4 files changed, 22 insertions, 24 deletions

diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index f1d445c4b..1e25e0872 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -272,6 +272,8 @@ type ContainerCreateOptions struct {
 	Net *NetOptions `json:"net,omitempty"`
 
 	CgroupConf []string
+
+	PasswdEntry string
 }
 
 func NewInfraContainerCreateOptions() ContainerCreateOptions {
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 6a611e854..5667a02e8 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -8,7 +8,6 @@ import (
 
 	cdi "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
 	"github.com/containers/common/libimage"
-	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/namespaces"
@@ -184,32 +183,19 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		if err != nil {
 			return nil, nil, nil, err
 		}
-
-		switch {
-		case s.ResourceLimits.CPU != nil:
-			runtimeSpec.Linux.Resources.CPU = s.ResourceLimits.CPU
-		case s.ResourceLimits.Memory != nil:
-			runtimeSpec.Linux.Resources.Memory = s.ResourceLimits.Memory
-		case s.ResourceLimits.BlockIO != nil:
-			runtimeSpec.Linux.Resources.BlockIO = s.ResourceLimits.BlockIO
-		case s.ResourceLimits.Devices != nil:
-			runtimeSpec.Linux.Resources.Devices = s.ResourceLimits.Devices
-		}
-
-		cgroup2, err := cgroups.IsCgroup2UnifiedMode()
-		if err != nil {
-			return nil, nil, nil, err
-		}
-		if cgroup2 && s.ResourceLimits.Memory != nil && s.ResourceLimits.Memory.Swappiness != nil { // conf.Spec.Linux contains memory swappiness established after the spec process we need to remove that
-			s.ResourceLimits.Memory.Swappiness = nil
-			if runtimeSpec.Linux.Resources.Memory != nil {
-				runtimeSpec.Linux.Resources.Memory.Swappiness = nil
+		if s.ResourceLimits != nil {
+			switch {
+			case s.ResourceLimits.CPU != nil:
+				runtimeSpec.Linux.Resources.CPU = s.ResourceLimits.CPU
+			case s.ResourceLimits.Memory != nil:
+				runtimeSpec.Linux.Resources.Memory = s.ResourceLimits.Memory
+			case s.ResourceLimits.BlockIO != nil:
+				runtimeSpec.Linux.Resources.BlockIO = s.ResourceLimits.BlockIO
+			case s.ResourceLimits.Devices != nil:
+				runtimeSpec.Linux.Resources.Devices = s.ResourceLimits.Devices
 			}
 		}
 	}
-	if err != nil {
-		return nil, nil, nil, err
-	}
 	if len(s.HostDeviceList) > 0 {
 		options = append(options, libpod.WithHostDevice(s.HostDeviceList))
 	}
@@ -286,6 +272,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
 	if s.Volatile {
 		options = append(options, libpod.WithVolatile())
 	}
+	if s.PasswdEntry != "" {
+		options = append(options, libpod.WithPasswdEntry(s.PasswdEntry))
+	}
 
 	useSystemd := false
 	switch s.Systemd {
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index dfac1d457..79e20667b 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -206,6 +206,8 @@ type ContainerBasicConfig struct {
 	UnsetEnvAll bool `json:"unsetenvall,omitempty"`
 	// Passwd is a container run option that determines if we are validating users/groups before running the container
 	Passwd *bool `json:"manage_password,omitempty"`
+	// PasswdEntry specifies arbitrary data to append to a file.
+	PasswdEntry string `json:"passwd_entry,omitempty"`
 }
 
 // ContainerStorageConfig contains information on the storage configuration of a
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 7d4fca846..42b66d909 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -832,6 +832,11 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 	if s.Passwd == nil {
 		s.Passwd = &t
 	}
+
+	if len(s.PasswdEntry) == 0 || len(c.PasswdEntry) != 0 {
+		s.PasswdEntry = c.PasswdEntry
+	}
+
 	return nil
 }