4 files changed, 44 insertions, 112 deletions
diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go
index 0787b3fa5..2c5022c1f 100644
--- a/pkg/apparmor/apparmor_linux.go
+++ b/pkg/apparmor/apparmor_linux.go
@@ -214,8 +214,15 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
 		return name, nil
 	}
 
-	if name != "" && rootless.IsRootless() {
-		return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
+	// AppArmor is not supported in rootless mode as it requires root
+	// privileges.  Return an error in case a specific profile is specified.
+	if rootless.IsRootless() {
+		if name != "" {
+			return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
+		} else {
+			logrus.Debug("skipping loading default AppArmor profile (rootless mode)")
+			return "", nil
+		}
 	}
 
 	if name != "" && !runcaa.IsEnabled() {
@@ -230,7 +237,7 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
 			return "", err
 		}
 		if !isLoaded {
-			return "", fmt.Errorf("AppArmor profile %q specified but not loaded")
+			return "", fmt.Errorf("AppArmor profile %q specified but not loaded", name)
 		}
 		return name, nil
 	}
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 31e41903e..9a75474ae 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -175,43 +175,30 @@ func CreateTmpFile(dir, pattern string, content []byte) (string, error) {
 	return tmpfile.Name(), nil
 }
 
-func getGPGIdFromKeyPath(path []string) []string {
-	var uids []string
-	for _, k := range path {
-		cmd := exec.Command("gpg2", "--with-colons", k)
-		results, err := cmd.Output()
-		if err != nil {
-			logrus.Warnf("error get key identity: %s", err)
-			continue
-		}
-		uids = append(uids, parseUids(results)...)
+// GetGPGIdFromKeyPath return user keyring from key path
+func GetGPGIdFromKeyPath(path string) []string {
+	cmd := exec.Command("gpg2", "--with-colons", path)
+	results, err := cmd.Output()
+	if err != nil {
+		logrus.Errorf("error getting key identity: %s", err)
+		return nil
 	}
-	return uids
+	return parseUids(results)
 }
 
-func getGPGIdFromKeyData(keys []string) []string {
-	var uids []string
-	for _, k := range keys {
-		decodeKey, err := base64.StdEncoding.DecodeString(k)
-		if err != nil {
-			logrus.Warnf("error decoding key data")
-			continue
-		}
-		tmpfileName, err := CreateTmpFile("", "", decodeKey)
-		if err != nil {
-			logrus.Warnf("error creating key date temp file %s", err)
-		}
-		defer os.Remove(tmpfileName)
-		k = tmpfileName
-		cmd := exec.Command("gpg2", "--with-colons", k)
-		results, err := cmd.Output()
-		if err != nil {
-			logrus.Warnf("error get key identity: %s", err)
-			continue
-		}
-		uids = append(uids, parseUids(results)...)
+// GetGPGIdFromKeyData return user keyring from keydata
+func GetGPGIdFromKeyData(key string) []string {
+	decodeKey, err := base64.StdEncoding.DecodeString(key)
+	if err != nil {
+		logrus.Errorf("%s, error decoding key data", err)
+		return nil
 	}
-	return uids
+	tmpfileName, err := CreateTmpFile("", "", decodeKey)
+	if err != nil {
+		logrus.Errorf("error creating key date temp file %s", err)
+	}
+	defer os.Remove(tmpfileName)
+	return GetGPGIdFromKeyPath(tmpfileName)
 }
 
 func parseUids(colonDelimitKeys []byte) []string {
@@ -234,68 +221,15 @@ func parseUids(colonDelimitKeys []byte) []string {
 	return parseduids
 }
 
-var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
-
-func trustTypeDescription(trustType string) string {
-	trustDescription, exist := typeDescription[trustType]
-	if !exist {
-		logrus.Warnf("invalid trust type %s", trustType)
-	}
-	return trustDescription
-}
-
-// GetPolicy return the struct to show policy.json in json format and a map (reponame, ShowOutput) pair for image trust show command
-func GetPolicy(policyContentStruct PolicyContent, systemRegistriesDirPath string) (map[string]map[string]interface{}, map[string]ShowOutput, error) {
-	registryConfigs, err := LoadAndMergeConfig(systemRegistriesDirPath)
+// GetPolicy parse policy.json into PolicyContent struct
+func GetPolicy(policyPath string) (PolicyContent, error) {
+	var policyContentStruct PolicyContent
+	policyContent, err := ioutil.ReadFile(policyPath)
 	if err != nil {
-		return nil, nil, err
+		return policyContentStruct, errors.Wrapf(err, "unable to read policy file %s", policyPath)
 	}
-
-	trustShowOutputMap := make(map[string]ShowOutput)
-	policyJSON := make(map[string]map[string]interface{})
-	if len(policyContentStruct.Default) > 0 {
-		policyJSON["* (default)"] = make(map[string]interface{})
-		policyJSON["* (default)"]["type"] = policyContentStruct.Default[0].Type
-
-		var defaultPolicyStruct ShowOutput
-		defaultPolicyStruct.Repo = "default"
-		defaultPolicyStruct.Trusttype = trustTypeDescription(policyContentStruct.Default[0].Type)
-		trustShowOutputMap["* (default)"] = defaultPolicyStruct
-	}
-	for transname, transval := range policyContentStruct.Transports {
-		for repo, repoval := range transval {
-			tempTrustShowOutput := ShowOutput{
-				Repo:      repo,
-				Trusttype: repoval[0].Type,
-			}
-			policyJSON[repo] = make(map[string]interface{})
-			policyJSON[repo]["type"] = repoval[0].Type
-			policyJSON[repo]["transport"] = transname
-			keyDataArr := []string{}
-			keyPathArr := []string{}
-			keyarr := []string{}
-			for _, repoele := range repoval {
-				if len(repoele.KeyPath) > 0 {
-					keyarr = append(keyarr, repoele.KeyPath)
-					keyPathArr = append(keyPathArr, repoele.KeyPath)
-				}
-				if len(repoele.KeyData) > 0 {
-					keyarr = append(keyarr, string(repoele.KeyData))
-					keyDataArr = append(keyDataArr, string(repoele.KeyData))
-				}
-			}
-			policyJSON[repo]["keys"] = keyarr
-			uids := append(getGPGIdFromKeyPath(keyPathArr), getGPGIdFromKeyData(keyDataArr)...)
-			tempTrustShowOutput.GPGid = strings.Join(uids, ",")
-
-			policyJSON[repo]["sigstore"] = ""
-			registryNamespace := HaveMatchRegistry(repo, registryConfigs)
-			if registryNamespace != nil {
-				policyJSON[repo]["sigstore"] = registryNamespace.SigStore
-				tempTrustShowOutput.Sigstore = registryNamespace.SigStore
-			}
-			trustShowOutputMap[repo] = tempTrustShowOutput
-		}
+	if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
+		return policyContentStruct, errors.Wrapf(err, "could not parse trust policies")
 	}
-	return policyJSON, trustShowOutputMap, nil
+	return policyContentStruct, nil
 }
diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index 744f031c0..d6a9b7301 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -627,19 +627,10 @@ func (i *LibpodAPI) ContainerRunlabel(call iopodman.VarlinkCall, input iopodman.
 }
 
 // ImagesPrune ....
-func (i *LibpodAPI) ImagesPrune(call iopodman.VarlinkCall) error {
-	var (
-		pruned []string
-	)
-	pruneImages, err := i.Runtime.ImageRuntime().GetPruneImages()
+func (i *LibpodAPI) ImagesPrune(call iopodman.VarlinkCall, all bool) error {
+	prunedImages, err := i.Runtime.ImageRuntime().PruneImages(all)
 	if err != nil {
-		return err
-	}
-	for _, i := range pruneImages {
-		if err := i.Remove(true); err != nil {
-			return call.ReplyErrorOccurred(err.Error())
-		}
-		pruned = append(pruned, i.ID())
+		return call.ReplyErrorOccurred(err.Error())
 	}
-	return call.ReplyImagesPrune(pruned)
+	return call.ReplyImagesPrune(prunedImages)
 }
diff --git a/pkg/varlinkapi/mount.go b/pkg/varlinkapi/mount.go
index 84e6b2709..3b4fe87e3 100644
--- a/pkg/varlinkapi/mount.go
+++ b/pkg/varlinkapi/mount.go
@@ -6,7 +6,7 @@ import (
 
 // ListContainerMounts ...
 func (i *LibpodAPI) ListContainerMounts(call iopodman.VarlinkCall) error {
-	var mounts []string
+	mounts := make(map[string]string)
 	allContainers, err := i.Runtime.GetAllContainers()
 	if err != nil {
 		return call.ReplyErrorOccurred(err.Error())
@@ -17,7 +17,7 @@ func (i *LibpodAPI) ListContainerMounts(call iopodman.VarlinkCall) error {
 			return call.ReplyErrorOccurred(err.Error())
 		}
 		if mounted {
-			mounts = append(mounts, mountPoint)
+			mounts[container.ID()] = mountPoint
 		}
 	}
 	return call.ReplyListContainerMounts(mounts)