7 files changed, 40 insertions, 20 deletions
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index 51efdccc7..e67cc03ba 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -899,7 +899,7 @@ func (r *LocalRuntime) execPS(c *libpod.Container, args []string) ([]string, err
 	}()
 
 	cmd := append([]string{"ps"}, args...)
-	ec, err := c.Exec(false, false, []string{}, cmd, "", "", streams, 0, nil, "")
+	ec, err := c.Exec(false, false, map[string]string{}, cmd, "", "", streams, 0, nil, "")
 	if err != nil {
 		return nil, err
 	} else if ec != 0 {
@@ -959,12 +959,6 @@ func (r *LocalRuntime) ExecContainer(ctx context.Context, cli *cliconfig.ExecVal
 		return ec, errors.Wrapf(err, "unable to process environment variables")
 	}
 
-	// Build env slice of key=value strings for Exec
-	envs := []string{}
-	for k, v := range env {
-		envs = append(envs, fmt.Sprintf("%s=%s", k, v))
-	}
-
 	streams := new(libpod.AttachStreams)
 	streams.OutputStream = os.Stdout
 	streams.ErrorStream = os.Stderr
@@ -975,7 +969,7 @@ func (r *LocalRuntime) ExecContainer(ctx context.Context, cli *cliconfig.ExecVal
 	streams.AttachOutput = true
 	streams.AttachError = true
 
-	ec, err = ExecAttachCtr(ctx, ctr.Container, cli.Tty, cli.Privileged, envs, cmd, cli.User, cli.Workdir, streams, cli.PreserveFDs, cli.DetachKeys)
+	ec, err = ExecAttachCtr(ctx, ctr.Container, cli.Tty, cli.Privileged, env, cmd, cli.User, cli.Workdir, streams, uint(cli.PreserveFDs), cli.DetachKeys)
 	return define.TranslateExecErrorToExitCode(ec, err), err
 }
 
diff --git a/pkg/adapter/terminal_linux.go b/pkg/adapter/terminal_linux.go
index 26cfd7b5e..16e552802 100644
--- a/pkg/adapter/terminal_linux.go
+++ b/pkg/adapter/terminal_linux.go
@@ -13,7 +13,7 @@ import (
 )
 
 // ExecAttachCtr execs and attaches to a container
-func ExecAttachCtr(ctx context.Context, ctr *libpod.Container, tty, privileged bool, env, cmd []string, user, workDir string, streams *libpod.AttachStreams, preserveFDs int, detachKeys string) (int, error) {
+func ExecAttachCtr(ctx context.Context, ctr *libpod.Container, tty, privileged bool, env map[string]string, cmd []string, user, workDir string, streams *libpod.AttachStreams, preserveFDs uint, detachKeys string) (int, error) {
 	resize := make(chan remotecommand.TerminalSize)
 
 	haveTerminal := terminal.IsTerminal(int(os.Stdin.Fd()))
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 05d641383..99307e8c4 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -431,12 +431,14 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
 		if err != nil {
 			return false, -1, errors.Wrapf(err, "cannot write setgroups file")
 		}
+		logrus.Debugf("write setgroups file exited with 0")
 
 		uidMap := fmt.Sprintf("/proc/%d/uid_map", pid)
 		err = ioutil.WriteFile(uidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Geteuid())), 0666)
 		if err != nil {
 			return false, -1, errors.Wrapf(err, "cannot write uid_map")
 		}
+		logrus.Debugf("write uid_map exited with 0")
 	}
 
 	gidsMapped := false
@@ -602,7 +604,7 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
 
 	return joinUserAndMountNS(uint(pausePid), pausePidPath)
 }
-func readMappingsProc(path string) ([]idtools.IDMap, error) {
+func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
 	file, err := os.Open(path)
 	if err != nil {
 		return nil, errors.Wrapf(err, "cannot open %s", path)
@@ -668,7 +670,7 @@ func ConfigurationMatches() (bool, error) {
 		return false, err
 	}
 
-	currentUIDs, err := readMappingsProc("/proc/self/uid_map")
+	currentUIDs, err := ReadMappingsProc("/proc/self/uid_map")
 	if err != nil {
 		return false, err
 	}
@@ -677,7 +679,7 @@ func ConfigurationMatches() (bool, error) {
 		return false, err
 	}
 
-	currentGIDs, err := readMappingsProc("/proc/self/gid_map")
+	currentGIDs, err := ReadMappingsProc("/proc/self/gid_map")
 	if err != nil {
 		return false, err
 	}
diff --git a/pkg/rootless/rootless_unsupported.go b/pkg/rootless/rootless_unsupported.go
index ddd9182b0..ce488f364 100644
--- a/pkg/rootless/rootless_unsupported.go
+++ b/pkg/rootless/rootless_unsupported.go
@@ -65,3 +65,8 @@ func ConfigurationMatches() (bool, error) {
 func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) {
 	return nil, nil, errors.New("this function is not supported on this os")
 }
+
+// ReadMappingsProc returns the uid_map and gid_map
+func ReadMappingsProc(path string) ([]idtools.IDMap, error) {
+	return nil, nil
+}
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index b7d55b963..2addfda4b 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -205,8 +205,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
 	if c.Interactive {
 		options = append(options, libpod.WithStdin())
 	}
-	if c.Systemd && (strings.HasSuffix(c.Command[0], "init") ||
-		strings.HasSuffix(c.Command[0], "systemd")) {
+	if c.Systemd {
 		options = append(options, libpod.WithSystemd())
 	}
 	if c.Name != "" {
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 57c6e8da7..8f00d3270 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -302,8 +302,8 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
 
 	// RESOURCES - PIDS
 	if config.Resources.PidsLimit > 0 {
-		// if running on rootless on a cgroupv1 machine, pids limit is
-		// not supported.  If the value is still the default
+		// if running on rootless on a cgroupv1 machine or using the cgroupfs manager, pids
+		// limit is not supported.  If the value is still the default
 		// then ignore the settings.  If the caller asked for a
 		// non-default, then try to use it.
 		setPidLimit := true
@@ -312,7 +312,11 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
 			if err != nil {
 				return nil, err
 			}
-			if !cgroup2 && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
+			runtimeConfig, err := runtime.GetConfig()
+			if err != nil {
+				return nil, err
+			}
+			if (!cgroup2 || runtimeConfig.CgroupManager != libpod.SystemdCgroupsManager) && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
 				setPidLimit = false
 			}
 		}
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
index 79fcef11a..b471ee2cf 100644
--- a/pkg/varlinkapi/containers.go
+++ b/pkg/varlinkapi/containers.go
@@ -9,6 +9,7 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
+	"strings"
 	"sync"
 	"syscall"
 	"time"
@@ -563,9 +564,14 @@ func (i *LibpodAPI) GetAttachSockets(call iopodman.VarlinkCall, name string) err
 		}
 	}
 
+	sockPath, err := ctr.AttachSocketPath()
+	if err != nil {
+		return call.ReplyErrorOccurred(err.Error())
+	}
+
 	s := iopodman.Sockets{
 		Container_id:   ctr.ID(),
-		Io_socket:      ctr.AttachSocketPath(),
+		Io_socket:      sockPath,
 		Control_socket: ctr.ControlSocketPath(),
 	}
 	return call.ReplyGetAttachSockets(s)
@@ -811,9 +817,19 @@ func (i *LibpodAPI) ExecContainer(call iopodman.VarlinkCall, opts iopodman.ExecO
 	// ACK the client upgrade request
 	call.ReplyExecContainer()
 
-	envs := []string{}
+	envs := make(map[string]string)
 	if opts.Env != nil {
-		envs = *opts.Env
+		// HACK: The Varlink API uses the old []string format for env,
+		// storage as "k=v". Split on the = and turn into the new map
+		// format.
+		for _, env := range *opts.Env {
+			splitEnv := strings.SplitN(env, "=", 2)
+			if len(splitEnv) == 1 {
+				logrus.Errorf("Got badly-formatted environment variable %q in exec", env)
+				continue
+			}
+			envs[splitEnv[0]] = splitEnv[1]
+		}
 	}
 
 	var user string