20 files changed, 95 insertions, 76 deletions

diff --git a/pkg/specgen/config_unsupported.go b/pkg/specgen/config_unsupported.go
index 85ff1e9fd..3d89e49f8 100644
--- a/pkg/specgen/config_unsupported.go
+++ b/pkg/specgen/config_unsupported.go
@@ -3,7 +3,7 @@
 package specgen
 
 import (
-	"github.com/containers/podman/v2/libpod/image"
+	"github.com/containers/podman/v3/libpod/image"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 81cb8b78d..caea51ea8 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -4,9 +4,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/containers/podman/v2/libpod/define"
-	"github.com/containers/podman/v2/pkg/rootless"
-	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/podman/v3/libpod/define"
+	"github.com/containers/podman/v3/pkg/rootless"
+	"github.com/containers/podman/v3/pkg/util"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
@@ -29,7 +29,6 @@ func exclusiveOptions(opt1, opt2 string) error {
 // Validate verifies that the given SpecGenerator is valid and satisfies required
 // input for creating a container.
 func (s *SpecGenerator) Validate() error {
-
 	if rootless.IsRootless() && len(s.CNINetworks) == 0 {
 		if s.StaticIP != nil || s.StaticIPv6 != nil {
 			return ErrNoStaticIPRootless
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go
index 1290a8eb6..2792d0cb7 100644
--- a/pkg/specgen/generate/config_linux.go
+++ b/pkg/specgen/generate/config_linux.go
@@ -8,8 +8,8 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/containers/podman/v2/pkg/rootless"
-	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/podman/v3/pkg/rootless"
+	"github.com/containers/podman/v3/pkg/util"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/pkg/errors"
@@ -113,7 +113,6 @@ func DevicesFromPath(g *generate.Generator, devicePath string) error {
 
 		// mount the internal devices recursively
 		if err := filepath.Walk(resolvedDevicePath, func(dpath string, f os.FileInfo, e error) error {
-
 			if f.Mode()&os.ModeDevice == os.ModeDevice {
 				found = true
 				device := fmt.Sprintf("%s:%s", dpath, filepath.Join(dest, strings.TrimPrefix(dpath, src)))
diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go
index 7a53cb01c..41f03d5b6 100644
--- a/pkg/specgen/generate/config_linux_cgo.go
+++ b/pkg/specgen/generate/config_linux_cgo.go
@@ -7,9 +7,9 @@ import (
 	"io/ioutil"
 
 	goSeccomp "github.com/containers/common/pkg/seccomp"
-	"github.com/containers/podman/v2/libpod/image"
-	"github.com/containers/podman/v2/pkg/seccomp"
-	"github.com/containers/podman/v2/pkg/specgen"
+	"github.com/containers/podman/v3/libpod/image"
+	"github.com/containers/podman/v3/pkg/seccomp"
+	"github.com/containers/podman/v3/pkg/specgen"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
diff --git a/pkg/specgen/generate/config_linux_nocgo.go b/pkg/specgen/generate/config_linux_nocgo.go
index 184122aeb..0867988b6 100644
--- a/pkg/specgen/generate/config_linux_nocgo.go
+++ b/pkg/specgen/generate/config_linux_nocgo.go
@@ -5,8 +5,8 @@ package generate
 import (
 	"errors"
 
-	"github.com/containers/podman/v2/libpod/image"
-	"github.com/containers/podman/v2/pkg/specgen"
+	"github.com/containers/podman/v3/libpod/image"
+	"github.com/containers/podman/v3/pkg/specgen"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 )
 
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 31d317bf8..3d20ed8ff 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -3,14 +3,15 @@ package generate
 import (
 	"context"
 	"os"
+	"strings"
 
 	"github.com/containers/image/v5/manifest"
-	"github.com/containers/podman/v2/libpod"
-	"github.com/containers/podman/v2/libpod/image"
-	ann "github.com/containers/podman/v2/pkg/annotations"
-	envLib "github.com/containers/podman/v2/pkg/env"
-	"github.com/containers/podman/v2/pkg/signal"
-	"github.com/containers/podman/v2/pkg/specgen"
+	"github.com/containers/podman/v3/libpod"
+	"github.com/containers/podman/v3/libpod/image"
+	ann "github.com/containers/podman/v3/pkg/annotations"
+	envLib "github.com/containers/podman/v3/pkg/env"
+	"github.com/containers/podman/v3/pkg/signal"
+	"github.com/containers/podman/v3/pkg/specgen"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -197,6 +198,15 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 		annotations[ann.ContainerType] = ann.ContainerTypeContainer
 	}
 
+	for _, v := range rtc.Containers.Annotations {
+		split := strings.SplitN(v, "=", 2)
+		k := split[0]
+		v := ""
+		if len(split) == 2 {
+			v = split[1]
+		}
+		annotations[k] = v
+	}
 	// now pass in the values from client
 	for k, v := range s.Annotations {
 		annotations[k] = v
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 74291325c..03697b353 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -7,10 +7,10 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/podman/v2/libpod"
-	"github.com/containers/podman/v2/libpod/image"
-	"github.com/containers/podman/v2/pkg/specgen"
-	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/podman/v3/libpod"
+	"github.com/containers/podman/v3/libpod/image"
+	"github.com/containers/podman/v3/pkg/specgen"
+	"github.com/containers/podman/v3/pkg/util"
 	"github.com/containers/storage"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
@@ -247,8 +247,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
 		var vols []*libpod.ContainerOverlayVolume
 		for _, v := range overlays {
 			vols = append(vols, &libpod.ContainerOverlayVolume{
-				Dest:   v.Destination,
-				Source: v.Source,
+				Dest:    v.Destination,
+				Source:  v.Source,
+				Options: v.Options,
 			})
 		}
 		options = append(options, libpod.WithOverlayVolumes(vols))
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 98ab82259..d61c8bd19 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -7,10 +7,10 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/parse"
-	"github.com/containers/podman/v2/libpod/image"
-	ann "github.com/containers/podman/v2/pkg/annotations"
-	"github.com/containers/podman/v2/pkg/specgen"
-	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/podman/v3/libpod/image"
+	ann "github.com/containers/podman/v3/pkg/annotations"
+	"github.com/containers/podman/v3/pkg/specgen"
+	"github.com/containers/podman/v3/pkg/util"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	v1 "k8s.io/api/core/v1"
@@ -384,7 +384,6 @@ func getPodPorts(containers []v1.Container) []specgen.PortMapping {
 			if p.HostPort != 0 {
 				infraPorts = append(infraPorts, portBinding)
 			}
-
 		}
 	}
 	return infraPorts
diff --git a/pkg/specgen/generate/kube/seccomp.go b/pkg/specgen/generate/kube/seccomp.go
index 4cbdf6e2e..da15cf519 100644
--- a/pkg/specgen/generate/kube/seccomp.go
+++ b/pkg/specgen/generate/kube/seccomp.go
@@ -4,13 +4,14 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/containers/podman/v2/libpod"
+	"github.com/containers/podman/v3/libpod"
 	"github.com/pkg/errors"
 	v1 "k8s.io/api/core/v1"
 )
 
 // KubeSeccompPaths holds information about a pod YAML's seccomp configuration
 // it holds both container and pod seccomp paths
+// nolint:golint
 type KubeSeccompPaths struct {
 	containerPaths map[string]string
 	podPath        string
diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go
index f5687f60d..e4f3eb196 100644
--- a/pkg/specgen/generate/kube/volume.go
+++ b/pkg/specgen/generate/kube/volume.go
@@ -4,7 +4,7 @@ import (
 	"os"
 
 	"github.com/containers/common/pkg/parse"
-	"github.com/containers/podman/v2/libpod"
+	"github.com/containers/podman/v3/libpod"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
@@ -17,6 +17,7 @@ const (
 	kubeFilePermission = 0644
 )
 
+// nolint:golint
 type KubeVolumeType int
 
 const (
@@ -24,6 +25,7 @@ const (
 	KubeVolumeTypeNamed     KubeVolumeType = iota
 )
 
+// nolint:golint
 type KubeVolume struct {
 	// Type of volume to create
 	Type KubeVolumeType
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index f66ad6101..b87375a92 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -7,12 +7,12 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/podman/v2/libpod"
-	"github.com/containers/podman/v2/libpod/define"
-	"github.com/containers/podman/v2/libpod/image"
-	"github.com/containers/podman/v2/pkg/rootless"
-	"github.com/containers/podman/v2/pkg/specgen"
-	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/podman/v3/libpod"
+	"github.com/containers/podman/v3/libpod/define"
+	"github.com/containers/podman/v3/libpod/image"
+	"github.com/containers/podman/v3/pkg/rootless"
+	"github.com/containers/podman/v3/pkg/specgen"
+	"github.com/containers/podman/v3/pkg/util"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/pkg/errors"
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index e62131244..23a9ce831 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -5,11 +5,11 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/podman/v2/libpod"
-	"github.com/containers/podman/v2/libpod/define"
-	"github.com/containers/podman/v2/libpod/image"
-	"github.com/containers/podman/v2/pkg/rootless"
-	"github.com/containers/podman/v2/pkg/specgen"
+	"github.com/containers/podman/v3/libpod"
+	"github.com/containers/podman/v3/libpod/define"
+	"github.com/containers/podman/v3/libpod/image"
+	"github.com/containers/podman/v3/pkg/rootless"
+	"github.com/containers/podman/v3/pkg/specgen"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/pkg/errors"
@@ -105,7 +105,10 @@ func makeCommand(ctx context.Context, s *specgen.SpecGenerator, img *image.Image
 		entrypoint = newEntry
 	}
 
-	finalCommand = append(finalCommand, entrypoint...)
+	// Don't append the entrypoint if it is [""]
+	if len(entrypoint) != 1 || entrypoint[0] != "" {
+		finalCommand = append(finalCommand, entrypoint...)
+	}
 
 	// Only use image command if the user did not manually set an
 	// entrypoint.
@@ -219,7 +222,6 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		if !mappingFound {
 			gid5Available = false
 		}
-
 	}
 	if !gid5Available {
 		// If we have no GID mappings, the gid=5 default option would fail, so drop it.
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 645bf7a47..5d7bf1930 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -3,8 +3,8 @@ package generate
 import (
 	"context"
 
-	"github.com/containers/podman/v2/libpod"
-	"github.com/containers/podman/v2/pkg/specgen"
+	"github.com/containers/podman/v3/libpod"
+	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go
index 83ded059f..6cf83ed81 100644
--- a/pkg/specgen/generate/ports.go
+++ b/pkg/specgen/generate/ports.go
@@ -6,8 +6,8 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/containers/podman/v2/libpod/image"
-	"github.com/containers/podman/v2/pkg/specgen"
+	"github.com/containers/podman/v3/libpod/image"
+	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/cri-o/ocicni/pkg/ocicni"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index 390b19beb..56aac8bfd 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -6,11 +6,11 @@ import (
 	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/capabilities"
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/podman/v2/libpod"
-	"github.com/containers/podman/v2/libpod/define"
-	"github.com/containers/podman/v2/libpod/image"
-	"github.com/containers/podman/v2/pkg/specgen"
-	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/podman/v3/libpod"
+	"github.com/containers/podman/v3/libpod/define"
+	"github.com/containers/podman/v3/libpod/image"
+	"github.com/containers/podman/v3/pkg/specgen"
+	"github.com/containers/podman/v3/pkg/util"
 	"github.com/opencontainers/runtime-tools/generate"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
@@ -109,17 +109,15 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 			}
 		}
 		if !s.Privileged && len(capsRequiredRequested) > 0 {
-
 			// Pass capRequiredRequested in CapAdd field to normalize capabilities names
 			capsRequired, err := capabilities.MergeCapabilities(nil, capsRequiredRequested, nil)
 			if err != nil {
 				return errors.Wrapf(err, "capabilities requested by user or image are not valid: %q", strings.Join(capsRequired, ","))
-			} else {
-				// Verify all capRequired are in the capList
-				for _, cap := range capsRequired {
-					if !util.StringInSlice(cap, caplist) {
-						privCapsRequired = append(privCapsRequired, cap)
-					}
+			}
+			// Verify all capRequired are in the capList
+			for _, cap := range capsRequired {
+				if !util.StringInSlice(cap, caplist) {
+					privCapsRequired = append(privCapsRequired, cap)
 				}
 			}
 			if len(privCapsRequired) == 0 {
@@ -189,7 +187,6 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 		return err
 	}
 	for sysctlKey, sysctlVal := range defaultSysctls {
-
 		// Ignore mqueue sysctls if --ipc=host
 		if noUseIPC && strings.HasPrefix(sysctlKey, "fs.mqueue.") {
 			logrus.Infof("Sysctl %s=%s ignored in containers.conf, since IPC Namespace set to host", sysctlKey, sysctlVal)
@@ -213,7 +210,6 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator,
 	}
 
 	for sysctlKey, sysctlVal := range s.Sysctl {
-
 		if s.IpcNS.IsHost() && strings.HasPrefix(sysctlKey, "fs.mqueue.") {
 			return errors.Wrapf(define.ErrInvalidArg, "sysctl %s=%s can't be set since IPC Namespace set to host", sysctlKey, sysctlVal)
 		}
diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go
index 63713726e..0bb1421f6 100644
--- a/pkg/specgen/generate/storage.go
+++ b/pkg/specgen/generate/storage.go
@@ -9,10 +9,10 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/config"
-	"github.com/containers/podman/v2/libpod"
-	"github.com/containers/podman/v2/libpod/image"
-	"github.com/containers/podman/v2/pkg/specgen"
-	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/podman/v3/libpod"
+	"github.com/containers/podman/v3/libpod/image"
+	"github.com/containers/podman/v3/pkg/specgen"
+	"github.com/containers/podman/v3/pkg/util"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
diff --git a/pkg/specgen/generate/validate.go b/pkg/specgen/generate/validate.go
index 77cccad3e..50efe7fa3 100644
--- a/pkg/specgen/generate/validate.go
+++ b/pkg/specgen/generate/validate.go
@@ -5,9 +5,9 @@ import (
 	"path/filepath"
 
 	"github.com/containers/common/pkg/sysinfo"
-	"github.com/containers/podman/v2/pkg/cgroups"
-	"github.com/containers/podman/v2/pkg/specgen"
-	"github.com/containers/podman/v2/utils"
+	"github.com/containers/podman/v3/pkg/cgroups"
+	"github.com/containers/podman/v3/pkg/specgen"
+	"github.com/containers/podman/v3/utils"
 	"github.com/pkg/errors"
 )
 
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index 9d78a0210..fb7d65da4 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -3,8 +3,8 @@ package specgen
 import (
 	"strings"
 
-	"github.com/containers/podman/v2/pkg/cgroups"
-	"github.com/containers/podman/v2/pkg/rootless"
+	"github.com/containers/podman/v3/pkg/cgroups"
+	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/pkg/errors"
 )
 
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index 518adb32f..c746bcd1a 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -1,8 +1,8 @@
 package specgen
 
 import (
-	"github.com/containers/podman/v2/pkg/rootless"
-	"github.com/containers/podman/v2/pkg/util"
+	"github.com/containers/podman/v3/pkg/rootless"
+	"github.com/containers/podman/v3/pkg/util"
 	"github.com/pkg/errors"
 )
 
@@ -19,7 +19,6 @@ func exclusivePodOptions(opt1, opt2 string) error {
 
 // Validate verifies the input is valid
 func (p *PodSpecGenerator) Validate() error {
-
 	if rootless.IsRootless() && len(p.CNINetworks) == 0 {
 		if p.StaticIP != nil {
 			return ErrNoStaticIPRootless
diff --git a/pkg/specgen/volumes.go b/pkg/specgen/volumes.go
index 83634b4ef..d85d2bdd1 100644
--- a/pkg/specgen/volumes.go
+++ b/pkg/specgen/volumes.go
@@ -31,6 +31,8 @@ type OverlayVolume struct {
 	Destination string `json:"destination"`
 	// Source specifies the source path of the mount.
 	Source string `json:"source,omitempty"`
+	// Options holds overlay volume options.
+	Options []string `json:"options,omitempty"`
 }
 
 // ImageVolume is a volume based on a container image.  The container image is
@@ -100,10 +102,17 @@ func GenVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*Na
 		if strings.HasPrefix(src, "/") || strings.HasPrefix(src, ".") {
 			// This is not a named volume
 			overlayFlag := false
+			chownFlag := false
 			for _, o := range options {
 				if o == "O" {
 					overlayFlag = true
-					if len(options) > 1 {
+
+					joinedOpts := strings.Join(options, "")
+					if strings.Contains(joinedOpts, "U") {
+						chownFlag = true
+					}
+
+					if len(options) > 2 || (len(options) == 2 && !chownFlag) {
 						return nil, nil, nil, errors.New("can't use 'O' with other options")
 					}
 				}
@@ -113,6 +122,8 @@ func GenVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*Na
 				newOverlayVol := new(OverlayVolume)
 				newOverlayVol.Destination = cleanDest
 				newOverlayVol.Source = src
+				newOverlayVol.Options = options
+
 				if _, ok := overlayVolumes[newOverlayVol.Destination]; ok {
 					return nil, nil, nil, errors.Wrapf(errDuplicateDest, newOverlayVol.Destination)
 				}