4 files changed, 16 insertions, 20 deletions

diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index e96b6a8d6..403a1065b 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -518,21 +518,3 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
 	)
 	return &createFlags
 }
-
-func AliasFlags(_ *pflag.FlagSet, name string) pflag.NormalizedName {
-	switch name {
-	case "healthcheck-command":
-		name = "health-cmd"
-	case "healthcheck-interval":
-		name = "health-interval"
-	case "healthcheck-retries":
-		name = "health-retries"
-	case "healthcheck-start-period":
-		name = "health-start-period"
-	case "healthcheck-timeout":
-		name = "health-timeout"
-	case "net":
-		name = "network"
-	}
-	return pflag.NormalizedName(name)
-}
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 1516d15e9..6eec93f98 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -12,6 +12,7 @@ import (
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/podman/v2/cmd/podman/common"
 	"github.com/containers/podman/v2/cmd/podman/registry"
+	"github.com/containers/podman/v2/cmd/podman/utils"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	"github.com/containers/podman/v2/pkg/errorhandling"
@@ -58,7 +59,7 @@ func createFlags(flags *pflag.FlagSet) {
 	flags.SetInterspersed(false)
 	flags.AddFlagSet(common.GetCreateFlags(&cliVals))
 	flags.AddFlagSet(common.GetNetFlags())
-	flags.SetNormalizeFunc(common.AliasFlags)
+	flags.SetNormalizeFunc(utils.AliasFlags)
 
 	if registry.IsRemote() {
 		_ = flags.MarkHidden("authfile")
diff --git a/cmd/podman/containers/exec.go b/cmd/podman/containers/exec.go
index da450054f..e301ca588 100644
--- a/cmd/podman/containers/exec.go
+++ b/cmd/podman/containers/exec.go
@@ -10,6 +10,7 @@ import (
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	envLib "github.com/containers/podman/v2/pkg/env"
+	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -110,6 +111,12 @@ func exec(_ *cobra.Command, args []string) error {
 
 	execOpts.Envs = envLib.Join(execOpts.Envs, cliEnv)
 
+	for fd := 3; fd < int(3+execOpts.PreserveFDs); fd++ {
+		if !rootless.IsFdInherited(fd) {
+			return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd)
+		}
+	}
+
 	if !execDetach {
 		streams := define.AttachStreams{}
 		streams.OutputStream = os.Stdout
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index d26aed826..a84cb6814 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/containers/podman/v2/cmd/podman/common"
 	"github.com/containers/podman/v2/cmd/podman/registry"
+	"github.com/containers/podman/v2/cmd/podman/utils"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	"github.com/containers/podman/v2/pkg/errorhandling"
@@ -58,7 +59,7 @@ func runFlags(flags *pflag.FlagSet) {
 	flags.SetInterspersed(false)
 	flags.AddFlagSet(common.GetCreateFlags(&cliVals))
 	flags.AddFlagSet(common.GetNetFlags())
-	flags.SetNormalizeFunc(common.AliasFlags)
+	flags.SetNormalizeFunc(utils.AliasFlags)
 	flags.BoolVar(&runOpts.SigProxy, "sig-proxy", true, "Proxy received signals to the process")
 	flags.BoolVar(&runRmi, "rmi", false, "Remove container image unless used by other containers")
 	flags.UintVar(&runOpts.PreserveFDs, "preserve-fds", 0, "Pass a number of additional file descriptors into the container")
@@ -125,6 +126,11 @@ func run(cmd *cobra.Command, args []string) error {
 	if err := createInit(cmd); err != nil {
 		return err
 	}
+	for fd := 3; fd < int(3+runOpts.PreserveFDs); fd++ {
+		if !rootless.IsFdInherited(fd) {
+			return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd)
+		}
+	}
 
 	imageName := args[0]
 	if !cliVals.RootFS {