6 files changed, 34 insertions, 26 deletions

diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index 7c93e6802..bb13794bd 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -71,6 +71,7 @@ type ContainerEngine interface {
 	SetupRootless(ctx context.Context, cmd *cobra.Command) error
 	Shutdown(ctx context.Context)
 	SystemDf(ctx context.Context, options SystemDfOptions) (*SystemDfReport, error)
+	Unshare(ctx context.Context, args []string) error
 	VarlinkService(ctx context.Context, opts ServiceOptions) error
 	VolumeCreate(ctx context.Context, opts VolumeCreateOptions) (*IdOrNameResponse, error)
 	VolumeInspect(ctx context.Context, namesOrIds []string, opts VolumeInspectOptions) ([]*VolumeInspectReport, error)
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index 24c62465f..fc92da1b2 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"strconv"
 	"syscall"
@@ -391,3 +392,18 @@ func (s SystemEngine) Shutdown(ctx context.Context) {
 		logrus.Error(err)
 	}
 }
+
+func unshareEnv(graphroot, runroot string) []string {
+	return append(os.Environ(), "_CONTAINERS_USERNS_CONFIGURED=done",
+		fmt.Sprintf("CONTAINERS_GRAPHROOT=%s", graphroot),
+		fmt.Sprintf("CONTAINERS_RUNROOT=%s", runroot))
+}
+
+func (ic *ContainerEngine) Unshare(ctx context.Context, args []string) error {
+	cmd := exec.Command(args[0], args[1:]...)
+	cmd.Env = unshareEnv(ic.Libpod.StorageConfig().GraphRoot, ic.Libpod.StorageConfig().RunRoot)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	return cmd.Run()
+}
diff --git a/pkg/domain/infra/tunnel/system.go b/pkg/domain/infra/tunnel/system.go
index 448fbed1f..d00795741 100644
--- a/pkg/domain/infra/tunnel/system.go
+++ b/pkg/domain/infra/tunnel/system.go
@@ -30,3 +30,7 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys
 func (ic *ContainerEngine) SystemDf(ctx context.Context, options entities.SystemDfOptions) (*entities.SystemDfReport, error) {
 	panic(errors.New("system df is not supported on remote clients"))
 }
+
+func (ic *ContainerEngine) Unshare(ctx context.Context, args []string) error {
+	return errors.New("unshare is not supported on remote clients")
+}
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index a2bb66a44..11b18e2d0 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -321,12 +321,6 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		configSpec.Annotations = make(map[string]string)
 	}
 
-	// TODO cidfile is not in specgen; when wiring up cli, we will need to move this out of here
-	// leaving as a reminder
-	//if config.CidFile != "" {
-	//	configSpec.Annotations[libpod.InspectAnnotationCIDFile] = config.CidFile
-	//}
-
 	if s.Remove {
 		configSpec.Annotations[define.InspectAnnotationAutoremove] = define.InspectResponseTrue
 	} else {
@@ -343,13 +337,11 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		configSpec.Annotations[define.InspectAnnotationPrivileged] = define.InspectResponseFalse
 	}
 
-	// TODO Init might not make it into the specgen and therefore is not available here.  We should deal
-	// with this when we wire up the CLI; leaving as a reminder
-	//if s.Init {
-	//	configSpec.Annotations[libpod.InspectAnnotationInit] = libpod.InspectResponseTrue
-	//} else {
-	//	configSpec.Annotations[libpod.InspectAnnotationInit] = libpod.InspectResponseFalse
-	//}
+	if s.Init {
+		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseTrue
+	} else {
+		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseFalse
+	}
 
 	return configSpec, nil
 }
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index df5775f8b..cd2d69cfb 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/containers/libpod/libpod"
 	"github.com/containers/libpod/pkg/specgen"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
@@ -68,15 +69,17 @@ func createPodOptions(p *specgen.PodSpecGenerator) ([]libpod.PodCreateOption, er
 	if p.NoManageResolvConf {
 		options = append(options, libpod.WithPodUseImageResolvConf())
 	}
+	if len(p.CNINetworks) > 0 {
+		options = append(options, libpod.WithPodNetworks(p.CNINetworks))
+	}
 	switch p.NetNS.NSMode {
-	case specgen.Bridge:
+	case specgen.Bridge, specgen.Default, "":
 		logrus.Debugf("Pod using default network mode")
 	case specgen.Host:
 		logrus.Debugf("Pod will use host networking")
 		options = append(options, libpod.WithPodHostNetwork())
 	default:
-		logrus.Debugf("Pod joining CNI networks: %v", p.CNINetworks)
-		options = append(options, libpod.WithPodNetworks(p.CNINetworks))
+		return nil, errors.Errorf("pods presently do not support network mode %s", p.NetNS.NSMode)
 	}
 
 	if p.NoManageHosts {
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index 08f1c0300..640447e71 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -1,7 +1,6 @@
 package specgen
 
 import (
-	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/libpod/pkg/util"
 	"github.com/pkg/errors"
 )
@@ -37,8 +36,8 @@ func (p *PodSpecGenerator) Validate() error {
 		return err
 	}
 	if p.NoInfra {
-		if p.NetNS.NSMode == NoNetwork {
-			return errors.New("NoInfra and a none network cannot be used toegther")
+		if p.NetNS.NSMode != Default && p.NetNS.NSMode != "" {
+			return errors.New("NoInfra and network modes cannot be used toegther")
 		}
 		if p.StaticIP != nil {
 			return exclusivePodOptions("NoInfra", "StaticIP")
@@ -86,13 +85,6 @@ func (p *PodSpecGenerator) Validate() error {
 	}
 
 	// Set Defaults
-	if p.NetNS.Value == "" {
-		if rootless.IsRootless() {
-			p.NetNS.NSMode = Slirp
-		} else {
-			p.NetNS.NSMode = Bridge
-		}
-	}
 	if len(p.InfraImage) < 1 {
 		p.InfraImage = containerConfig.Engine.InfraImage
 	}