := exec.Command(path, "--help")
 	out, err := cmd.CombinedOutput()
@@ -297,6 +300,39 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	}
 	cmd.Stdout = logFile
 	cmd.Stderr = logFile
+
+	var slirpReadyChan (chan struct{})
+
+	if netOptions.enableIPv6 {
+		slirpReadyChan = make(chan struct{})
+		defer close(slirpReadyChan)
+		go func() {
+			err := ns.WithNetNSPath(netnsPath, func(_ ns.NetNS) error {
+				// Duplicate Address Detection slows the ipv6 setup down for 1-2 seconds.
+				// Since slirp4netns is run it is own namespace and not directly routed
+				// we can skip this to make the ipv6 address immediately available.
+				// We change the default to make sure the slirp tap interface gets the
+				// correct value assigned so DAD is disabled for it
+				// Also make sure to change this value back to the original after slirp4netns
+				// is ready in case users rely on this sysctl.
+				orgValue, err := ioutil.ReadFile(ipv6ConfDefaultAcceptDadSysctl)
+				if err != nil {
+					return err
+				}
+				err = ioutil.WriteFile(ipv6ConfDefaultAcceptDadSysctl, []byte("0"), 0644)
+				if err != nil {
+					return err
+				}
+				// wait for slirp to finish setup
+				<-slirpReadyChan
+				return ioutil.WriteFile(ipv6ConfDefaultAcceptDadSysctl, orgValue, 0644)
+			})
+			if err != nil {
+				logrus.Warnf("failed to set net.ipv6.conf.default.accept_dad sysctl: %v", err)
+			}
+		}()
+	}
+
 	if err := cmd.Start(); err != nil {
 		return errors.Wrapf(err, "failed to start slirp4netns process")
 	}
@@ -310,6 +346,9 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
 	if err := waitForSync(syncR, cmd, logFile, 1*time.Second); err != nil {
 		return err
 	}
+	if slirpReadyChan != nil {
+		slirpReadyChan <- struct{}{}
+	}
 
 	// Set a default slirp subnet. Parsing a string with the net helper is easier than building the struct myself
 	_, ctr.slirp4netnsSubnet, _ = net.ParseCIDR(defaultSlirp4netnsSubnet)
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 1719b2dfa..db906fabb 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1016,7 +1016,7 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
 	}
 
 	if ctr.config.CgroupsMode == cgroupSplit {
-		if err := utils.MoveUnderCgroupSubtree("supervisor"); err != nil {
+		if err := utils.MoveUnderCgroupSubtree("runtime"); err != nil {
 			return err
 		}
 	}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 855f3a9f9..b01f8dd13 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -543,6 +543,8 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) {
 				return err
 			}
 			if became {
+				// Check if the pause process was created.  If it was created, then
+				// move it to its own systemd scope.
 				utils.MovePauseProcessToScope(pausePid)
 				os.Exit(ret)
 			}