10 files changed, 98 insertions, 24 deletions

diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index 8481a0cec..9f5fc7e65 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -766,3 +766,23 @@ func (r *LocalRuntime) Restart(ctx context.Context, c *cliconfig.RestartValues)
 	}
 	return pool.Run()
 }
+
+// Top display the running processes of a container
+func (r *LocalRuntime) Top(cli *cliconfig.TopValues) ([]string, error) {
+	var (
+		descriptors []string
+		container   *libpod.Container
+		err         error
+	)
+	if cli.Latest {
+		descriptors = cli.InputArgs
+		container, err = r.Runtime.GetLatestContainer()
+	} else {
+		descriptors = cli.InputArgs[1:]
+		container, err = r.Runtime.LookupContainer(cli.InputArgs[0])
+	}
+	if err != nil {
+		return nil, errors.Wrapf(err, "unable to lookup requested container")
+	}
+	return container.Top(descriptors)
+}
diff --git a/pkg/adapter/containers_remote.go b/pkg/adapter/containers_remote.go
index e8f221eaf..ef6d0efe1 100644
--- a/pkg/adapter/containers_remote.go
+++ b/pkg/adapter/containers_remote.go
@@ -832,3 +832,23 @@ func (r *LocalRuntime) Restart(ctx context.Context, c *cliconfig.RestartValues)
 	}
 	return ok, failures, nil
 }
+
+// Top display the running processes of a container
+func (r *LocalRuntime) Top(cli *cliconfig.TopValues) ([]string, error) {
+	var (
+		ctr         *Container
+		err         error
+		descriptors []string
+	)
+	if cli.Latest {
+		ctr, err = r.GetLatestContainer()
+		descriptors = cli.InputArgs
+	} else {
+		ctr, err = r.LookupContainer(cli.InputArgs[0])
+		descriptors = cli.InputArgs[1:]
+	}
+	if err != nil {
+		return nil, err
+	}
+	return iopodman.Top().Call(r.Conn, ctr.ID(), descriptors)
+}
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go
index 753f7c944..0d840d65b 100644
--- a/pkg/adapter/runtime.go
+++ b/pkg/adapter/runtime.go
@@ -5,6 +5,7 @@ package adapter
 import (
 	"bufio"
 	"context"
+	"github.com/containers/libpod/cmd/podman/shared"
 	"io"
 	"io/ioutil"
 	"os"
@@ -17,7 +18,6 @@ import (
 	"github.com/containers/image/types"
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
-	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/libpod/events"
 	"github.com/containers/libpod/libpod/image"
@@ -57,8 +57,8 @@ type Volume struct {
 type VolumeFilter func(*Volume) bool
 
 // GetRuntime returns a LocalRuntime struct with the actual runtime embedded in it
-func GetRuntime(c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
-	runtime, err := libpodruntime.GetRuntime(c)
+func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
+	runtime, err := libpodruntime.GetRuntime(ctx, c)
 	if err != nil {
 		return nil, err
 	}
@@ -119,8 +119,8 @@ func (r *LocalRuntime) RemoveImage(ctx context.Context, img *ContainerImage, for
 }
 
 // PruneImages is wrapper into PruneImages within the image pkg
-func (r *LocalRuntime) PruneImages(all bool) ([]string, error) {
-	return r.ImageRuntime().PruneImages(all)
+func (r *LocalRuntime) PruneImages(ctx context.Context, all bool) ([]string, error) {
+	return r.ImageRuntime().PruneImages(ctx, all)
 }
 
 // Export is a wrapper to container export to a tarfile
@@ -322,10 +322,6 @@ func (r *LocalRuntime) Events(c *cliconfig.EventValues) error {
 		fromStart   bool
 		eventsError error
 	)
-	options, err := shared.GenerateEventOptions(c.Filter, c.Since, c.Until)
-	if err != nil {
-		return errors.Wrapf(err, "unable to generate event options")
-	}
 	tmpl, err := template.New("events").Parse(c.Format)
 	if err != nil {
 		return err
@@ -335,7 +331,8 @@ func (r *LocalRuntime) Events(c *cliconfig.EventValues) error {
 	}
 	eventChannel := make(chan *events.Event)
 	go func() {
-		eventsError = r.Runtime.Events(fromStart, c.Stream, options, eventChannel)
+		readOpts := events.ReadOptions{FromStart: fromStart, Stream: c.Stream, Filters: c.Filter, EventChannel: eventChannel, Since: c.Since, Until: c.Until}
+		eventsError = r.Runtime.Events(readOpts)
 	}()
 
 	if eventsError != nil {
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index dcb0924ce..6102daccf 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -46,7 +46,7 @@ type LocalRuntime struct {
 }
 
 // GetRuntime returns a LocalRuntime struct with the actual runtime embedded in it
-func GetRuntime(c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
+func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*LocalRuntime, error) {
 	runtime := RemoteRuntime{}
 	conn, err := runtime.Connect()
 	if err != nil {
@@ -256,7 +256,7 @@ func (r *LocalRuntime) New(ctx context.Context, name, signaturePolicyPath, authf
 // IsParent goes through the layers in the store and checks if i.TopLayer is
 // the parent of any other layer in store. Double check that image with that
 // layer exists as well.
-func (ci *ContainerImage) IsParent() (bool, error) {
+func (ci *ContainerImage) IsParent(context.Context) (bool, error) {
 	return ci.remoteImage.isParent, nil
 }
 
@@ -338,7 +338,7 @@ func (ci *ContainerImage) History(ctx context.Context) ([]*image.History, error)
 }
 
 // PruneImages is the wrapper call for a remote-client to prune images
-func (r *LocalRuntime) PruneImages(all bool) ([]string, error) {
+func (r *LocalRuntime) PruneImages(ctx context.Context, all bool) ([]string, error) {
 	return iopodman.ImagesPrune().Call(r.Conn, all)
 }
 
diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go
index 270e431ad..6978370ef 100644
--- a/pkg/inspect/inspect.go
+++ b/pkg/inspect/inspect.go
@@ -38,7 +38,8 @@ type HostConfig struct {
 	PidMode              string                      `json:"PidMode"`
 	Privileged           bool                        `json:"Privileged"`
 	PublishAllPorts      bool                        `json:"PublishAllPorts"` //TODO
-	ReadonlyRootfs       bool                        `json:"ReadonlyRootfs"`
+	ReadOnlyRootfs       bool                        `json:"ReadonlyRootfs"`
+	ReadOnlyTmpfs        bool                        `json:"ReadonlyTmpfs"`
 	SecurityOpt          []string                    `json:"SecurityOpt"`
 	UTSMode              string                      `json:"UTSMode"`
 	UsernsMode           string                      `json:"UsernsMode"`
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index e71d9d3db..064dedd45 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -113,6 +113,7 @@ type CreateConfig struct {
 	PublishAll         bool     //publish-all
 	Quiet              bool     //quiet
 	ReadOnlyRootfs     bool     //read-only
+	ReadOnlyTmpfs      bool     //read-only-tmpfs
 	Resources          CreateResourceConfig
 	Rm                 bool              //rm
 	StopSignal         syscall.Signal    // stop-signal
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 0371b6d4d..4cbed0ea4 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -341,6 +341,31 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 		}
 	}
 
+	if config.ReadOnlyRootfs && config.ReadOnlyTmpfs {
+		options := []string{"rw", "rprivate", "nosuid", "nodev", "tmpcopyup"}
+		for _, i := range []string{"/tmp", "/var/tmp"} {
+			if libpod.MountExists(g.Config.Mounts, i) {
+				continue
+			}
+			// Default options if nothing passed
+			tmpfsMnt := spec.Mount{
+				Destination: i,
+				Type:        "tmpfs",
+				Source:      "tmpfs",
+				Options:     options,
+			}
+			g.AddMount(tmpfsMnt)
+		}
+		if !libpod.MountExists(g.Config.Mounts, "/run") {
+			tmpfsMnt := spec.Mount{
+				Destination: "/run",
+				Type:        "tmpfs",
+				Source:      "tmpfs",
+				Options:     append(options, "noexec", "size=65536k"),
+			}
+			g.AddMount(tmpfsMnt)
+		}
+	}
 	for name, val := range config.Env {
 		g.AddProcessEnv(name, val)
 	}
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
index 237407050..872c7bc26 100644
--- a/pkg/varlinkapi/containers.go
+++ b/pkg/varlinkapi/containers.go
@@ -733,3 +733,16 @@ func newPodmanLogLine(line *libpod.LogLine) iopodman.LogLine {
 		Cid:          line.CID,
 	}
 }
+
+// Top displays information about a container's running processes
+func (i *LibpodAPI) Top(call iopodman.VarlinkCall, nameOrID string, descriptors []string) error {
+	ctr, err := i.Runtime.LookupContainer(nameOrID)
+	if err != nil {
+		return call.ReplyContainerNotFound(ctr.ID(), err.Error())
+	}
+	topInfo, err := ctr.Top(descriptors)
+	if err != nil {
+		return call.ReplyErrorOccurred(err.Error())
+	}
+	return call.ReplyTop(topInfo)
+}
diff --git a/pkg/varlinkapi/events.go b/pkg/varlinkapi/events.go
index 1e5696fbe..f9a9d9321 100644
--- a/pkg/varlinkapi/events.go
+++ b/pkg/varlinkapi/events.go
@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/cmd/podman/varlink"
 	"github.com/containers/libpod/libpod/events"
 )
@@ -23,19 +22,16 @@ func (i *LibpodAPI) GetEvents(call iopodman.VarlinkCall, filter []string, since
 		stream = true
 		call.Continues = true
 	}
-	filters, err := shared.GenerateEventOptions(filter, since, until)
-	if err != nil {
-		return call.ReplyErrorOccurred(err.Error())
-	}
 	if len(since) > 0 || len(until) > 0 {
 		fromStart = true
 	}
 	eventChannel := make(chan *events.Event)
 	go func() {
-		eventsError = i.Runtime.Events(fromStart, stream, filters, eventChannel)
+		readOpts := events.ReadOptions{FromStart: fromStart, Stream: stream, Filters: filter, EventChannel: eventChannel}
+		eventsError = i.Runtime.Events(readOpts)
 	}()
 	if eventsError != nil {
-		return call.ReplyErrorOccurred(err.Error())
+		return call.ReplyErrorOccurred(eventsError.Error())
 	}
 	for {
 		event = <-eventChannel
diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index 470eadaeb..cecddf6b3 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -4,6 +4,7 @@ package varlinkapi
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -49,7 +50,7 @@ func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error {
 		}
 
 		size, _ := image.Size(getContext())
-		isParent, err := image.IsParent()
+		isParent, err := image.IsParent(context.TODO())
 		if err != nil {
 			return call.ReplyErrorOccurred(err.Error())
 		}
@@ -503,7 +504,7 @@ func (i *LibpodAPI) DeleteUnusedImages(call iopodman.VarlinkCall) error {
 			return call.ReplyErrorOccurred(err.Error())
 		}
 		if len(containers) == 0 {
-			if err := img.Remove(false); err != nil {
+			if err := img.Remove(context.TODO(), false); err != nil {
 				return call.ReplyErrorOccurred(err.Error())
 			}
 			deletedImages = append(deletedImages, img.ID())
@@ -739,7 +740,7 @@ func (i *LibpodAPI) ContainerRunlabel(call iopodman.VarlinkCall, input iopodman.
 
 // ImagesPrune ....
 func (i *LibpodAPI) ImagesPrune(call iopodman.VarlinkCall, all bool) error {
-	prunedImages, err := i.Runtime.ImageRuntime().PruneImages(all)
+	prunedImages, err := i.Runtime.ImageRuntime().PruneImages(context.TODO(), all)
 	if err != nil {
 		return call.ReplyErrorOccurred(err.Error())
 	}