8 files changed, 330 insertions, 66 deletions

diff --git a/pkg/domain/infra/abi/auto-update.go b/pkg/domain/infra/abi/auto-update.go
index aa20664b4..9fcc451fd 100644
--- a/pkg/domain/infra/abi/auto-update.go
+++ b/pkg/domain/infra/abi/auto-update.go
@@ -7,7 +7,11 @@ import (
 	"github.com/containers/libpod/pkg/domain/entities"
 )
 
-func (ic *ContainerEngine) AutoUpdate(ctx context.Context) (*entities.AutoUpdateReport, []error) {
-	units, failures := autoupdate.AutoUpdate(ic.Libpod)
+func (ic *ContainerEngine) AutoUpdate(ctx context.Context, options entities.AutoUpdateOptions) (*entities.AutoUpdateReport, []error) {
+	// Convert the entities options to the autoupdate ones.  We can't use
+	// them in the entities package as low-level packages must not leak
+	// into the remote client.
+	autoOpts := autoupdate.Options{Authfile: options.Authfile}
+	units, failures := autoupdate.AutoUpdate(ic.Libpod, autoOpts)
 	return &entities.AutoUpdateReport{Units: units}, failures
 }
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 249e8147c..b4e38ca23 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -434,6 +434,7 @@ func (ic *ContainerEngine) ContainerCheckpoint(ctx context.Context, namesOrIds [
 		TCPEstablished: options.TCPEstablished,
 		TargetFile:     options.Export,
 		IgnoreRootfs:   options.IgnoreRootFS,
+		KeepRunning:    options.LeaveRunning,
 	}
 
 	if options.All {
@@ -535,7 +536,22 @@ func (ic *ContainerEngine) ContainerAttach(ctx context.Context, nameOrId string,
 	return nil
 }
 
-func (ic *ContainerEngine) ContainerExec(ctx context.Context, nameOrId string, options entities.ExecOptions) (int, error) {
+func makeExecConfig(options entities.ExecOptions) *libpod.ExecConfig {
+	execConfig := new(libpod.ExecConfig)
+	execConfig.Command = options.Cmd
+	execConfig.Terminal = options.Tty
+	execConfig.Privileged = options.Privileged
+	execConfig.Environment = options.Envs
+	execConfig.User = options.User
+	execConfig.WorkDir = options.WorkDir
+	execConfig.DetachKeys = &options.DetachKeys
+	execConfig.PreserveFDs = options.PreserveFDs
+	execConfig.AttachStdin = options.Interactive
+
+	return execConfig
+}
+
+func checkExecPreserveFDs(options entities.ExecOptions) (int, error) {
 	ec := define.ExecErrorCodeGeneric
 	if options.PreserveFDs > 0 {
 		entries, err := ioutil.ReadDir("/proc/self/fd")
@@ -558,15 +574,66 @@ func (ic *ContainerEngine) ContainerExec(ctx context.Context, nameOrId string, o
 			}
 		}
 	}
+	return ec, nil
+}
+
+func (ic *ContainerEngine) ContainerExec(ctx context.Context, nameOrId string, options entities.ExecOptions, streams define.AttachStreams) (int, error) {
+	ec, err := checkExecPreserveFDs(options)
+	if err != nil {
+		return ec, err
+	}
 	ctrs, err := getContainersByContext(false, options.Latest, []string{nameOrId}, ic.Libpod)
 	if err != nil {
 		return ec, err
 	}
 	ctr := ctrs[0]
-	ec, err = terminal.ExecAttachCtr(ctx, ctr, options.Tty, options.Privileged, options.Envs, options.Cmd, options.User, options.WorkDir, &options.Streams, options.PreserveFDs, options.DetachKeys)
+
+	execConfig := makeExecConfig(options)
+
+	ec, err = terminal.ExecAttachCtr(ctx, ctr, execConfig, &streams)
 	return define.TranslateExecErrorToExitCode(ec, err), err
 }
 
+func (ic *ContainerEngine) ContainerExecDetached(ctx context.Context, nameOrId string, options entities.ExecOptions) (string, error) {
+	_, err := checkExecPreserveFDs(options)
+	if err != nil {
+		return "", err
+	}
+	ctrs, err := getContainersByContext(false, options.Latest, []string{nameOrId}, ic.Libpod)
+	if err != nil {
+		return "", err
+	}
+	ctr := ctrs[0]
+
+	execConfig := makeExecConfig(options)
+
+	// Make an exit command
+	storageConfig := ic.Libpod.StorageConfig()
+	runtimeConfig, err := ic.Libpod.GetConfig()
+	if err != nil {
+		return "", errors.Wrapf(err, "error retrieving Libpod configuration to build exec exit command")
+	}
+	podmanPath, err := os.Executable()
+	if err != nil {
+		return "", errors.Wrapf(err, "error retrieving executable to build exec exit command")
+	}
+	// TODO: Add some ability to toggle syslog
+	exitCommandArgs := generate.CreateExitCommandArgs(storageConfig, runtimeConfig, podmanPath, false, true, true)
+	execConfig.ExitCommand = exitCommandArgs
+
+	// Create and start the exec session
+	id, err := ctr.ExecCreate(execConfig)
+	if err != nil {
+		return "", err
+	}
+
+	// TODO: we should try and retrieve exit code if this fails.
+	if err := ctr.ExecStart(id); err != nil {
+		return "", err
+	}
+	return id, nil
+}
+
 func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []string, options entities.ContainerStartOptions) ([]*entities.ContainerStartReport, error) {
 	var reports []*entities.ContainerStartReport
 	var exitCode = define.ExecErrorCodeGeneric
@@ -835,6 +902,20 @@ func (ic *ContainerEngine) ContainerCleanup(ctx context.Context, namesOrIds []st
 	for _, ctr := range ctrs {
 		var err error
 		report := entities.ContainerCleanupReport{Id: ctr.ID()}
+
+		if options.Exec != "" {
+			if options.Remove {
+				if err := ctr.ExecRemove(options.Exec, false); err != nil {
+					return nil, err
+				}
+			} else {
+				if err := ctr.ExecCleanup(options.Exec); err != nil {
+					return nil, err
+				}
+			}
+			return []*entities.ContainerCleanupReport{}, nil
+		}
+
 		if options.Remove {
 			err = ic.Libpod.RemoveContainer(ctx, ctr, false, true)
 			if err != nil {
diff --git a/pkg/domain/infra/abi/healthcheck.go b/pkg/domain/infra/abi/healthcheck.go
index 351bf4f7e..4e925ef56 100644
--- a/pkg/domain/infra/abi/healthcheck.go
+++ b/pkg/domain/infra/abi/healthcheck.go
@@ -3,7 +3,6 @@ package abi
 import (
 	"context"
 
-	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/pkg/domain/entities"
 )
@@ -13,9 +12,9 @@ func (ic *ContainerEngine) HealthCheckRun(ctx context.Context, nameOrId string,
 	if err != nil {
 		return nil, err
 	}
-	hcStatus := "unhealthy"
-	if status == libpod.HealthCheckSuccess {
-		hcStatus = "healthy"
+	hcStatus := define.HealthCheckUnhealthy
+	if status == define.HealthCheckSuccess {
+		hcStatus = define.HealthCheckHealthy
 	}
 	report := define.HealthCheckResults{
 		Status: hcStatus,
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 7ab5131f0..6e774df8e 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -4,14 +4,22 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"io/ioutil"
+	"net/url"
 	"os"
+	"path/filepath"
+	"strconv"
 	"strings"
 
+	"github.com/containers/libpod/pkg/rootless"
+
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/docker"
 	dockerarchive "github.com/containers/image/v5/docker/archive"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/manifest"
+	"github.com/containers/image/v5/signature"
+	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/libpod/define"
@@ -19,6 +27,7 @@ import (
 	libpodImage "github.com/containers/libpod/libpod/image"
 	"github.com/containers/libpod/pkg/domain/entities"
 	domainUtils "github.com/containers/libpod/pkg/domain/utils"
+	"github.com/containers/libpod/pkg/trust"
 	"github.com/containers/libpod/pkg/util"
 	"github.com/containers/storage"
 	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
@@ -26,6 +35,9 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
+// SignatureStoreDir defines default directory to store signatures
+const SignatureStoreDir = "/var/lib/containers/sigstore"
+
 func (ir *ImageEngine) Exists(_ context.Context, nameOrId string) (*entities.BoolReport, error) {
 	_, err := ir.Libpod.ImageRuntime().NewFromLocal(nameOrId)
 	if err != nil && errors.Cause(err) != define.ErrNoSuchImage {
@@ -549,3 +561,145 @@ func (ir *ImageEngine) Shutdown(_ context.Context) {
 		_ = ir.Libpod.Shutdown(false)
 	})
 }
+
+func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entities.SignOptions) (*entities.SignReport, error) {
+	dockerRegistryOptions := image.DockerRegistryOptions{
+		DockerCertPath: options.CertDir,
+	}
+
+	mech, err := signature.NewGPGSigningMechanism()
+	if err != nil {
+		return nil, errors.Wrap(err, "error initializing GPG")
+	}
+	defer mech.Close()
+	if err := mech.SupportsSigning(); err != nil {
+		return nil, errors.Wrap(err, "signing is not supported")
+	}
+	sc := ir.Libpod.SystemContext()
+	sc.DockerCertPath = options.CertDir
+
+	systemRegistriesDirPath := trust.RegistriesDirPath(sc)
+	registryConfigs, err := trust.LoadAndMergeConfig(systemRegistriesDirPath)
+	if err != nil {
+		return nil, errors.Wrapf(err, "error reading registry configuration")
+	}
+
+	for _, signimage := range names {
+		var sigStoreDir string
+		srcRef, err := alltransports.ParseImageName(signimage)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error parsing image name")
+		}
+		rawSource, err := srcRef.NewImageSource(ctx, sc)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error getting image source")
+		}
+		err = rawSource.Close()
+		if err != nil {
+			logrus.Errorf("unable to close new image source %q", err)
+		}
+		getManifest, _, err := rawSource.GetManifest(ctx, nil)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error getting getManifest")
+		}
+		dockerReference := rawSource.Reference().DockerReference()
+		if dockerReference == nil {
+			return nil, errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference()))
+		}
+
+		// create the signstore file
+		rtc, err := ir.Libpod.GetConfig()
+		if err != nil {
+			return nil, err
+		}
+		newImage, err := ir.Libpod.ImageRuntime().New(ctx, signimage, rtc.Engine.SignaturePolicyPath, "", os.Stderr, &dockerRegistryOptions, image.SigningOptions{SignBy: options.SignBy}, nil, util.PullImageMissing)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error pulling image %s", signimage)
+		}
+		if sigStoreDir == "" {
+			if rootless.IsRootless() {
+				sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore")
+			} else {
+				registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
+				if registryInfo != nil {
+					if sigStoreDir = registryInfo.SigStoreStaging; sigStoreDir == "" {
+						sigStoreDir = registryInfo.SigStore
+
+					}
+				}
+			}
+		}
+		sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
+		if err != nil {
+			return nil, errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
+		}
+		repos, err := newImage.RepoDigests()
+		if err != nil {
+			return nil, errors.Wrapf(err, "error calculating repo digests for %s", signimage)
+		}
+		if len(repos) == 0 {
+			logrus.Errorf("no repodigests associated with the image %s", signimage)
+			continue
+		}
+
+		// create signature
+		newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy)
+		if err != nil {
+			return nil, errors.Wrapf(err, "error creating new signature")
+		}
+
+		trimmedDigest := strings.TrimPrefix(repos[0], strings.Split(repos[0], "/")[0])
+		sigStoreDir = filepath.Join(sigStoreDir, strings.Replace(trimmedDigest, ":", "=", 1))
+		if err := os.MkdirAll(sigStoreDir, 0751); err != nil {
+			// The directory is allowed to exist
+			if !os.IsExist(err) {
+				logrus.Errorf("error creating directory %s: %s", sigStoreDir, err)
+				continue
+			}
+		}
+		sigFilename, err := getSigFilename(sigStoreDir)
+		if err != nil {
+			logrus.Errorf("error creating sigstore file: %v", err)
+			continue
+		}
+		err = ioutil.WriteFile(filepath.Join(sigStoreDir, sigFilename), newSig, 0644)
+		if err != nil {
+			logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
+			continue
+		}
+	}
+	return nil, nil
+}
+
+func getSigFilename(sigStoreDirPath string) (string, error) {
+	sigFileSuffix := 1
+	sigFiles, err := ioutil.ReadDir(sigStoreDirPath)
+	if err != nil {
+		return "", err
+	}
+	sigFilenames := make(map[string]bool)
+	for _, file := range sigFiles {
+		sigFilenames[file.Name()] = true
+	}
+	for {
+		sigFilename := "signature-" + strconv.Itoa(sigFileSuffix)
+		if _, exists := sigFilenames[sigFilename]; !exists {
+			return sigFilename, nil
+		}
+		sigFileSuffix++
+	}
+}
+
+func isValidSigStoreDir(sigStoreDir string) (string, error) {
+	writeURIs := map[string]bool{"file": true}
+	url, err := url.Parse(sigStoreDir)
+	if err != nil {
+		return sigStoreDir, errors.Wrapf(err, "invalid directory %s", sigStoreDir)
+	}
+	_, exists := writeURIs[url.Scheme]
+	if !exists {
+		return sigStoreDir, errors.Errorf("writing to %s is not supported. Use a supported scheme", sigStoreDir)
+	}
+	sigStoreDir = url.Path
+	return sigStoreDir, nil
+}
diff --git a/pkg/domain/infra/abi/images_list.go b/pkg/domain/infra/abi/images_list.go
index c559e250c..3034e36ec 100644
--- a/pkg/domain/infra/abi/images_list.go
+++ b/pkg/domain/infra/abi/images_list.go
@@ -13,14 +13,7 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
 		err    error
 	)
 
-	// TODO: Future work support for domain.Filters
-	// filters := utils.ToLibpodFilters(opts.Filters)
-
-	if len(opts.Filter) > 0 {
-		images, err = ir.Libpod.ImageRuntime().GetImagesWithFilters(opts.Filter)
-	} else {
-		images, err = ir.Libpod.ImageRuntime().GetImages()
-	}
+	images, err = ir.Libpod.ImageRuntime().GetImagesWithFilters(opts.Filter)
 	if err != nil {
 		return nil, err
 	}
@@ -40,9 +33,18 @@ func (ir *ImageEngine) List(ctx context.Context, opts entities.ImageListOptions)
 				}
 			}
 		} else {
-			repoTags, _ = img.RepoTags()
-			if len(repoTags) == 0 {
-				continue
+			repoTags, err = img.RepoTags()
+			if err != nil {
+				return nil, err
+			}
+			if len(img.Names()) == 0 {
+				parent, err := img.IsParent(ctx)
+				if err != nil {
+					return nil, err
+				}
+				if parent {
+					continue
+				}
 			}
 		}
 
diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go
index 5c39b5374..8e3515824 100644
--- a/pkg/domain/infra/abi/network.go
+++ b/pkg/domain/infra/abi/network.go
@@ -6,7 +6,9 @@ import (
 	"fmt"
 	"io/ioutil"
 	"path/filepath"
+	"strings"
 
+	"github.com/containernetworking/cni/libcni"
 	cniversion "github.com/containernetworking/cni/pkg/version"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/pkg/domain/entities"
@@ -15,32 +17,32 @@ import (
 	"github.com/pkg/errors"
 )
 
-func getCNIConfDir(r *libpod.Runtime) (string, error) {
-	config, err := r.GetConfig()
-	if err != nil {
-		return "", err
-	}
-	configPath := config.Network.NetworkConfigDir
-
-	if len(config.Network.NetworkConfigDir) < 1 {
-		configPath = network.CNIConfigDir
-	}
-	return configPath, nil
-}
-
 func (ic *ContainerEngine) NetworkList(ctx context.Context, options entities.NetworkListOptions) ([]*entities.NetworkListReport, error) {
 	var reports []*entities.NetworkListReport
-	cniConfigPath, err := getCNIConfDir(ic.Libpod)
+
+	config, err := ic.Libpod.GetConfig()
 	if err != nil {
 		return nil, err
 	}
-	networks, err := network.LoadCNIConfsFromDir(cniConfigPath)
+
+	networks, err := network.LoadCNIConfsFromDir(network.GetCNIConfDir(config))
 	if err != nil {
 		return nil, err
 	}
 
+	var tokens []string
+	// tokenize the networkListOptions.Filter in key=value.
+	if len(options.Filter) > 0 {
+		tokens = strings.Split(options.Filter, "=")
+		if len(tokens) != 2 {
+			return nil, fmt.Errorf("invalid filter syntax : %s", options.Filter)
+		}
+	}
+
 	for _, n := range networks {
-		reports = append(reports, &entities.NetworkListReport{NetworkConfigList: n})
+		if ifPassesFilterTest(n, tokens) {
+			reports = append(reports, &entities.NetworkListReport{NetworkConfigList: n})
+		}
 	}
 	return reports, nil
 }
@@ -49,8 +51,14 @@ func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []stri
 	var (
 		rawCNINetworks []entities.NetworkInspectReport
 	)
+
+	config, err := ic.Libpod.GetConfig()
+	if err != nil {
+		return nil, err
+	}
+
 	for _, name := range namesOrIds {
-		rawList, err := network.InspectNetwork(name)
+		rawList, err := network.InspectNetwork(config, name)
 		if err != nil {
 			return nil, err
 		}
@@ -61,6 +69,12 @@ func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []stri
 
 func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, options entities.NetworkRmOptions) ([]*entities.NetworkRmReport, error) {
 	var reports []*entities.NetworkRmReport
+
+	config, err := ic.Libpod.GetConfig()
+	if err != nil {
+		return nil, err
+	}
+
 	for _, name := range namesOrIds {
 		report := entities.NetworkRmReport{Name: name}
 		containers, err := ic.Libpod.GetAllContainers()
@@ -80,7 +94,7 @@ func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, o
 				}
 			}
 		}
-		if err := network.RemoveNetwork(name); err != nil {
+		if err := network.RemoveNetwork(config, name); err != nil {
 			report.Err = err
 		}
 		reports = append(reports, &report)
@@ -117,10 +131,10 @@ func createBridge(r *libpod.Runtime, name string, options entities.NetworkCreate
 	// if range is provided, make sure it is "in" network
 	if subnet.IP != nil {
 		// if network is provided, does it conflict with existing CNI or live networks
-		err = network.ValidateUserNetworkIsAvailable(subnet)
+		err = network.ValidateUserNetworkIsAvailable(runtimeConfig, subnet)
 	} else {
 		// if no network is provided, figure out network
-		subnet, err = network.GetFreeNetwork()
+		subnet, err = network.GetFreeNetwork(runtimeConfig)
 	}
 	if err != nil {
 		return "", err
@@ -158,13 +172,13 @@ func createBridge(r *libpod.Runtime, name string, options entities.NetworkCreate
 			return "", errors.Errorf("the ip range %s does not fall within the subnet range %s", options.Range.String(), subnet.String())
 		}
 	}
-	bridgeDeviceName, err := network.GetFreeDeviceName()
+	bridgeDeviceName, err := network.GetFreeDeviceName(runtimeConfig)
 	if err != nil {
 		return "", err
 	}
 
 	if len(name) > 0 {
-		netNames, err := network.GetNetworkNamesFromFileSystem()
+		netNames, err := network.GetNetworkNamesFromFileSystem(runtimeConfig)
 		if err != nil {
 			return "", err
 		}
@@ -205,11 +219,7 @@ func createBridge(r *libpod.Runtime, name string, options entities.NetworkCreate
 	if err != nil {
 		return "", err
 	}
-	cniConfigPath, err := getCNIConfDir(r)
-	if err != nil {
-		return "", err
-	}
-	cniPathName := filepath.Join(cniConfigPath, fmt.Sprintf("%s.conflist", name))
+	cniPathName := filepath.Join(network.GetCNIConfDir(runtimeConfig), fmt.Sprintf("%s.conflist", name))
 	err = ioutil.WriteFile(cniPathName, b, 0644)
 	return cniPathName, err
 }
@@ -222,12 +232,18 @@ func createMacVLAN(r *libpod.Runtime, name string, options entities.NetworkCreat
 	if err != nil {
 		return "", err
 	}
+
+	config, err := r.GetConfig()
+	if err != nil {
+		return "", err
+	}
+
 	// Make sure the host-device exists
 	if !util.StringInSlice(options.MacVLAN, liveNetNames) {
 		return "", errors.Errorf("failed to find network interface %q", options.MacVLAN)
 	}
 	if len(name) > 0 {
-		netNames, err := network.GetNetworkNamesFromFileSystem()
+		netNames, err := network.GetNetworkNamesFromFileSystem(config)
 		if err != nil {
 			return "", err
 		}
@@ -235,7 +251,7 @@ func createMacVLAN(r *libpod.Runtime, name string, options entities.NetworkCreat
 			return "", errors.Errorf("the network name %s is already used", name)
 		}
 	} else {
-		name, err = network.GetFreeDeviceName()
+		name, err = network.GetFreeDeviceName(config)
 		if err != nil {
 			return "", err
 		}
@@ -248,11 +264,29 @@ func createMacVLAN(r *libpod.Runtime, name string, options entities.NetworkCreat
 	if err != nil {
 		return "", err
 	}
-	cniConfigPath, err := getCNIConfDir(r)
-	if err != nil {
-		return "", err
-	}
-	cniPathName := filepath.Join(cniConfigPath, fmt.Sprintf("%s.conflist", name))
+	cniPathName := filepath.Join(network.GetCNIConfDir(config), fmt.Sprintf("%s.conflist", name))
 	err = ioutil.WriteFile(cniPathName, b, 0644)
 	return cniPathName, err
 }
+
+func ifPassesFilterTest(netconf *libcni.NetworkConfigList, filter []string) bool {
+	result := false
+	if len(filter) == 0 {
+		// No filter, so pass
+		return true
+	}
+	switch strings.ToLower(filter[0]) {
+	case "name":
+		if filter[1] == netconf.Name {
+			result = true
+		}
+	case "plugin":
+		plugins := network.GetCNIPlugins(netconf)
+		if strings.Contains(plugins, filter[1]) {
+			result = true
+		}
+	default:
+		result = false
+	}
+	return result
+}
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index d701d65de..af2ec5f7b 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -375,7 +375,7 @@ func sizeOfPath(path string) (int64, error) {
 	return size, err
 }
 
-func (se *SystemEngine) Reset(ctx context.Context, options entities.SystemResetOptions) error {
+func (se *SystemEngine) Reset(ctx context.Context) error {
 	return se.Libpod.Reset(ctx)
 }
 
diff --git a/pkg/domain/infra/abi/terminal/terminal_linux.go b/pkg/domain/infra/abi/terminal/terminal_linux.go
index 15701342f..8d9cdde03 100644
--- a/pkg/domain/infra/abi/terminal/terminal_linux.go
+++ b/pkg/domain/infra/abi/terminal/terminal_linux.go
@@ -15,13 +15,13 @@ import (
 )
 
 // ExecAttachCtr execs and attaches to a container
-func ExecAttachCtr(ctx context.Context, ctr *libpod.Container, tty, privileged bool, env map[string]string, cmd []string, user, workDir string, streams *define.AttachStreams, preserveFDs uint, detachKeys string) (int, error) {
+func ExecAttachCtr(ctx context.Context, ctr *libpod.Container, execConfig *libpod.ExecConfig, streams *define.AttachStreams) (int, error) {
 	resize := make(chan remotecommand.TerminalSize)
 	haveTerminal := terminal.IsTerminal(int(os.Stdin.Fd()))
 
 	// Check if we are attached to a terminal. If we are, generate resize
 	// events, and set the terminal to raw mode
-	if haveTerminal && tty {
+	if haveTerminal && execConfig.Terminal {
 		cancel, oldTermState, err := handleTerminalAttach(ctx, resize)
 		if err != nil {
 			return -1, err
@@ -34,16 +34,6 @@ func ExecAttachCtr(ctx context.Context, ctr *libpod.Container, tty, privileged b
 		}()
 	}
 
-	execConfig := new(libpod.ExecConfig)
-	execConfig.Command = cmd
-	execConfig.Terminal = tty
-	execConfig.Privileged = privileged
-	execConfig.Environment = env
-	execConfig.User = user
-	execConfig.WorkDir = workDir
-	execConfig.DetachKeys = &detachKeys
-	execConfig.PreserveFDs = preserveFDs
-
 	return ctr.Exec(execConfig, streams, resize)
 }