7 files changed, 82 insertions, 9 deletions
diff --git a/pkg/bindings/test/images_test.go b/pkg/bindings/test/images_test.go
index 8489e6ff1..4ee824472 100644
--- a/pkg/bindings/test/images_test.go
+++ b/pkg/bindings/test/images_test.go
@@ -85,14 +85,16 @@ var _ = Describe("Podman images", func() {
 
 	// Test to validate the remove image api
 	It("remove image", func() {
-		// Remove invalid image should be a 404
+		// NOTE that removing an image that does not exist will still
+		// return a 200 http status.  The response, however, includes
+		// the exit code that podman-remote should exit with.
+		//
+		// The libpod/images/remove endpoint supports batch removal of
+		// images for performance reasons and for hiding the logic of
+		// deciding which exit code to use from the client.
 		response, errs := images.Remove(bt.conn, []string{"foobar5000"}, nil)
 		Expect(len(errs)).To(BeNumerically(">", 0))
-		code, _ := bindings.CheckResponseCode(errs[0])
-		// FIXME FIXME FIXME: #12441: THIS IS BROKEN
-		// FIXME FIXME FIXME: we get msg: "foobar5000: image not known"
-		// FIXME FIXME FIXME: ...with no ResponseCode
-		Expect(code).To(BeNumerically("==", -1))
+		Expect(response.ExitCode).To(BeNumerically("==", 1)) // podman-remote would exit with 1
 
 		// Remove an image by name, validate image is removed and error is nil
 		inspectData, err := images.GetImage(bt.conn, busybox.shortName, nil)
@@ -102,7 +104,7 @@ var _ = Describe("Podman images", func() {
 
 		Expect(inspectData.ID).To(Equal(response.Deleted[0]))
 		inspectData, err = images.GetImage(bt.conn, busybox.shortName, nil)
-		code, _ = bindings.CheckResponseCode(err)
+		code, _ := bindings.CheckResponseCode(err)
 		Expect(code).To(BeNumerically("==", http.StatusNotFound))
 
 		// Start a container with alpine image
diff --git a/pkg/machine/config.go b/pkg/machine/config.go
index 55d5dd7b4..e5e701303 100644
--- a/pkg/machine/config.go
+++ b/pkg/machine/config.go
@@ -21,6 +21,7 @@ type InitOptions struct {
 	IsDefault    bool
 	Memory       uint64
 	Name         string
+	TimeZone     string
 	URI          url.URL
 	Username     string
 }
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index 5c465d37d..9368cc8ed 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/url"
+	"path/filepath"
 )
 
 /*
@@ -44,6 +45,7 @@ func getNodeGrp(grpName string) NodeGroup {
 type DynamicIgnition struct {
 	Name      string
 	Key       string
+	TimeZone  string
 	VMName    string
 	WritePath string
 }
@@ -76,6 +78,37 @@ func NewIgnitionFile(ign DynamicIgnition) error {
 		Links:       getLinks(ign.Name),
 	}
 
+	// Add or set the time zone for the machine
+	if len(ign.TimeZone) > 0 {
+		var (
+			err error
+			tz  string
+		)
+		// local means the same as the host
+		// lookup where it is pointing to on the host
+		if ign.TimeZone == "local" {
+			tz, err = getLocalTimeZone()
+			if err != nil {
+				return err
+			}
+		} else {
+			tz = ign.TimeZone
+		}
+		tzLink := Link{
+			Node: Node{
+				Group:     getNodeGrp("root"),
+				Path:      "/etc/localtime",
+				Overwrite: boolToPtr(false),
+				User:      getNodeUsr("root"),
+			},
+			LinkEmbedded1: LinkEmbedded1{
+				Hard:   boolToPtr(false),
+				Target: filepath.Join("/usr/share/zoneinfo", tz),
+			},
+		}
+		ignStorage.Links = append(ignStorage.Links, tzLink)
+	}
+
 	// ready is a unit file that sets up the virtual serial device
 	// where when the VM is done configuring, it will send an ack
 	// so a listening host knows it can being interacting with it
diff --git a/pkg/machine/ignition_darwin.go b/pkg/machine/ignition_darwin.go
new file mode 100644
index 000000000..9ede4b026
--- /dev/null
+++ b/pkg/machine/ignition_darwin.go
@@ -0,0 +1,16 @@
+//+build darwin
+
+package machine
+
+import (
+	"os"
+	"strings"
+)
+
+func getLocalTimeZone() (string, error) {
+	tzPath, err := os.Readlink("/etc/localtime")
+	if err != nil {
+		return "", err
+	}
+	return strings.TrimPrefix(tzPath, "/var/db/timezone/zoneinfo"), nil
+}
diff --git a/pkg/machine/ignition_linux.go b/pkg/machine/ignition_linux.go
new file mode 100644
index 000000000..6db5a8e7a
--- /dev/null
+++ b/pkg/machine/ignition_linux.go
@@ -0,0 +1,15 @@
+package machine
+
+import (
+	"os/exec"
+	"strings"
+)
+
+func getLocalTimeZone() (string, error) {
+	output, err := exec.Command("timedatectl", "show", "--property=Timezone").Output()
+	if err != nil {
+		return "", err
+	}
+	// Remove prepended field and the newline
+	return strings.TrimPrefix(strings.TrimSuffix(string(output), "\n"), "Timezone="), nil
+}
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index 57c32bf74..19cd131e1 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -145,6 +145,7 @@ func (v *MachineVM) Init(opts machine.InitOptions) error {
 		// Get image as usual
 		v.ImageStream = opts.ImagePath
 		dd, err := machine.NewFcosDownloader(vmtype, v.Name, opts.ImagePath)
+
 		if err != nil {
 			return err
 		}
@@ -235,6 +236,7 @@ func (v *MachineVM) Init(opts machine.InitOptions) error {
 		Name:      opts.Username,
 		Key:       key,
 		VMName:    v.Name,
+		TimeZone:  opts.TimeZone,
 		WritePath: v.IgnitionFilePath,
 	}
 	return machine.NewIgnitionFile(ign)
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 9f8807915..efac53104 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -325,8 +325,12 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 	}
 	s.HostDeviceList = s.Devices
 
-	for _, dev := range s.DeviceCGroupRule {
-		g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
+	// set the devices cgroup when not running in a user namespace
+	if !inUserNS && !s.Privileged {
+		g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm")
+		for _, dev := range s.DeviceCGroupRule {
+			g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access)
+		}
 	}
 
 	for k, v := range s.WeightDevice {