4 files changed, 72 insertions, 15 deletions

diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index 1e8faf8f5..72ae27276 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -90,11 +90,10 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li
 
 	server := APIServer{
 		Server: http.Server{
-			Handler:           router,
-			ReadHeaderTimeout: 20 * time.Second,
-			IdleTimeout:       duration * 2,
-			ConnState:         idle.ConnState,
-			ErrorLog:          log.New(logrus.StandardLogger().Out, "", 0),
+			Handler:     router,
+			IdleTimeout: duration * 2,
+			ConnState:   idle.ConnState,
+			ErrorLog:    log.New(logrus.StandardLogger().Out, "", 0),
 		},
 		Decoder:     handlers.NewAPIDecoder(),
 		idleTracker: idle,
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index 3140a47c5..262b09cad 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -1,6 +1,7 @@
 package entities
 
 import (
+	"net/url"
 	"time"
 
 	"github.com/containers/common/pkg/config"
@@ -306,6 +307,28 @@ type ImageSaveOptions struct {
 	Quiet bool
 }
 
+// ImageScpOptions provide options for securely copying images to podman remote
+type ImageScpOptions struct {
+	// SoureImageName is the image the user is providing to load on a remote machine
+	SourceImageName string
+	// Tag allows for a new image to be created under the given name
+	Tag string
+	// ToRemote specifies that we are loading to the remote host
+	ToRemote bool
+	// FromRemote specifies that we are loading from the remote host
+	FromRemote bool
+	// Connections holds the raw string values for connections (ssh or unix)
+	Connections []string
+	// URI contains the ssh connection URLs to be used by the client
+	URI []*url.URL
+	// Iden contains ssh identity keys to be used by the client
+	Iden []string
+	// Save Options used for first half of the scp operation
+	Save ImageSaveOptions
+	// Load options used for the second half of the scp operation
+	Load ImageLoadOptions
+}
+
 // ImageTreeOptions provides options for ImageEngine.Tree()
 type ImageTreeOptions struct {
 	WhatRequires bool // Show all child images and layers of the specified image
diff --git a/pkg/domain/filters/containers.go b/pkg/domain/filters/containers.go
index 965a12468..dc9fed2a4 100644
--- a/pkg/domain/filters/containers.go
+++ b/pkg/domain/filters/containers.go
@@ -211,6 +211,36 @@ func GenerateContainerFilterFuncs(filter string, filterValues []string, r *libpo
 		}, nil
 	case "network":
 		return func(c *libpod.Container) bool {
+			networkMode := c.NetworkMode()
+			// support docker like `--filter network=container:<IDorName>`
+			// check if networkMode is configured as `container:<ctr>`
+			// peform a match against filter `container:<IDorName>`
+			// networks is already going to be empty if `container:<ctr>` is configured as Mode
+			if strings.HasPrefix(networkMode, "container:") {
+				networkModeContainerPart := strings.SplitN(networkMode, ":", 2)
+				if len(networkModeContainerPart) < 2 {
+					return false
+				}
+				networkModeContainerID := networkModeContainerPart[1]
+				for _, val := range filterValues {
+					if strings.HasPrefix(val, "container:") {
+						filterNetworkModePart := strings.SplitN(val, ":", 2)
+						if len(filterNetworkModePart) < 2 {
+							return false
+						}
+						filterNetworkModeIDorName := filterNetworkModePart[1]
+						filterID, err := r.LookupContainerID(filterNetworkModeIDorName)
+						if err != nil {
+							return false
+						}
+						if filterID == networkModeContainerID {
+							return true
+						}
+					}
+				}
+				return false
+			}
+
 			networks, _, err := c.Networks()
 			// if err or no networks, quick out
 			if err != nil || len(networks) == 0 {
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index e5f9e88d9..4d8443fcb 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -465,38 +465,43 @@ reexec_in_user_namespace_wait (int pid, int options)
 static int
 create_pause_process (const char *pause_pid_file_path, char **argv)
 {
-  int r, p[2];
+  pid_t pid;
+  int p[2];
 
   if (pipe (p) < 0)
-    _exit (EXIT_FAILURE);
+    return -1;
 
-  r = fork ();
-  if (r < 0)
-    _exit (EXIT_FAILURE);
+  pid = fork ();
+  if (pid < 0)
+    {
+      close (p[0]);
+      close (p[1]);
+      return -1;
+    }
 
-  if (r)
+  if (pid)
     {
       char b;
+      int r;
 
       close (p[1]);
       /* Block until we write the pid file.  */
       r = TEMP_FAILURE_RETRY (read (p[0], &b, 1));
       close (p[0]);
 
-      reexec_in_user_namespace_wait (r, 0);
+      reexec_in_user_namespace_wait (pid, 0);
 
       return r == 1 && b == '0' ? 0 : -1;
     }
   else
     {
-      int fd;
-      pid_t pid;
+      int r, fd;
 
       close (p[0]);
 
       setsid ();
       pid = fork ();
-      if (r < 0)
+      if (pid < 0)
         _exit (EXIT_FAILURE);
 
       if (pid)