2 files changed, 17 insertions, 16 deletions

diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 42fea0277..2feb1d3b2 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -100,15 +100,9 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	if err != nil {
 		return nil, err
 	}
-	// First transform the os env into a map. We need it for the labels later in
-	// any case.
-	osEnv, err := envLib.ParseSlice(os.Environ())
-	if err != nil {
-		return nil, errors.Wrap(err, "error parsing host environment variables")
-	}
 
 	// Get Default Environment from containers.conf
-	defaultEnvs, err := envLib.ParseSlice(rtc.GetDefaultEnv())
+	defaultEnvs, err := envLib.ParseSlice(rtc.GetDefaultEnvEx(s.EnvHost, s.HTTPProxy))
 	if err != nil {
 		return nil, errors.Wrap(err, "error parsing fields in containers.conf")
 	}
@@ -133,6 +127,12 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 		defaultEnvs = envLib.Join(defaultEnvs, envs)
 	}
 
+	// First transform the os env into a map. We need it for the labels later in
+	// any case.
+	osEnv, err := envLib.ParseSlice(os.Environ())
+	if err != nil {
+		return nil, errors.Wrap(err, "error parsing host environment variables")
+	}
 	// Caller Specified defaults
 	if s.EnvHost {
 		defaultEnvs = envLib.Join(defaultEnvs, osEnv)
@@ -282,8 +282,8 @@ func finishThrottleDevices(s *specgen.SpecGenerator) error {
 			if err := unix.Stat(k, &statT); err != nil {
 				return err
 			}
-			v.Major = (int64(unix.Major(statT.Rdev)))
-			v.Minor = (int64(unix.Minor(statT.Rdev)))
+			v.Major = (int64(unix.Major(uint64(statT.Rdev))))
+			v.Minor = (int64(unix.Minor(uint64(statT.Rdev))))
 			s.ResourceLimits.BlockIO.ThrottleReadBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleReadBpsDevice, v)
 		}
 	}
@@ -293,8 +293,8 @@ func finishThrottleDevices(s *specgen.SpecGenerator) error {
 			if err := unix.Stat(k, &statT); err != nil {
 				return err
 			}
-			v.Major = (int64(unix.Major(statT.Rdev)))
-			v.Minor = (int64(unix.Minor(statT.Rdev)))
+			v.Major = (int64(unix.Major(uint64(statT.Rdev))))
+			v.Minor = (int64(unix.Minor(uint64(statT.Rdev))))
 			s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice, v)
 		}
 	}
@@ -304,8 +304,8 @@ func finishThrottleDevices(s *specgen.SpecGenerator) error {
 			if err := unix.Stat(k, &statT); err != nil {
 				return err
 			}
-			v.Major = (int64(unix.Major(statT.Rdev)))
-			v.Minor = (int64(unix.Minor(statT.Rdev)))
+			v.Major = (int64(unix.Major(uint64(statT.Rdev))))
+			v.Minor = (int64(unix.Minor(uint64(statT.Rdev))))
 			s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice, v)
 		}
 	}
@@ -315,8 +315,8 @@ func finishThrottleDevices(s *specgen.SpecGenerator) error {
 			if err := unix.Stat(k, &statT); err != nil {
 				return err
 			}
-			v.Major = (int64(unix.Major(statT.Rdev)))
-			v.Minor = (int64(unix.Minor(statT.Rdev)))
+			v.Major = (int64(unix.Major(uint64(statT.Rdev))))
+			v.Minor = (int64(unix.Minor(uint64(statT.Rdev))))
 			s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice, v)
 		}
 	}
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index 9fceec7b3..390b19beb 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -133,13 +133,13 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 	configSpec := g.Config
 	configSpec.Process.Capabilities.Ambient = []string{}
 	configSpec.Process.Capabilities.Bounding = caplist
-	configSpec.Process.Capabilities.Inheritable = caplist
 
 	user := strings.Split(s.User, ":")[0]
 
 	if (user == "" && s.UserNS.NSMode != specgen.KeepID) || user == "root" || user == "0" {
 		configSpec.Process.Capabilities.Effective = caplist
 		configSpec.Process.Capabilities.Permitted = caplist
+		configSpec.Process.Capabilities.Inheritable = caplist
 	} else {
 		userCaps, err := capabilities.MergeCapabilities(nil, s.CapAdd, nil)
 		if err != nil {
@@ -147,6 +147,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 		}
 		configSpec.Process.Capabilities.Effective = userCaps
 		configSpec.Process.Capabilities.Permitted = userCaps
+		configSpec.Process.Capabilities.Inheritable = userCaps
 
 		// Ambient capabilities were added to Linux 4.3.  Set ambient
 		// capabilities only when the kernel supports them.