Make Mount.Type optional for bind mounts

According to the OCI spec Mount.Type is an optional field and it
defaults to "bind" when any of "bind" or "rbind" is included in
Mount.Options.

Also fix the shim to remove bind/rbind from options when mount is
converted from bind to tmpfs inside the Sentry.

Fixes #2330
Fixes #3274

PiperOrigin-RevId: 371996891

1 files changed, 18 insertions, 0 deletions

diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go
index e5e66546c..11b476690 100644
--- a/runsc/specutils/specutils.go
+++ b/runsc/specutils/specutils.go
@@ -335,9 +335,27 @@ func capsFromNames(names []string, skipSet map[linux.Capability]struct{}) (auth.
 // Is9PMount returns true if the given mount can be mounted as an external
 // gofer.
 func Is9PMount(m specs.Mount, vfs2Enabled bool) bool {
+	MaybeConvertToBindMount(&m)
 	return m.Type == "bind" && m.Source != "" && IsSupportedDevMount(m, vfs2Enabled)
 }
 
+// MaybeConvertToBindMount converts mount type to "bind" in case any of the
+// mount options are either "bind" or "rbind" as required by the OCI spec.
+//
+// "For bind mounts (when options include either bind or rbind), the type is a
+// dummy, often "none" (not listed in /proc/filesystems)."
+func MaybeConvertToBindMount(m *specs.Mount) {
+	if m.Type == "bind" {
+		return
+	}
+	for _, opt := range m.Options {
+		if opt == "bind" || opt == "rbind" {
+			m.Type = "bind"
+			return
+		}
+	}
+}
+
 // IsSupportedDevMount returns true if m.Destination does not specify a
 // path that is hardcoded by VFS1's implementation of /dev.
 func IsSupportedDevMount(m specs.Mount, vfs2Enabled bool) bool {