podman: new option --preserve-fd

add a new option --preserve-fd that allows to specify a list of FDs to
pass down to the container.

It is similar to --preserve-fds but it allows to specify a list of FDs
instead of the maximum FD number to preserve.

--preserve-fd and --preserve-fds are mutually exclusive.

It requires crun since runc would complain if any fd below
--preserve-fds is not preserved.

Closes: https://github.com/containers/podman/issues/20844

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

docs/source/markdown/options/preserve-fd.md

@@ -0,0 +1,10 @@
+####> This option file is used in:
+####>   podman exec, run
+####> If file is edited, make sure the changes
+####> are applicable to all of those.
+#### **--preserve-fd**=*FD1[,FD2,...]*
+
+Pass down to the process the additional file descriptors specified in the comma separated list.  It can be specified multiple times.
+This option is only supported with the crun OCI runtime.  It might be a security risk to use this option with other OCI runtimes.
+
+(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)

docs/source/markdown/podman-exec.1.md.in

@@ -27,6 +27,8 @@ Start the exec session, but do not attach to it. The command runs in the backgro
 
 @@option latest
 
+@@option preserve-fd
+
 @@option preserve-fds
 
 @@option privileged

docs/source/markdown/podman-run.1.md.in

@@ -308,6 +308,8 @@ This is used to override the Podman provided user setup in favor of entrypoint c
 
 @@option pod-id-file.container
 
+@@option preserve-fd
+
 @@option preserve-fds
 
 @@option privileged