6 files changed, 74 insertions, 32 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index e96b6a8d6..403a1065b 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -518,21 +518,3 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
 	)
 	return &createFlags
 }
-
-func AliasFlags(_ *pflag.FlagSet, name string) pflag.NormalizedName {
-	switch name {
-	case "healthcheck-command":
-		name = "health-cmd"
-	case "healthcheck-interval":
-		name = "health-interval"
-	case "healthcheck-retries":
-		name = "health-retries"
-	case "healthcheck-start-period":
-		name = "health-start-period"
-	case "healthcheck-timeout":
-		name = "health-timeout"
-	case "net":
-		name = "network"
-	}
-	return pflag.NormalizedName(name)
-}
diff --git a/cmd/podman/common/volumes.go b/cmd/podman/common/volumes.go
index 3b8f7ec6e..20c31bd81 100644
--- a/cmd/podman/common/volumes.go
+++ b/cmd/podman/common/volumes.go
@@ -20,6 +20,8 @@ const (
 	TypeVolume = "volume"
 	// TypeTmpfs is the type for mounting tmpfs
 	TypeTmpfs = "tmpfs"
+	// TypeDevpts is the type for creating a devpts
+	TypeDevpts = "devpts"
 )
 
 var (
@@ -197,6 +199,15 @@ func getMounts(mountFlag []string) (map[string]spec.Mount, map[string]*specgen.N
 				return nil, nil, errors.Wrapf(errDuplicateDest, mount.Destination)
 			}
 			finalMounts[mount.Destination] = mount
+		case TypeDevpts:
+			mount, err := getDevptsMount(tokens)
+			if err != nil {
+				return nil, nil, err
+			}
+			if _, ok := finalMounts[mount.Destination]; ok {
+				return nil, nil, errors.Wrapf(errDuplicateDest, mount.Destination)
+			}
+			finalMounts[mount.Destination] = mount
 		case "volume":
 			volume, err := getNamedVolume(tokens)
 			if err != nil {
@@ -416,6 +427,39 @@ func getTmpfsMount(args []string) (spec.Mount, error) {
 	return newMount, nil
 }
 
+// Parse a single devpts mount entry from the --mount flag
+func getDevptsMount(args []string) (spec.Mount, error) {
+	newMount := spec.Mount{
+		Type:   TypeDevpts,
+		Source: TypeDevpts,
+	}
+
+	var setDest bool
+
+	for _, val := range args {
+		kv := strings.Split(val, "=")
+		switch kv[0] {
+		case "target", "dst", "destination":
+			if len(kv) == 1 {
+				return newMount, errors.Wrapf(optionArgError, kv[0])
+			}
+			if err := parse.ValidateVolumeCtrDir(kv[1]); err != nil {
+				return newMount, err
+			}
+			newMount.Destination = filepath.Clean(kv[1])
+			setDest = true
+		default:
+			return newMount, errors.Wrapf(util.ErrBadMntOption, kv[0])
+		}
+	}
+
+	if !setDest {
+		return newMount, noDestError
+	}
+
+	return newMount, nil
+}
+
 // Parse a single volume mount entry from the --mount flag.
 // Note that the volume-label option for named volumes is currently NOT supported.
 // TODO: add support for --volume-label
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 1516d15e9..6eec93f98 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -12,6 +12,7 @@ import (
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/podman/v2/cmd/podman/common"
 	"github.com/containers/podman/v2/cmd/podman/registry"
+	"github.com/containers/podman/v2/cmd/podman/utils"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	"github.com/containers/podman/v2/pkg/errorhandling"
@@ -58,7 +59,7 @@ func createFlags(flags *pflag.FlagSet) {
 	flags.SetInterspersed(false)
 	flags.AddFlagSet(common.GetCreateFlags(&cliVals))
 	flags.AddFlagSet(common.GetNetFlags())
-	flags.SetNormalizeFunc(common.AliasFlags)
+	flags.SetNormalizeFunc(utils.AliasFlags)
 
 	if registry.IsRemote() {
 		_ = flags.MarkHidden("authfile")
diff --git a/cmd/podman/containers/exec.go b/cmd/podman/containers/exec.go
index da450054f..e301ca588 100644
--- a/cmd/podman/containers/exec.go
+++ b/cmd/podman/containers/exec.go
@@ -10,6 +10,7 @@ import (
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	envLib "github.com/containers/podman/v2/pkg/env"
+	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -110,6 +111,12 @@ func exec(_ *cobra.Command, args []string) error {
 
 	execOpts.Envs = envLib.Join(execOpts.Envs, cliEnv)
 
+	for fd := 3; fd < int(3+execOpts.PreserveFDs); fd++ {
+		if !rootless.IsFdInherited(fd) {
+			return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd)
+		}
+	}
+
 	if !execDetach {
 		streams := define.AttachStreams{}
 		streams.OutputStream = os.Stdout
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index d26aed826..a84cb6814 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/containers/podman/v2/cmd/podman/common"
 	"github.com/containers/podman/v2/cmd/podman/registry"
+	"github.com/containers/podman/v2/cmd/podman/utils"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	"github.com/containers/podman/v2/pkg/errorhandling"
@@ -58,7 +59,7 @@ func runFlags(flags *pflag.FlagSet) {
 	flags.SetInterspersed(false)
 	flags.AddFlagSet(common.GetCreateFlags(&cliVals))
 	flags.AddFlagSet(common.GetNetFlags())
-	flags.SetNormalizeFunc(common.AliasFlags)
+	flags.SetNormalizeFunc(utils.AliasFlags)
 	flags.BoolVar(&runOpts.SigProxy, "sig-proxy", true, "Proxy received signals to the process")
 	flags.BoolVar(&runRmi, "rmi", false, "Remove container image unless used by other containers")
 	flags.UintVar(&runOpts.PreserveFDs, "preserve-fds", 0, "Pass a number of additional file descriptors into the container")
@@ -125,6 +126,11 @@ func run(cmd *cobra.Command, args []string) error {
 	if err := createInit(cmd); err != nil {
 		return err
 	}
+	for fd := 3; fd < int(3+runOpts.PreserveFDs); fd++ {
+		if !rootless.IsFdInherited(fd) {
+			return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd)
+		}
+	}
 
 	imageName := args[0]
 	if !cliVals.RootFS {
diff --git a/cmd/podman/registry/remote.go b/cmd/podman/registry/remote.go
index 7dbdd3824..9b7523ac0 100644
--- a/cmd/podman/registry/remote.go
+++ b/cmd/podman/registry/remote.go
@@ -5,22 +5,24 @@ import (
 	"sync"
 
 	"github.com/containers/podman/v2/pkg/domain/entities"
-	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
 )
 
-var (
-	// Was --remote given on command line
-	remoteOverride bool
-	remoteSync     sync.Once
-)
+// Value for --remote given on command line
+var remoteFromCLI = struct {
+	Value bool
+	sync  sync.Once
+}{}
 
-// IsRemote returns true if podman was built to run remote
+// IsRemote returns true if podman was built to run remote or --remote flag given on CLI
 // Use in init() functions as a initialization check
 func IsRemote() bool {
-	remoteSync.Do(func() {
-		remote := &cobra.Command{}
-		remote.Flags().BoolVarP(&remoteOverride, "remote", "r", false, "")
-		_ = remote.ParseFlags(os.Args)
+	remoteFromCLI.sync.Do(func() {
+		fs := pflag.NewFlagSet("remote", pflag.ContinueOnError)
+		fs.BoolVarP(&remoteFromCLI.Value, "remote", "r", false, "")
+		fs.ParseErrorsWhitelist.UnknownFlags = true
+		fs.SetInterspersed(false)
+		_ = fs.Parse(os.Args[1:])
 	})
-	return podmanOptions.EngineMode == entities.TunnelMode || remoteOverride
+	return podmanOptions.EngineMode == entities.TunnelMode || remoteFromCLI.Value
 }