use cached containers.conf

Use `Default()` instead of re-loading containers.conf.

Also rework how the containers.conf objects are handled for parsing the
CLI.  Previously, we were conflating "loading the defaults" with
"storing values from the CLI" with "libpod may further change fields"
which ultimately led to various bugs and test failues.

To address the issue, separate the defaults from the values from the CLI
and properly name the fields to make the semantics less ambiguous.

[NO NEW TESTS NEEDED] as it's not a functional change.

Fixes: containers/common/issues/1200
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>

cmd/podman/common/create.go

@@ -14,7 +14,7 @@ import (
 
 const sizeWithUnitFormat = "(format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes))"
 
-var containerConfig = registry.PodmanConfig()
+var podmanConfig = registry.PodmanConfig()
 
 // ContainerToPodOptions takes the Container and Pod Create options, assigning the matching values back to podCreate for the purpose of the libpod API
 // For this function to succeed, the JSON tags in PodCreateOptions and ContainerCreateOptions need to match due to the Marshaling and Unmarshaling done.
@@ -218,7 +218,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 
 		createFlags.BoolVar(
 			&cf.HTTPProxy,
-			"http-proxy", containerConfig.Containers.HTTPProxy,
+			"http-proxy", podmanConfig.ContainersConfDefaultsRO.Containers.HTTPProxy,
 			"Set proxy environment variables in the container based on the host proxy vars",
 		)
 

cmd/podman/common/create_opts.go

@@ -8,70 +8,70 @@ import (
 
 func ulimits() []string {
 	if !registry.IsRemote() {
-		return containerConfig.Ulimits()
+		return podmanConfig.ContainersConfDefaultsRO.Ulimits()
 	}
 	return nil
 }
 
 func cgroupConfig() string {
 	if !registry.IsRemote() {
-		return containerConfig.Cgroups()
+		return podmanConfig.ContainersConfDefaultsRO.Cgroups()
 	}
 	return ""
 }
 
 func devices() []string {
 	if !registry.IsRemote() {
-		return containerConfig.Devices()
+		return podmanConfig.ContainersConfDefaultsRO.Devices()
 	}
 	return nil
 }
 
 func Env() []string {
 	if !registry.IsRemote() {
-		return containerConfig.Env()
+		return podmanConfig.ContainersConfDefaultsRO.Env()
 	}
 	return nil
 }
 
 func initPath() string {
 	if !registry.IsRemote() {
-		return containerConfig.InitPath()
+		return podmanConfig.ContainersConfDefaultsRO.InitPath()
 	}
 	return ""
 }
 
 func pidsLimit() int64 {
 	if !registry.IsRemote() {
-		return containerConfig.PidsLimit()
+		return podmanConfig.ContainersConfDefaultsRO.PidsLimit()
 	}
 	return -1
 }
 
 func policy() string {
 	if !registry.IsRemote() {
-		return containerConfig.Engine.PullPolicy
+		return podmanConfig.ContainersConfDefaultsRO.Engine.PullPolicy
 	}
 	return ""
 }
 
 func shmSize() string {
 	if !registry.IsRemote() {
-		return containerConfig.ShmSize()
+		return podmanConfig.ContainersConfDefaultsRO.ShmSize()
 	}
 	return ""
 }
 
 func volumes() []string {
 	if !registry.IsRemote() {
-		return containerConfig.Volumes()
+		return podmanConfig.ContainersConfDefaultsRO.Volumes()
 	}
 	return nil
 }
 
 func LogDriver() string {
 	if !registry.IsRemote() {
-		return containerConfig.Containers.LogDriver
+		return podmanConfig.ContainersConfDefaultsRO.Containers.LogDriver
 	}
 	return ""
 }
@@ -81,14 +81,14 @@ func DefineCreateDefaults(opts *entities.ContainerCreateOptions) {
 	opts.LogDriver = LogDriver()
 	opts.CgroupsMode = cgroupConfig()
 	opts.MemorySwappiness = -1
-	opts.ImageVolume = containerConfig.Engine.ImageVolumeMode
+	opts.ImageVolume = podmanConfig.ContainersConfDefaultsRO.Engine.ImageVolumeMode
 	opts.Pull = policy()
 	opts.ReadOnlyTmpFS = true
 	opts.SdNotifyMode = define.SdNotifyModeContainer
-	opts.StopTimeout = containerConfig.Engine.StopTimeout
+	opts.StopTimeout = podmanConfig.ContainersConfDefaultsRO.Engine.StopTimeout
 	opts.Systemd = "true"
-	opts.Timezone = containerConfig.TZ()
-	opts.Umask = containerConfig.Umask()
+	opts.Timezone = podmanConfig.ContainersConfDefaultsRO.TZ()
+	opts.Umask = podmanConfig.ContainersConfDefaultsRO.Umask()
 	opts.Ulimit = ulimits()
 	opts.SeccompPolicy = "default"
 	opts.Volume = volumes()

cmd/podman/common/netflags.go

@@ -28,20 +28,20 @@ func DefineNetFlags(cmd *cobra.Command) {
 
 	dnsFlagName := "dns"
 	netFlags.StringSlice(
-		dnsFlagName, containerConfig.DNSServers(),
+		dnsFlagName, podmanConfig.ContainersConf.DNSServers(),
 		"Set custom DNS servers",
 	)
 	_ = cmd.RegisterFlagCompletionFunc(dnsFlagName, completion.AutocompleteNone)
 
 	dnsOptFlagName := "dns-option"
 	netFlags.StringSlice(
-		dnsOptFlagName, containerConfig.DNSOptions(),
+		dnsOptFlagName, podmanConfig.ContainersConf.DNSOptions(),
 		"Set custom DNS options",
 	)
 	_ = cmd.RegisterFlagCompletionFunc(dnsOptFlagName, completion.AutocompleteNone)
 	dnsSearchFlagName := "dns-search"
 	netFlags.StringSlice(
-		dnsSearchFlagName, containerConfig.DNSSearches(),
+		dnsSearchFlagName, podmanConfig.ContainersConf.DNSSearches(),
 		"Set custom DNS search domains",
 	)
 	_ = cmd.RegisterFlagCompletionFunc(dnsSearchFlagName, completion.AutocompleteNone)
@@ -89,7 +89,7 @@ func DefineNetFlags(cmd *cobra.Command) {
 	_ = cmd.RegisterFlagCompletionFunc(publishFlagName, completion.AutocompleteNone)
 
 	netFlags.Bool(
-		"no-hosts", containerConfig.Containers.NoHosts,
+		"no-hosts", podmanConfig.ContainersConfDefaultsRO.Containers.NoHosts,
 		"Do not create /etc/hosts within the container, instead use the version from the image",
 	)
 }

cmd/podman/containers/ps.go

@@ -125,8 +125,8 @@ func checkFlags(c *cobra.Command) error {
 	if listOpts.Watch > 0 && listOpts.Latest {
 		return errors.New("the watch and latest flags cannot be used together")
 	}
-	cfg := registry.PodmanConfig()
-	if cfg.Engine.Namespace != "" {
+	podmanConfig := registry.PodmanConfig()
+	if podmanConfig.ContainersConf.Engine.Namespace != "" {
 		if c.Flag("storage").Changed && listOpts.External {
 			return errors.New("--namespace and --external flags can not both be set")
 		}

cmd/podman/images/build.go

@@ -504,11 +504,11 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		runtimeFlags = append(runtimeFlags, "--"+arg)
 	}
 
-	containerConfig := registry.PodmanConfig()
-	for _, arg := range containerConfig.RuntimeFlags {
+	podmanConfig := registry.PodmanConfig()
+	for _, arg := range podmanConfig.RuntimeFlags {
 		runtimeFlags = append(runtimeFlags, "--"+arg)
 	}
-	if containerConfig.Engine.CgroupManager == config.SystemdCgroupsManager {
+	if podmanConfig.ContainersConf.Engine.CgroupManager == config.SystemdCgroupsManager {
 		runtimeFlags = append(runtimeFlags, "--systemd-cgroup")
 	}
 
@@ -576,7 +576,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		ConfigureNetwork:        networkPolicy,
 		ContextDirectory:        contextDir,
 		CPPFlags:                flags.CPPFlags,
-		DefaultMountsFilePath:   containerConfig.Containers.DefaultMountsFile,
+		DefaultMountsFilePath:   podmanConfig.ContainersConfDefaultsRO.Containers.DefaultMountsFile,
 		Devices:                 flags.Devices,
 		DropCapabilities:        flags.CapDrop,
 		Envs:                    flags.Envs,
@@ -608,7 +608,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		Quiet:                   flags.Quiet,
 		RemoveIntermediateCtrs:  flags.Rm,
 		ReportWriter:            reporter,
-		Runtime:                 containerConfig.RuntimePath,
+		Runtime:                 podmanConfig.RuntimePath,
 		RuntimeArgs:             runtimeFlags,
 		RusageLogFile:           flags.RusageLogFile,
 		SignBy:                  flags.SignBy,

cmd/podman/images/save.go

@@ -95,7 +95,7 @@ func saveFlags(cmd *cobra.Command) {
 	_ = cmd.RegisterFlagCompletionFunc(outputFlagName, completion.AutocompleteDefault)
 
 	flags.BoolVarP(&saveOpts.Quiet, "quiet", "q", false, "Suppress the output")
-	flags.BoolVarP(&saveOpts.MultiImageArchive, "multi-image-archive", "m", containerConfig.Engine.MultiImageArchive, "Interpret additional arguments as images not tags and create a multi-image-archive (only for docker-archive)")
+	flags.BoolVarP(&saveOpts.MultiImageArchive, "multi-image-archive", "m", containerConfig.ContainersConfDefaultsRO.Engine.MultiImageArchive, "Interpret additional arguments as images not tags and create a multi-image-archive (only for docker-archive)")
 
 	if !registry.IsRemote() {
 		flags.StringVar(&saveOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")

cmd/podman/machine/init.go

@@ -46,7 +46,7 @@ func init() {
 	cpusFlagName := "cpus"
 	flags.Uint64Var(
 		&initOpts.CPUS,
-		cpusFlagName, cfg.Machine.CPUs,
+		cpusFlagName, cfg.ContainersConfDefaultsRO.Machine.CPUs,
 		"Number of CPUs",
 	)
 	_ = initCmd.RegisterFlagCompletionFunc(cpusFlagName, completion.AutocompleteNone)
@@ -54,7 +54,7 @@ func init() {
 	diskSizeFlagName := "disk-size"
 	flags.Uint64Var(
 		&initOpts.DiskSize,
-		diskSizeFlagName, cfg.Machine.DiskSize,
+		diskSizeFlagName, cfg.ContainersConfDefaultsRO.Machine.DiskSize,
 		"Disk size in GB",
 	)
 
@@ -63,7 +63,7 @@ func init() {
 	memoryFlagName := "memory"
 	flags.Uint64VarP(
 		&initOpts.Memory,
-		memoryFlagName, "m", cfg.Machine.Memory,
+		memoryFlagName, "m", cfg.ContainersConfDefaultsRO.Machine.Memory,
 		"Memory in MB",
 	)
 	_ = initCmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone)
@@ -74,7 +74,7 @@ func init() {
 		"Start machine now",
 	)
 	timezoneFlagName := "timezone"
-	defaultTz := cfg.TZ()
+	defaultTz := cfg.ContainersConfDefaultsRO.TZ()
 	if len(defaultTz) < 1 {
 		defaultTz = "local"
 	}
@@ -89,15 +89,15 @@ func init() {
 	_ = flags.MarkHidden("reexec")
 
 	UsernameFlagName := "username"
-	flags.StringVar(&initOpts.Username, UsernameFlagName, cfg.Machine.User, "Username used in qcow image")
+	flags.StringVar(&initOpts.Username, UsernameFlagName, cfg.ContainersConfDefaultsRO.Machine.User, "Username used in qcow image")
 	_ = initCmd.RegisterFlagCompletionFunc(UsernameFlagName, completion.AutocompleteDefault)
 
 	ImagePathFlagName := "image-path"
-	flags.StringVar(&initOpts.ImagePath, ImagePathFlagName, cfg.Machine.Image, "Path to qcow image")
+	flags.StringVar(&initOpts.ImagePath, ImagePathFlagName, cfg.ContainersConfDefaultsRO.Machine.Image, "Path to qcow image")
 	_ = initCmd.RegisterFlagCompletionFunc(ImagePathFlagName, completion.AutocompleteDefault)
 
 	VolumeFlagName := "volume"
-	flags.StringArrayVarP(&initOpts.Volumes, VolumeFlagName, "v", cfg.Machine.Volumes, "Volumes to mount, source:target")
+	flags.StringArrayVarP(&initOpts.Volumes, VolumeFlagName, "v", cfg.ContainersConfDefaultsRO.Machine.Volumes, "Volumes to mount, source:target")
 	_ = initCmd.RegisterFlagCompletionFunc(VolumeFlagName, completion.AutocompleteDefault)
 
 	VolumeDriverFlagName := "volume-driver"

cmd/podman/registry/config.go

@@ -51,7 +51,7 @@ func newPodmanConfig() {
 		os.Exit(1)
 	}
 
-	cfg, err := config.NewConfig("")
+	defaultConfig, err := config.Default()
 	if err != nil {
 		fmt.Fprint(os.Stderr, "Failed to obtain podman configuration: "+err.Error())
 		os.Exit(1)
@@ -76,11 +76,11 @@ func newPodmanConfig() {
 
 	// If EngineMode==Tunnel has not been set on the command line or environment
 	// but has been set in containers.conf...
-	if mode == entities.ABIMode && cfg.Engine.Remote {
+	if mode == entities.ABIMode && defaultConfig.Engine.Remote {
 		mode = entities.TunnelMode
 	}
 
-	podmanOptions = entities.PodmanConfig{Config: cfg, EngineMode: mode}
+	podmanOptions = entities.PodmanConfig{ContainersConf: &config.Config{}, ContainersConfDefaultsRO: defaultConfig, EngineMode: mode}
 }
 
 // setXdgDirs ensures the XDG_RUNTIME_DIR env and XDG_CONFIG_HOME variables are set.

cmd/podman/root.go

@@ -126,8 +126,8 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 		return nil
 	}
 
-	cfg := registry.PodmanConfig()
-	if cfg.NoOut {
+	podmanConfig := registry.PodmanConfig()
+	if podmanConfig.NoOut {
 		null, _ := os.Open(os.DevNull)
 		os.Stdout = null
 	}
@@ -161,14 +161,14 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 				}
 				runtimeFlag.Changed = true
 				logrus.Debugf("Checkpoint was created using '%s'. Restore will use the same runtime", *runtime)
-			} else if cfg.RuntimePath != *runtime {
+			} else if podmanConfig.RuntimePath != *runtime {
 				// If the user selected a runtime on the command-line this checks if
 				// it is the same then during checkpointing and errors out if not.
 				return fmt.Errorf(
 					"checkpoint archive %s was created with runtime '%s' and cannot be restored with runtime '%s'",
 					cmd.Flag("import").Value.String(),
 					*runtime,
-					cfg.RuntimePath,
+					podmanConfig.RuntimePath,
 				)
 			}
 		}
@@ -176,16 +176,16 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 
 	setupConnection := func() error {
 		var err error
-		cfg.URI, cfg.Identity, cfg.MachineMode, err = cfg.ActiveDestination()
+		podmanConfig.URI, podmanConfig.Identity, podmanConfig.MachineMode, err = podmanConfig.ContainersConf.ActiveDestination()
 		if err != nil {
 			return fmt.Errorf("failed to resolve active destination: %w", err)
 		}
 
-		if err := cmd.Root().LocalFlags().Set("url", cfg.URI); err != nil {
+		if err := cmd.Root().LocalFlags().Set("url", podmanConfig.URI); err != nil {
 			return fmt.Errorf("failed to override --url flag: %w", err)
 		}
 
-		if err := cmd.Root().LocalFlags().Set("identity", cfg.Identity); err != nil {
+		if err := cmd.Root().LocalFlags().Set("identity", podmanConfig.Identity); err != nil {
 			return fmt.Errorf("failed to override --identity flag: %w", err)
 		}
 		return nil
@@ -198,7 +198,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 		if contextConn != nil && contextConn.Changed {
 			return fmt.Errorf("use of --connection and --context at the same time is not allowed")
 		}
-		cfg.Engine.ActiveService = conn.Value.String()
+		podmanConfig.ContainersConf.Engine.ActiveService = conn.Value.String()
 		if err := setupConnection(); err != nil {
 			return err
 		}
@@ -206,7 +206,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 	if contextConn != nil && contextConn.Changed {
 		service := contextConn.Value.String()
 		if service != "default" {
-			cfg.Engine.ActiveService = service
+			podmanConfig.ContainersConf.Engine.ActiveService = service
 			if err := setupConnection(); err != nil {
 				return err
 			}
@@ -244,7 +244,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 
 	// Hard code TMPDIR functions to use /var/tmp, if user did not override
 	if _, ok := os.LookupEnv("TMPDIR"); !ok {
-		if tmpdir, err := cfg.ImageCopyTmpDir(); err != nil {
+		if tmpdir, err := podmanConfig.ContainersConfDefaultsRO.ImageCopyTmpDir(); err != nil {
 			logrus.Warnf("Failed to retrieve default tmp dir: %s", err.Error())
 		} else {
 			os.Setenv("TMPDIR", tmpdir)
@@ -253,7 +253,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 
 	if !registry.IsRemote() {
 		if cmd.Flag("cpu-profile").Changed {
-			f, err := os.Create(cfg.CPUProfile)
+			f, err := os.Create(podmanConfig.CPUProfile)
 			if err != nil {
 				return err
 			}
@@ -273,10 +273,10 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error {
 			}
 		}
 
-		if cfg.MaxWorks <= 0 {
-			return fmt.Errorf("maximum workers must be set to a positive number (got %d)", cfg.MaxWorks)
+		if podmanConfig.MaxWorks <= 0 {
+			return fmt.Errorf("maximum workers must be set to a positive number (got %d)", podmanConfig.MaxWorks)
 		}
-		if err := parallel.SetMaxThreads(uint(cfg.MaxWorks)); err != nil {
+		if err := parallel.SetMaxThreads(uint(podmanConfig.MaxWorks)); err != nil {
 			return err
 		}
 	}
@@ -366,17 +366,16 @@ func loggingHook() {
 	}
 }
 
-func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
-	cfg := opts.Config
+func rootFlags(cmd *cobra.Command, podmanConfig *entities.PodmanConfig) {
 	srv, uri, ident, machine := resolveDestination()
 
 	lFlags := cmd.Flags()
 
 	// non configurable option to help ssh dialing
-	opts.MachineMode = machine
+	podmanConfig.MachineMode = machine
 
 	sshFlagName := "ssh"
-	lFlags.StringVar(&opts.SSHMode, sshFlagName, string(ssh.GolangMode), "define the ssh mode")
+	lFlags.StringVar(&podmanConfig.SSHMode, sshFlagName, string(ssh.GolangMode), "define the ssh mode")
 	_ = cmd.RegisterFlagCompletionFunc(sshFlagName, common.AutocompleteSSH)
 
 	connectionFlagName := "connection"
@@ -384,9 +383,9 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
 	_ = cmd.RegisterFlagCompletionFunc(connectionFlagName, common.AutocompleteSystemConnections)
 
 	urlFlagName := "url"
-	lFlags.StringVar(&opts.URI, urlFlagName, uri, "URL to access Podman service (CONTAINER_HOST)")
+	lFlags.StringVar(&podmanConfig.URI, urlFlagName, uri, "URL to access Podman service (CONTAINER_HOST)")
 	_ = cmd.RegisterFlagCompletionFunc(urlFlagName, completion.AutocompleteDefault)
-	lFlags.StringVarP(&opts.URI, "host", "H", uri, "Used for Docker compatibility")
+	lFlags.StringVarP(&podmanConfig.URI, "host", "H", uri, "Used for Docker compatibility")
 	_ = lFlags.MarkHidden("host")
 
 	lFlags.StringVar(&dockerConfig, "config", "", "Ignored for Docker compatibility")
@@ -396,85 +395,85 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
 	_ = lFlags.MarkHidden("context")
 
 	identityFlagName := "identity"
-	lFlags.StringVar(&opts.Identity, identityFlagName, ident, "path to SSH identity file, (CONTAINER_SSHKEY)")
+	lFlags.StringVar(&podmanConfig.Identity, identityFlagName, ident, "path to SSH identity file, (CONTAINER_SSHKEY)")
 	_ = cmd.RegisterFlagCompletionFunc(identityFlagName, completion.AutocompleteDefault)
 
-	lFlags.BoolVar(&opts.NoOut, "noout", false, "do not output to stdout")
-	lFlags.BoolVarP(&opts.Remote, "remote", "r", registry.IsRemote(), "Access remote Podman service")
+	lFlags.BoolVar(&podmanConfig.NoOut, "noout", false, "do not output to stdout")
+	lFlags.BoolVarP(&podmanConfig.Remote, "remote", "r", registry.IsRemote(), "Access remote Podman service")
 	pFlags := cmd.PersistentFlags()
 	if registry.IsRemote() {
 		if err := lFlags.MarkHidden("remote"); err != nil {
 			logrus.Warnf("Unable to mark --remote flag as hidden: %s", err.Error())
 		}
-		opts.Remote = true
+		podmanConfig.Remote = true
 	} else {
 		cgroupManagerFlagName := "cgroup-manager"
-		pFlags.StringVar(&cfg.Engine.CgroupManager, cgroupManagerFlagName, cfg.Engine.CgroupManager, "Cgroup manager to use (\"cgroupfs\"|\"systemd\")")
+		pFlags.StringVar(&podmanConfig.ContainersConf.Engine.CgroupManager, cgroupManagerFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.CgroupManager, "Cgroup manager to use (\"cgroupfs\"|\"systemd\")")
 		_ = cmd.RegisterFlagCompletionFunc(cgroupManagerFlagName, common.AutocompleteCgroupManager)
 
-		pFlags.StringVar(&opts.CPUProfile, "cpu-profile", "", "Path for the cpu-profiling results")
-		pFlags.StringVar(&opts.MemoryProfile, "memory-profile", "", "Path for the memory-profiling results")
+		pFlags.StringVar(&podmanConfig.CPUProfile, "cpu-profile", "", "Path for the cpu-profiling results")
+		pFlags.StringVar(&podmanConfig.MemoryProfile, "memory-profile", "", "Path for the memory-profiling results")
 
 		conmonFlagName := "conmon"
-		pFlags.StringVar(&opts.ConmonPath, conmonFlagName, "", "Path of the conmon binary")
+		pFlags.StringVar(&podmanConfig.ConmonPath, conmonFlagName, "", "Path of the conmon binary")
 		_ = cmd.RegisterFlagCompletionFunc(conmonFlagName, completion.AutocompleteDefault)
 
 		networkCmdPathFlagName := "network-cmd-path"
-		pFlags.StringVar(&cfg.Engine.NetworkCmdPath, networkCmdPathFlagName, cfg.Engine.NetworkCmdPath, "Path to the command for configuring the network")
+		pFlags.StringVar(&podmanConfig.ContainersConf.Engine.NetworkCmdPath, networkCmdPathFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.NetworkCmdPath, "Path to the command for configuring the network")
 		_ = cmd.RegisterFlagCompletionFunc(networkCmdPathFlagName, completion.AutocompleteDefault)
 
 		networkConfigDirFlagName := "network-config-dir"
-		pFlags.StringVar(&cfg.Network.NetworkConfigDir, networkConfigDirFlagName, cfg.Network.NetworkConfigDir, "Path of the configuration directory for networks")
+		pFlags.StringVar(&podmanConfig.ContainersConf.Network.NetworkConfigDir, networkConfigDirFlagName, podmanConfig.ContainersConfDefaultsRO.Network.NetworkConfigDir, "Path of the configuration directory for networks")
 		_ = cmd.RegisterFlagCompletionFunc(networkConfigDirFlagName, completion.AutocompleteDefault)
 
-		pFlags.StringVar(&cfg.Containers.DefaultMountsFile, "default-mounts-file", cfg.Containers.DefaultMountsFile, "Path to default mounts file")
+		pFlags.StringVar(&podmanConfig.ContainersConf.Containers.DefaultMountsFile, "default-mounts-file", podmanConfig.ContainersConfDefaultsRO.Containers.DefaultMountsFile, "Path to default mounts file")
 
 		eventsBackendFlagName := "events-backend"
-		pFlags.StringVar(&cfg.Engine.EventsLogger, eventsBackendFlagName, cfg.Engine.EventsLogger, `Events backend to use ("file"|"journald"|"none")`)
+		pFlags.StringVar(&podmanConfig.ContainersConf.Engine.EventsLogger, eventsBackendFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.EventsLogger, `Events backend to use ("file"|"journald"|"none")`)
 		_ = cmd.RegisterFlagCompletionFunc(eventsBackendFlagName, common.AutocompleteEventBackend)
 
 		hooksDirFlagName := "hooks-dir"
-		pFlags.StringSliceVar(&cfg.Engine.HooksDir, hooksDirFlagName, cfg.Engine.HooksDir, "Set the OCI hooks directory path (may be set multiple times)")
+		pFlags.StringSliceVar(&podmanConfig.ContainersConf.Engine.HooksDir, hooksDirFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.HooksDir, "Set the OCI hooks directory path (may be set multiple times)")
 		_ = cmd.RegisterFlagCompletionFunc(hooksDirFlagName, completion.AutocompleteDefault)
 
-		pFlags.IntVar(&opts.MaxWorks, "max-workers", (runtime.NumCPU()*3)+1, "The maximum number of workers for parallel operations")
+		pFlags.IntVar(&podmanConfig.MaxWorks, "max-workers", (runtime.NumCPU()*3)+1, "The maximum number of workers for parallel operations")
 
 		namespaceFlagName := "namespace"
-		pFlags.StringVar(&cfg.Engine.Namespace, namespaceFlagName, cfg.Engine.Namespace, "Set the libpod namespace, used to create separate views of the containers and pods on the system")
+		pFlags.StringVar(&podmanConfig.ContainersConf.Engine.Namespace, namespaceFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.Namespace, "Set the libpod namespace, used to create separate views of the containers and pods on the system")
 		_ = cmd.RegisterFlagCompletionFunc(namespaceFlagName, completion.AutocompleteNone)
 
 		networkBackendFlagName := "network-backend"
-		pFlags.StringVar(&cfg.Network.NetworkBackend, networkBackendFlagName, cfg.Network.NetworkBackend, `Network backend to use ("cni"|"netavark")`)
+		pFlags.StringVar(&podmanConfig.ContainersConf.Network.NetworkBackend, networkBackendFlagName, podmanConfig.ContainersConfDefaultsRO.Network.NetworkBackend, `Network backend to use ("cni"|"netavark")`)
 		_ = cmd.RegisterFlagCompletionFunc(networkBackendFlagName, common.AutocompleteNetworkBackend)
 		_ = pFlags.MarkHidden(networkBackendFlagName)
 
 		rootFlagName := "root"
-		pFlags.StringVar(&cfg.Engine.StaticDir, rootFlagName, "", "Path to the root directory in which data, including images, is stored")
+		pFlags.StringVar(&podmanConfig.ContainersConf.Engine.StaticDir, rootFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.StaticDir, "Path to the root directory in which data, including images, is stored")
 		_ = cmd.RegisterFlagCompletionFunc(rootFlagName, completion.AutocompleteDefault)
 
-		pFlags.StringVar(&opts.RegistriesConf, "registries-conf", "", "Path to a registries.conf to use for image processing")
+		pFlags.StringVar(&podmanConfig.RegistriesConf, "registries-conf", "", "Path to a registries.conf to use for image processing")
 
 		runrootFlagName := "runroot"
-		pFlags.StringVar(&opts.Runroot, runrootFlagName, "", "Path to the 'run directory' where all state information is stored")
+		pFlags.StringVar(&podmanConfig.Runroot, runrootFlagName, "", "Path to the 'run directory' where all state information is stored")
 		_ = cmd.RegisterFlagCompletionFunc(runrootFlagName, completion.AutocompleteDefault)
 
 		runtimeFlagName := "runtime"
-		pFlags.StringVar(&opts.RuntimePath, runtimeFlagName, cfg.Engine.OCIRuntime, "Path to the OCI-compatible binary used to run containers.")
+		pFlags.StringVar(&podmanConfig.RuntimePath, runtimeFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.OCIRuntime, "Path to the OCI-compatible binary used to run containers.")
 		_ = cmd.RegisterFlagCompletionFunc(runtimeFlagName, completion.AutocompleteDefault)
 
 		// -s is deprecated due to conflict with -s on subcommands
 		storageDriverFlagName := "storage-driver"
-		pFlags.StringVar(&opts.StorageDriver, storageDriverFlagName, "", "Select which storage driver is used to manage storage of images and containers")
+		pFlags.StringVar(&podmanConfig.StorageDriver, storageDriverFlagName, "", "Select which storage driver is used to manage storage of images and containers")
 		_ = cmd.RegisterFlagCompletionFunc(storageDriverFlagName, completion.AutocompleteNone)
 
 		tmpdirFlagName := "tmpdir"
-		pFlags.StringVar(&opts.Engine.TmpDir, tmpdirFlagName, "", "Path to the tmp directory for libpod state content.\n\nNote: use the environment variable 'TMPDIR' to change the temporary storage location for container images, '/var/tmp'.\n")
+		pFlags.StringVar(&podmanConfig.ContainersConf.Engine.TmpDir, tmpdirFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.TmpDir, "Path to the tmp directory for libpod state content.\n\nNote: use the environment variable 'TMPDIR' to change the temporary storage location for container images, '/var/tmp'.\n")
 		_ = cmd.RegisterFlagCompletionFunc(tmpdirFlagName, completion.AutocompleteDefault)
 
-		pFlags.BoolVar(&opts.Trace, "trace", false, "Enable opentracing output (default false)")
+		pFlags.BoolVar(&podmanConfig.Trace, "trace", false, "Enable opentracing output (default false)")
 
 		volumePathFlagName := "volumepath"
-		pFlags.StringVar(&opts.Engine.VolumePath, volumePathFlagName, "", "Path to the volume directory in which volume data is stored")
+		pFlags.StringVar(&podmanConfig.ContainersConf.Engine.VolumePath, volumePathFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.VolumePath, "Path to the volume directory in which volume data is stored")
 		_ = cmd.RegisterFlagCompletionFunc(volumePathFlagName, completion.AutocompleteDefault)
 
 		// Hide these flags for both ABI and Tunneling
@@ -492,7 +491,7 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
 		}
 	}
 	storageOptFlagName := "storage-opt"
-	pFlags.StringArrayVar(&opts.StorageOpts, storageOptFlagName, []string{}, "Used to pass an option to the storage driver")
+	pFlags.StringArrayVar(&podmanConfig.StorageOpts, storageOptFlagName, []string{}, "Used to pass an option to the storage driver")
 	_ = cmd.RegisterFlagCompletionFunc(storageOptFlagName, completion.AutocompleteNone)
 
 	// Override default --help information of `--help` global flag
@@ -509,7 +508,7 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
 	// Only create these flags for ABI connections
 	if !registry.IsRemote() {
 		runtimeflagFlagName := "runtime-flag"
-		pFlags.StringArrayVar(&opts.RuntimeFlags, runtimeflagFlagName, []string{}, "add global flags for the container runtime")
+		pFlags.StringArrayVar(&podmanConfig.RuntimeFlags, runtimeflagFlagName, []string{}, "add global flags for the container runtime")
 		_ = rootCmd.RegisterFlagCompletionFunc(runtimeflagFlagName, completion.AutocompleteNone)
 
 		pFlags.BoolVar(&useSyslog, "syslog", false, "Output logging information to syslog as well as the console (default false)")
@@ -525,17 +524,19 @@ func resolveDestination() (string, string, string, bool) {
 		return "", uri, ident, false
 	}
 
-	cfg, err := config.ReadCustomConfig()
+	// FIXME: Why are we not using the Default() one?
+	//        Why are we ignoring errors?
+	podmanConfig, err := config.ReadCustomConfig()
 	if err != nil {
 		logrus.Warning(fmt.Errorf("unable to read local containers.conf: %w", err))
 		return "", registry.DefaultAPIAddress(), "", false
 	}
 
-	uri, ident, machine, err := cfg.ActiveDestination()
+	uri, ident, machine, err := podmanConfig.ActiveDestination()
 	if err != nil {
 		return "", registry.DefaultAPIAddress(), "", false
 	}
-	return cfg.Engine.ActiveService, uri, ident, machine
+	return podmanConfig.Engine.ActiveService, uri, ident, machine
 }
 
 func formatError(err error) string {

cmd/podman/secrets/create.go

@@ -45,11 +45,11 @@ func init() {
 	flags := createCmd.Flags()
 
 	driverFlagName := "driver"
-	flags.StringVarP(&createOpts.Driver, driverFlagName, "d", cfg.Secrets.Driver, "Specify secret driver")
+	flags.StringVarP(&createOpts.Driver, driverFlagName, "d", cfg.ContainersConfDefaultsRO.Secrets.Driver, "Specify secret driver")
 	_ = createCmd.RegisterFlagCompletionFunc(driverFlagName, completion.AutocompleteNone)
 
 	optsFlagName := "driver-opts"
-	flags.StringToStringVar(&createOpts.DriverOpts, optsFlagName, cfg.Secrets.Opts, "Specify driver specific options")
+	flags.StringToStringVar(&createOpts.DriverOpts, optsFlagName, cfg.ContainersConfDefaultsRO.Secrets.Opts, "Specify driver specific options")
 	_ = createCmd.RegisterFlagCompletionFunc(optsFlagName, completion.AutocompleteNone)
 
 	envFlagName := "env"

cmd/podman/system/service.go

@@ -57,7 +57,7 @@ func init() {
 	cfg := registry.PodmanConfig()
 
 	timeFlagName := "time"
-	flags.UintVarP(&srvArgs.Timeout, timeFlagName, "t", cfg.Engine.ServiceTimeout,
+	flags.UintVarP(&srvArgs.Timeout, timeFlagName, "t", cfg.ContainersConfDefaultsRO.Engine.ServiceTimeout,
 		"Time until the service session expires in seconds.  Use 0 to disable the timeout")
 	_ = srvCmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone)
 	flags.SetNormalizeFunc(aliasTimeoutFlag)

libpod/runtime.go

@@ -165,7 +165,7 @@ func SetXdgDirs() error {
 // NewRuntime creates a new container runtime
 // Options can be passed to override the default configuration for the runtime
 func NewRuntime(ctx context.Context, options ...RuntimeOption) (*Runtime, error) {
-	conf, err := config.NewConfig("")
+	conf, err := config.Default()
 	if err != nil {
 		return nil, err
 	}

pkg/domain/entities/engine.go

@@ -30,25 +30,26 @@ func (m EngineMode) String() string {
 // PodmanConfig combines the defaults and settings from the file system with the
 // flags given in os.Args. Some runtime state is also stored here.
 type PodmanConfig struct {
-	*config.Config
 	*pflag.FlagSet
 
-	DockerConfig   string     // Used for Docker compatibility
-	CgroupUsage    string     // rootless code determines Usage message
-	ConmonPath     string     // --conmon flag will set Engine.ConmonPath
-	CPUProfile     string     // Hidden: Should CPU profile be taken
-	EngineMode     EngineMode // ABI or Tunneling mode
-	Identity       string     // ssh identity for connecting to server
-	MaxWorks       int        // maximum number of parallel threads
-	MemoryProfile  string     // Hidden: Should memory profile be taken
-	NoOut          bool       // Don't output to stdout
-	RegistriesConf string     // allows for specifying a custom registries.conf
-	Remote         bool       // Connection to Podman API Service will use RESTful API
-	RuntimePath    string     // --runtime flag will set Engine.RuntimePath
-	RuntimeFlags   []string   // global flags for the container runtime
-	Syslog         bool       // write to StdOut and Syslog, not supported when tunneling
-	Trace          bool       // Hidden: Trace execution
-	URI            string     // URI to RESTful API Service
+	ContainersConf           *config.Config
+	ContainersConfDefaultsRO *config.Config // The read-only! defaults from containers.conf.
+	DockerConfig             string         // Used for Docker compatibility
+	CgroupUsage              string         // rootless code determines Usage message
+	ConmonPath               string         // --conmon flag will set Engine.ConmonPath
+	CPUProfile               string         // Hidden: Should CPU profile be taken
+	EngineMode               EngineMode     // ABI or Tunneling mode
+	Identity                 string         // ssh identity for connecting to server
+	MaxWorks                 int            // maximum number of parallel threads
+	MemoryProfile            string         // Hidden: Should memory profile be taken
+	NoOut                    bool           // Don't output to stdout
+	RegistriesConf           string         // allows for specifying a custom registries.conf
+	Remote                   bool           // Connection to Podman API Service will use RESTful API
+	RuntimePath              string         // --runtime flag will set Engine.RuntimePath
+	RuntimeFlags             []string       // global flags for the container runtime
+	Syslog                   bool           // write to StdOut and Syslog, not supported when tunneling
+	Trace                    bool           // Hidden: Trace execution
+	URI                      string         // URI to RESTful API Service
 
 	Runroot       string
 	StorageDriver string

pkg/domain/entities/system.go

@@ -86,12 +86,6 @@ type SystemDfVolumeReport struct {
 	ReclaimableSize int64
 }
 
-// SystemResetOptions describes the options for resetting your
-// container runtime storage, etc
-type SystemResetOptions struct {
-	Force bool
-}
-
 // SystemVersionReport describes version information about the running Podman service
 type SystemVersionReport struct {
 	// Always populated

pkg/domain/infra/runtime_libpod.go

@@ -146,7 +146,7 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo
 
 	if fs.Changed("root") {
 		storageSet = true
-		storageOpts.GraphRoot = cfg.Engine.StaticDir
+		storageOpts.GraphRoot = cfg.ContainersConf.Engine.StaticDir
 		storageOpts.GraphDriverOptions = []string{}
 	}
 	if fs.Changed("runroot") {
@@ -205,8 +205,8 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo
 	// TODO CLI flags for image config?
 	// TODO CLI flag for signature policy?
 
-	if len(cfg.Engine.Namespace) > 0 {
-		options = append(options, libpod.WithNamespace(cfg.Engine.Namespace))
+	if len(cfg.ContainersConf.Engine.Namespace) > 0 {
+		options = append(options, libpod.WithNamespace(cfg.ContainersConf.Engine.Namespace))
 	}
 
 	if fs.Changed("runtime") {
@@ -217,25 +217,25 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo
 		options = append(options, libpod.WithConmonPath(cfg.ConmonPath))
 	}
 	if fs.Changed("tmpdir") {
-		options = append(options, libpod.WithTmpDir(cfg.Engine.TmpDir))
+		options = append(options, libpod.WithTmpDir(cfg.ContainersConf.Engine.TmpDir))
 	}
 	if fs.Changed("network-cmd-path") {
-		options = append(options, libpod.WithNetworkCmdPath(cfg.Engine.NetworkCmdPath))
+		options = append(options, libpod.WithNetworkCmdPath(cfg.ContainersConf.Engine.NetworkCmdPath))
 	}
 	if fs.Changed("network-backend") {
-		options = append(options, libpod.WithNetworkBackend(cfg.Network.NetworkBackend))
+		options = append(options, libpod.WithNetworkBackend(cfg.ContainersConf.Network.NetworkBackend))
 	}
 
 	if fs.Changed("events-backend") {
-		options = append(options, libpod.WithEventsLogger(cfg.Engine.EventsLogger))
+		options = append(options, libpod.WithEventsLogger(cfg.ContainersConf.Engine.EventsLogger))
 	}
 
 	if fs.Changed("volumepath") {
-		options = append(options, libpod.WithVolumePath(cfg.Engine.VolumePath))
+		options = append(options, libpod.WithVolumePath(cfg.ContainersConf.Engine.VolumePath))
 	}
 
 	if fs.Changed("cgroup-manager") {
-		options = append(options, libpod.WithCgroupManager(cfg.Engine.CgroupManager))
+		options = append(options, libpod.WithCgroupManager(cfg.ContainersConf.Engine.CgroupManager))
 	} else {
 		unified, err := cgroups.IsCgroup2UnifiedMode()
 		if err != nil {
@@ -250,13 +250,13 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo
 	// TODO flag to set libpod tmp dir?
 
 	if fs.Changed("network-config-dir") {
-		options = append(options, libpod.WithCNIConfigDir(cfg.Network.NetworkConfigDir))
+		options = append(options, libpod.WithCNIConfigDir(cfg.ContainersConf.Network.NetworkConfigDir))
 	}
 	if fs.Changed("default-mounts-file") {
-		options = append(options, libpod.WithDefaultMountsFile(cfg.Containers.DefaultMountsFile))
+		options = append(options, libpod.WithDefaultMountsFile(cfg.ContainersConf.Containers.DefaultMountsFile))
 	}
 	if fs.Changed("hooks-dir") {
-		options = append(options, libpod.WithHooksDir(cfg.Engine.HooksDir...))
+		options = append(options, libpod.WithHooksDir(cfg.ContainersConf.Engine.HooksDir...))
 	}
 	if fs.Changed("registries-conf") {
 		options = append(options, libpod.WithRegistriesConf(cfg.RegistriesConf))