5 files changed, 329 insertions, 8 deletions
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 7f8ec210b..f464df3ac 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -6,11 +6,13 @@ import (
 	"context"
 	"fmt"
 	"io/ioutil"
+	"os"
 	"strconv"
 	"strings"
 	"sync"
 
 	"github.com/containers/buildah"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/manifest"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/define"
@@ -21,9 +23,11 @@ import (
 	"github.com/containers/libpod/pkg/domain/entities"
 	"github.com/containers/libpod/pkg/domain/infra/abi/terminal"
 	"github.com/containers/libpod/pkg/ps"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/libpod/pkg/signal"
 	"github.com/containers/libpod/pkg/specgen"
 	"github.com/containers/libpod/pkg/specgen/generate"
+	"github.com/containers/storage"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -794,3 +798,104 @@ func (ic *ContainerEngine) ContainerCleanup(ctx context.Context, namesOrIds []st
 	}
 	return reports, nil
 }
+
+func (ic *ContainerEngine) ContainerInit(ctx context.Context, namesOrIds []string, options entities.ContainerInitOptions) ([]*entities.ContainerInitReport, error) {
+	var reports []*entities.ContainerInitReport
+	ctrs, err := getContainersByContext(options.All, options.Latest, namesOrIds, ic.Libpod)
+	if err != nil {
+		return nil, err
+	}
+	for _, ctr := range ctrs {
+		report := entities.ContainerInitReport{Id: ctr.ID()}
+		report.Err = ctr.Init(ctx)
+		reports = append(reports, &report)
+	}
+	return reports, nil
+}
+
+func (ic *ContainerEngine) ContainerMount(ctx context.Context, nameOrIds []string, options entities.ContainerMountOptions) ([]*entities.ContainerMountReport, error) {
+	if os.Geteuid() != 0 {
+		if driver := ic.Libpod.StorageConfig().GraphDriverName; driver != "vfs" {
+			// Do not allow to mount a graphdriver that is not vfs if we are creating the userns as part
+			// of the mount command.
+			return nil, fmt.Errorf("cannot mount using driver %s in rootless mode", driver)
+		}
+
+		became, ret, err := rootless.BecomeRootInUserNS("")
+		if err != nil {
+			return nil, err
+		}
+		if became {
+			os.Exit(ret)
+		}
+	}
+	var reports []*entities.ContainerMountReport
+	ctrs, err := getContainersByContext(options.All, options.Latest, nameOrIds, ic.Libpod)
+	if err != nil {
+		return nil, err
+	}
+	for _, ctr := range ctrs {
+		report := entities.ContainerMountReport{Id: ctr.ID()}
+		report.Path, report.Err = ctr.Mount()
+		reports = append(reports, &report)
+	}
+	if len(reports) > 0 {
+		return reports, nil
+	}
+
+	// No containers were passed, so we send back what is mounted
+	ctrs, err = getContainersByContext(true, false, []string{}, ic.Libpod)
+	if err != nil {
+		return nil, err
+	}
+	for _, ctr := range ctrs {
+		mounted, path, err := ctr.Mounted()
+		if err != nil {
+			return nil, err
+		}
+
+		if mounted {
+			reports = append(reports, &entities.ContainerMountReport{
+				Id:   ctr.ID(),
+				Name: ctr.Name(),
+				Path: path,
+			})
+		}
+	}
+	return reports, nil
+}
+
+func (ic *ContainerEngine) ContainerUnmount(ctx context.Context, nameOrIds []string, options entities.ContainerUnmountOptions) ([]*entities.ContainerUnmountReport, error) {
+	var reports []*entities.ContainerUnmountReport
+	ctrs, err := getContainersByContext(options.All, options.Latest, nameOrIds, ic.Libpod)
+	if err != nil {
+		return nil, err
+	}
+	for _, ctr := range ctrs {
+		state, err := ctr.State()
+		if err != nil {
+			logrus.Debugf("Error umounting container %s state: %s", ctr.ID(), err.Error())
+			continue
+		}
+		if state == define.ContainerStateRunning {
+			logrus.Debugf("Error umounting container %s, is running", ctr.ID())
+			continue
+		}
+
+		report := entities.ContainerUnmountReport{Id: ctr.ID()}
+		if err := ctr.Unmount(options.Force); err != nil {
+			if options.All && errors.Cause(err) == storage.ErrLayerNotMounted {
+				logrus.Debugf("Error umounting container %s, storage.ErrLayerNotMounted", ctr.ID())
+				continue
+			}
+			report.Err = errors.Wrapf(err, "error unmounting container %s", ctr.ID())
+		}
+		reports = append(reports, &report)
+	}
+	return reports, nil
+}
+
+// GetConfig returns a copy of the configuration used by the runtime
+func (ic *ContainerEngine) Config(_ context.Context) (*config.Config, error) {
+	return ic.Libpod.GetConfig()
+}
diff --git a/pkg/domain/infra/abi/events.go b/pkg/domain/infra/abi/events.go
new file mode 100644
index 000000000..9540a5b96
--- /dev/null
+++ b/pkg/domain/infra/abi/events.go
@@ -0,0 +1,18 @@
+//+build ABISupport
+
+package abi
+
+import (
+	"context"
+
+	"github.com/containers/libpod/libpod/events"
+	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/sirupsen/logrus"
+)
+
+func (ic *ContainerEngine) Events(ctx context.Context, opts entities.EventsOptions) error {
+	readOpts := events.ReadOptions{FromStart: opts.FromStart, Stream: opts.Stream, Filters: opts.Filter, EventChannel: opts.EventChan, Since: opts.Since, Until: opts.Until}
+	err := ic.Libpod.Events(readOpts)
+	logrus.Error(err)
+	return err
+}
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 24ee596be..9467c14d4 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/docker"
 	dockerarchive "github.com/containers/image/v5/docker/archive"
 	"github.com/containers/image/v5/docker/reference"
@@ -45,7 +46,9 @@ func (ir *ImageEngine) Delete(ctx context.Context, nameOrId []string, opts entit
 		if err != nil {
 			return &report, errors.Wrapf(err, "unable to query local images")
 		}
-
+		if len(targets) == 0 {
+			return &report, nil
+		}
 		if len(targets) > 0 && len(targets) == len(previousTargets) {
 			return &report, errors.New("unable to delete all images; re-run the rmi command again.")
 		}
@@ -142,7 +145,7 @@ func (ir *ImageEngine) History(ctx context.Context, nameOrId string, opts entiti
 func ToDomainHistoryLayer(layer *libpodImage.History) entities.ImageHistoryLayer {
 	l := entities.ImageHistoryLayer{}
 	l.ID = layer.ID
-	l.Created = layer.Created.Unix()
+	l.Created = *layer.Created
 	l.CreatedBy = layer.CreatedBy
 	copy(l.Tags, layer.Tags)
 	l.Size = layer.Size
@@ -394,8 +397,10 @@ func (ir *ImageEngine) Load(ctx context.Context, opts entities.ImageLoadOptions)
 	if err != nil {
 		return nil, errors.Wrap(err, "image loaded but no additional tags were created")
 	}
-	if err := newImage.TagImage(opts.Name); err != nil {
-		return nil, errors.Wrapf(err, "error adding %q to image %q", opts.Name, newImage.InputName)
+	if len(opts.Name) > 0 {
+		if err := newImage.TagImage(fmt.Sprintf("%s:%s", opts.Name, opts.Tag)); err != nil {
+			return nil, errors.Wrapf(err, "error adding %q to image %q", opts.Name, newImage.InputName)
+		}
 	}
 	return &entities.ImageLoadReport{Name: name}, nil
 }
@@ -423,3 +428,43 @@ func (ir *ImageEngine) Diff(_ context.Context, nameOrId string, _ entities.DiffO
 	}
 	return &entities.DiffReport{Changes: changes}, nil
 }
+
+func (ir *ImageEngine) Search(ctx context.Context, term string, opts entities.ImageSearchOptions) ([]entities.ImageSearchReport, error) {
+	filter, err := image.ParseSearchFilter(opts.Filters)
+	if err != nil {
+		return nil, err
+	}
+
+	searchOpts := image.SearchOptions{
+		Authfile:              opts.Authfile,
+		Filter:                *filter,
+		Limit:                 opts.Limit,
+		NoTrunc:               opts.NoTrunc,
+		InsecureSkipTLSVerify: opts.TLSVerify,
+	}
+
+	searchResults, err := image.SearchImages(term, searchOpts)
+	if err != nil {
+		return nil, err
+	}
+
+	// Convert from image.SearchResults to entities.ImageSearchReport. We don't
+	// want to leak any low-level packages into the remote client, which
+	// requires converting.
+	reports := make([]entities.ImageSearchReport, len(searchResults))
+	for i := range searchResults {
+		reports[i].Index = searchResults[i].Index
+		reports[i].Name = searchResults[i].Name
+		reports[i].Description = searchResults[i].Index
+		reports[i].Stars = searchResults[i].Stars
+		reports[i].Official = searchResults[i].Official
+		reports[i].Automated = searchResults[i].Automated
+	}
+
+	return reports, nil
+}
+
+// GetConfig returns a copy of the configuration used by the runtime
+func (ir *ImageEngine) Config(_ context.Context) (*config.Config, error) {
+	return ir.Libpod.GetConfig()
+}
diff --git a/pkg/domain/infra/abi/pods.go b/pkg/domain/infra/abi/pods.go
index c3e5d59bc..bb637de3e 100644
--- a/pkg/domain/infra/abi/pods.go
+++ b/pkg/domain/infra/abi/pods.go
@@ -5,13 +5,13 @@ package abi
 import (
 	"context"
 
-	lpfilters "github.com/containers/libpod/libpod/filters"
-
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/define"
+	lpfilters "github.com/containers/libpod/libpod/filters"
 	"github.com/containers/libpod/pkg/domain/entities"
 	"github.com/containers/libpod/pkg/signal"
 	"github.com/containers/libpod/pkg/specgen"
+	"github.com/containers/libpod/pkg/specgen/generate"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -246,7 +246,7 @@ func (ic *ContainerEngine) PodRm(ctx context.Context, namesOrIds []string, optio
 func (ic *ContainerEngine) PodCreate(ctx context.Context, opts entities.PodCreateOptions) (*entities.PodCreateReport, error) {
 	podSpec := specgen.NewPodSpecGenerator()
 	opts.ToPodSpecGen(podSpec)
-	pod, err := podSpec.MakePod(ic.Libpod)
+	pod, err := generate.MakePod(podSpec, ic.Libpod)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index 2df11cc1b..10872144b 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -4,17 +4,28 @@ package abi
 
 import (
 	"context"
+	"fmt"
+	"io/ioutil"
 	"net"
+	"os"
+	"strconv"
 	"strings"
+	"syscall"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/libpod/libpod/define"
 	api "github.com/containers/libpod/pkg/api/server"
+	"github.com/containers/libpod/pkg/cgroups"
 	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/containers/libpod/pkg/rootless"
+	"github.com/containers/libpod/pkg/util"
 	iopodman "github.com/containers/libpod/pkg/varlink"
 	iopodmanAPI "github.com/containers/libpod/pkg/varlinkapi"
+	"github.com/containers/libpod/utils"
 	"github.com/containers/libpod/version"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
 	"github.com/varlink/go/varlink"
 )
 
@@ -51,7 +62,6 @@ func (ic *ContainerEngine) RestService(_ context.Context, opts entities.ServiceO
 	}()
 
 	err = server.Serve()
-	logrus.Debugf("%d/%d Active connections/Total connections\n", server.ActiveConnections, server.TotalConnections)
 	_ = listener.Close()
 	return err
 }
@@ -89,3 +99,146 @@ func (ic *ContainerEngine) VarlinkService(_ context.Context, opts entities.Servi
 	}
 	return nil
 }
+
+func (ic *ContainerEngine) SetupRootless(cmd *cobra.Command) error {
+	// do it only after podman has already re-execed and running with uid==0.
+	if os.Geteuid() == 0 {
+		ownsCgroup, err := cgroups.UserOwnsCurrentSystemdCgroup()
+		if err != nil {
+			logrus.Warnf("Failed to detect the owner for the current cgroup: %v", err)
+		}
+		if !ownsCgroup {
+			conf, err := ic.Config(context.Background())
+			if err != nil {
+				return err
+			}
+			unitName := fmt.Sprintf("podman-%d.scope", os.Getpid())
+			if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil {
+				if conf.Engine.CgroupManager == config.SystemdCgroupsManager {
+					logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err)
+				} else {
+					logrus.Debugf("Failed to add podman to systemd sandbox cgroup: %v", err)
+				}
+			}
+		}
+	}
+
+	if !executeCommandInUserNS(cmd) {
+		return nil
+	}
+
+	pausePidPath, err := util.GetRootlessPauseProcessPidPath()
+	if err != nil {
+		return errors.Wrapf(err, "could not get pause process pid file path")
+	}
+
+	became, ret, err := rootless.TryJoinPauseProcess(pausePidPath)
+	if err != nil {
+		return err
+	}
+	if became {
+		os.Exit(ret)
+	}
+
+	// if there is no pid file, try to join existing containers, and create a pause process.
+	ctrs, err := ic.Libpod.GetRunningContainers()
+	if err != nil {
+		logrus.WithError(err).Fatal("")
+	}
+
+	paths := []string{}
+	for _, ctr := range ctrs {
+		paths = append(paths, ctr.Config().ConmonPidFile)
+	}
+
+	became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
+	if err := movePauseProcessToScope(); err != nil {
+		conf, err := ic.Config(context.Background())
+		if err != nil {
+			return err
+		}
+		if conf.Engine.CgroupManager == config.SystemdCgroupsManager {
+			logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err)
+		} else {
+			logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err)
+		}
+	}
+	if err != nil {
+		logrus.WithError(err).Fatal("")
+	}
+	if became {
+		os.Exit(ret)
+	}
+	return nil
+}
+
+// Most podman commands when run in rootless mode, need to be executed in the
+// users usernamespace.  This function is updated with a  list of commands that
+// should NOT be run within the user namespace.
+func executeCommandInUserNS(cmd *cobra.Command) bool {
+	return os.Geteuid() == 0
+	// if os.Geteuid() == 0 {
+	// 	return false
+	// }
+	// switch cmd {
+	// case _migrateCommand,
+	// 	_mountCommand,
+	// 	_renumberCommand,
+	// 	_searchCommand,
+	// 	_versionCommand:
+	// 	return false
+	// }
+	// return true
+}
+
+func movePauseProcessToScope() error {
+	pausePidPath, err := util.GetRootlessPauseProcessPidPath()
+	if err != nil {
+		return errors.Wrapf(err, "could not get pause process pid file path")
+	}
+
+	data, err := ioutil.ReadFile(pausePidPath)
+	if err != nil {
+		return errors.Wrapf(err, "cannot read pause pid file")
+	}
+	pid, err := strconv.ParseUint(string(data), 10, 0)
+	if err != nil {
+		return errors.Wrapf(err, "cannot parse pid file %s", pausePidPath)
+	}
+
+	return utils.RunUnderSystemdScope(int(pid), "user.slice", "podman-pause.scope")
+}
+
+func setRLimits() error { // nolint:deadcode,unused
+	rlimits := new(syscall.Rlimit)
+	rlimits.Cur = 1048576
+	rlimits.Max = 1048576
+	if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+		if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+			return errors.Wrapf(err, "error getting rlimits")
+		}
+		rlimits.Cur = rlimits.Max
+		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
+			return errors.Wrapf(err, "error setting new rlimits")
+		}
+	}
+	return nil
+}
+
+func setUMask() { // nolint:deadcode,unused
+	// Be sure we can create directories with 0755 mode.
+	syscall.Umask(0022)
+}
+
+// checkInput can be used to verify any of the globalopt values
+func checkInput() error { // nolint:deadcode,unused
+	return nil
+}
+
+// func getCNIPluginsDir() string {
+// 	if rootless.IsRootless() {
+// 		return ""
+// 	}
+//
+// 	return registry.PodmanOptions.Network.CNIPluginDirs[0]
+// }