7 files changed, 184 insertions, 20 deletions
diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go
index 78d5ac474..1b0419892 100644
--- a/pkg/autoupdate/autoupdate.go
+++ b/pkg/autoupdate/autoupdate.go
@@ -63,6 +63,12 @@ func LookupPolicy(s string) (Policy, error) {
 	return "", errors.Errorf("invalid auto-update policy %q: valid policies are %+q", s, keys)
 }
 
+// Options include parameters for auto updates.
+type Options struct {
+	// Authfile to use when contacting registries.
+	Authfile string
+}
+
 // ValidateImageReference checks if the specified imageName is a fully-qualified
 // image reference to the docker transport (without digest).  Such a reference
 // includes a domain, name and tag (e.g., quay.io/podman/stable:latest).  The
@@ -96,7 +102,7 @@ func ValidateImageReference(imageName string) error {
 //
 // It returns a slice of successfully restarted systemd units and a slice of
 // errors encountered during auto update.
-func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) {
+func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) {
 	// Create a map from `image ID -> []*Container`.
 	containerMap, errs := imageContainersMap(runtime)
 	if len(containerMap) == 0 {
@@ -138,7 +144,7 @@ func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) {
 			if rawImageName == "" {
 				errs = append(errs, errors.Errorf("error auto-updating container %q: raw-image name is empty", ctr.ID()))
 			}
-			needsUpdate, err := newerImageAvailable(runtime, image, rawImageName)
+			needsUpdate, err := newerImageAvailable(runtime, image, rawImageName, options)
 			if err != nil {
 				errs = append(errs, errors.Wrapf(err, "error auto-updating container %q: image check for %q failed", ctr.ID(), rawImageName))
 				continue
@@ -148,7 +154,7 @@ func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) {
 			}
 			logrus.Infof("Auto-updating container %q using image %q", ctr.ID(), rawImageName)
 			if _, updated := updatedRawImages[rawImageName]; !updated {
-				_, err = updateImage(runtime, rawImageName)
+				_, err = updateImage(runtime, rawImageName, options)
 				if err != nil {
 					errs = append(errs, errors.Wrapf(err, "error auto-updating container %q: image update for %q failed", ctr.ID(), rawImageName))
 					continue
@@ -230,13 +236,15 @@ func imageContainersMap(runtime *libpod.Runtime) (map[string][]*libpod.Container
 
 // newerImageAvailable returns true if there corresponding image on the remote
 // registry is newer.
-func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName string) (bool, error) {
+func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName string, options Options) (bool, error) {
 	remoteRef, err := docker.ParseReference("//" + origName)
 	if err != nil {
 		return false, err
 	}
 
-	remoteImg, err := remoteRef.NewImage(context.Background(), runtime.SystemContext())
+	sys := runtime.SystemContext()
+	sys.AuthFilePath = options.Authfile
+	remoteImg, err := remoteRef.NewImage(context.Background(), sys)
 	if err != nil {
 		return false, err
 	}
@@ -255,25 +263,22 @@ func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName str
 }
 
 // updateImage pulls the specified image.
-func updateImage(runtime *libpod.Runtime, name string) (*image.Image, error) {
+func updateImage(runtime *libpod.Runtime, name string, options Options) (*image.Image, error) {
 	sys := runtime.SystemContext()
 	registryOpts := image.DockerRegistryOptions{}
 	signaturePolicyPath := ""
-	authFilePath := ""
 
 	if sys != nil {
 		registryOpts.OSChoice = sys.OSChoice
 		registryOpts.ArchitectureChoice = sys.OSChoice
 		registryOpts.DockerCertPath = sys.DockerCertPath
-
 		signaturePolicyPath = sys.SignaturePolicyPath
-		authFilePath = sys.AuthFilePath
 	}
 
 	newImage, err := runtime.ImageRuntime().New(context.Background(),
 		docker.Transport.Name()+"://"+name,
 		signaturePolicyPath,
-		authFilePath,
+		options.Authfile,
 		os.Stderr,
 		&registryOpts,
 		image.SigningOptions{},
diff --git a/pkg/bindings/test/containers_test.go b/pkg/bindings/test/containers_test.go
index f40d8ce46..328691df2 100644
--- a/pkg/bindings/test/containers_test.go
+++ b/pkg/bindings/test/containers_test.go
@@ -596,4 +596,145 @@ var _ = Describe("Podman containers ", func() {
 		Expect(err).To(BeNil())
 		Expect(len(pruneResponse.ID)).To(Equal(0))
 	})
+
+	It("podman inspect bogus container", func() {
+		_, err := containers.Inspect(bt.conn, "foobar", nil)
+		Expect(err).ToNot(BeNil())
+		code, _ := bindings.CheckResponseCode(err)
+		Expect(code).To(BeNumerically("==", http.StatusNotFound))
+	})
+
+	It("podman inspect running container", func() {
+		var name = "top"
+		_, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Inspecting running container should succeed
+		_, err = containers.Inspect(bt.conn, name, nil)
+		Expect(err).To(BeNil())
+	})
+
+	It("podman inspect stopped container", func() {
+		var name = "top"
+		_, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		err = containers.Stop(bt.conn, name, nil)
+		Expect(err).To(BeNil())
+		// Inspecting stopped container should succeed
+		_, err = containers.Inspect(bt.conn, name, nil)
+		Expect(err).To(BeNil())
+	})
+
+	It("podman inspect running container with size", func() {
+		var name = "top"
+		_, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		_, err = containers.Inspect(bt.conn, name, &bindings.PTrue)
+		Expect(err).To(BeNil())
+	})
+
+	It("podman inspect stopped container with size", func() {
+		var name = "top"
+		_, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		err = containers.Stop(bt.conn, name, nil)
+		Expect(err).To(BeNil())
+		// Inspecting stopped container with size should succeed
+		_, err = containers.Inspect(bt.conn, name, &bindings.PTrue)
+		Expect(err).To(BeNil())
+	})
+
+	It("podman remove bogus container", func() {
+		err = containers.Remove(bt.conn, "foobar", nil, nil)
+		code, _ := bindings.CheckResponseCode(err)
+		Expect(code).To(BeNumerically("==", http.StatusNotFound))
+	})
+
+	It("podman remove running container by name", func() {
+		var name = "top"
+		_, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Removing running container should fail
+		err = containers.Remove(bt.conn, name, nil, nil)
+		Expect(err).ToNot(BeNil())
+		code, _ := bindings.CheckResponseCode(err)
+		Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+	})
+
+	It("podman remove running container by ID", func() {
+		var name = "top"
+		cid, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Removing running container should fail
+		err = containers.Remove(bt.conn, cid, nil, nil)
+		Expect(err).ToNot(BeNil())
+		code, _ := bindings.CheckResponseCode(err)
+		Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+	})
+
+	It("podman forcibly remove running container by name", func() {
+		var name = "top"
+		_, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Removing running container should fail
+		err = containers.Remove(bt.conn, name, &bindings.PTrue, nil)
+		Expect(err).To(BeNil())
+		//code, _ := bindings.CheckResponseCode(err)
+		//Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+	})
+
+	It("podman forcibly remove running container by ID", func() {
+		var name = "top"
+		cid, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Removing running container should fail
+		err = containers.Remove(bt.conn, cid, &bindings.PTrue, nil)
+		Expect(err).To(BeNil())
+		//code, _ := bindings.CheckResponseCode(err)
+		//Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+	})
+
+	It("podman remove running container and volume by name", func() {
+		var name = "top"
+		_, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Removing running container should fail
+		err = containers.Remove(bt.conn, name, nil, &bindings.PTrue)
+		Expect(err).ToNot(BeNil())
+		code, _ := bindings.CheckResponseCode(err)
+		Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+	})
+
+	It("podman remove running container and volume by ID", func() {
+		var name = "top"
+		cid, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Removing running container should fail
+		err = containers.Remove(bt.conn, cid, nil, &bindings.PTrue)
+		Expect(err).ToNot(BeNil())
+		code, _ := bindings.CheckResponseCode(err)
+		Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+	})
+
+	It("podman forcibly remove running container and volume by name", func() {
+		var name = "top"
+		_, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Removing running container should fail
+		err = containers.Remove(bt.conn, name, &bindings.PTrue, &bindings.PTrue)
+		Expect(err).To(BeNil())
+		//code, _ := bindings.CheckResponseCode(err)
+		//Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+	})
+
+	It("podman forcibly remove running container and volume by ID", func() {
+		var name = "top"
+		cid, err := bt.RunTopContainer(&name, &bindings.PFalse, nil)
+		Expect(err).To(BeNil())
+		// Removing running container should fail
+		err = containers.Remove(bt.conn, cid, &bindings.PTrue, &bindings.PTrue)
+		Expect(err).To(BeNil())
+		//code, _ := bindings.CheckResponseCode(err)
+		//Expect(code).To(BeNumerically("==", http.StatusInternalServerError))
+	})
+
 })
diff --git a/pkg/domain/entities/auto-update.go b/pkg/domain/entities/auto-update.go
index aef8fc46b..c51158816 100644
--- a/pkg/domain/entities/auto-update.go
+++ b/pkg/domain/entities/auto-update.go
@@ -1,5 +1,11 @@
 package entities
 
+// AutoUpdateOptions are the options for running auto-update.
+type AutoUpdateOptions struct {
+	// Authfile to use when contacting registries.
+	Authfile string
+}
+
 // AutoUpdateReport contains the results from running auto-update.
 type AutoUpdateReport struct {
 	// Units - the restarted systemd units during auto-update.
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index 719ac3f9e..e77f0758b 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -10,7 +10,7 @@ import (
 )
 
 type ContainerEngine interface {
-	AutoUpdate(ctx context.Context) (*AutoUpdateReport, []error)
+	AutoUpdate(ctx context.Context, options AutoUpdateOptions) (*AutoUpdateReport, []error)
 	Config(ctx context.Context) (*config.Config, error)
 	ContainerAttach(ctx context.Context, nameOrId string, options AttachOptions) error
 	ContainerCheckpoint(ctx context.Context, namesOrIds []string, options CheckpointOptions) ([]*CheckpointReport, error)
diff --git a/pkg/domain/infra/abi/auto-update.go b/pkg/domain/infra/abi/auto-update.go
index aa20664b4..9fcc451fd 100644
--- a/pkg/domain/infra/abi/auto-update.go
+++ b/pkg/domain/infra/abi/auto-update.go
@@ -7,7 +7,11 @@ import (
 	"github.com/containers/libpod/pkg/domain/entities"
 )
 
-func (ic *ContainerEngine) AutoUpdate(ctx context.Context) (*entities.AutoUpdateReport, []error) {
-	units, failures := autoupdate.AutoUpdate(ic.Libpod)
+func (ic *ContainerEngine) AutoUpdate(ctx context.Context, options entities.AutoUpdateOptions) (*entities.AutoUpdateReport, []error) {
+	// Convert the entities options to the autoupdate ones.  We can't use
+	// them in the entities package as low-level packages must not leak
+	// into the remote client.
+	autoOpts := autoupdate.Options{Authfile: options.Authfile}
+	units, failures := autoupdate.AutoUpdate(ic.Libpod, autoOpts)
 	return &entities.AutoUpdateReport{Units: units}, failures
 }
diff --git a/pkg/domain/infra/tunnel/auto-update.go b/pkg/domain/infra/tunnel/auto-update.go
index fac033050..5c2dd360d 100644
--- a/pkg/domain/infra/tunnel/auto-update.go
+++ b/pkg/domain/infra/tunnel/auto-update.go
@@ -7,6 +7,6 @@ import (
 	"github.com/pkg/errors"
 )
 
-func (ic *ContainerEngine) AutoUpdate(ctx context.Context) (*entities.AutoUpdateReport, []error) {
+func (ic *ContainerEngine) AutoUpdate(ctx context.Context, options entities.AutoUpdateOptions) (*entities.AutoUpdateReport, []error) {
 	return nil, []error{errors.New("not implemented")}
 }
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 77e92ae29..25cad9578 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -545,10 +545,14 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
 			if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
 				logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err)
 			}
-			current = rlimit.Cur
-			max = rlimit.Max
+			if rlimit.Cur < current {
+				current = rlimit.Cur
+			}
+			if rlimit.Max < max {
+				max = rlimit.Max
+			}
 		}
-		g.AddProcessRlimits("RLIMIT_NOFILE", current, max)
+		g.AddProcessRlimits("RLIMIT_NOFILE", max, current)
 	}
 	if !nprocSet {
 		max := kernelMax
@@ -558,10 +562,14 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error {
 			if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
 				logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err)
 			}
-			current = rlimit.Cur
-			max = rlimit.Max
+			if rlimit.Cur < current {
+				current = rlimit.Cur
+			}
+			if rlimit.Max < max {
+				max = rlimit.Max
+			}
 		}
-		g.AddProcessRlimits("RLIMIT_NPROC", current, max)
+		g.AddProcessRlimits("RLIMIT_NPROC", max, current)
 	}
 
 	return nil