3 files changed, 33 insertions, 18 deletions
diff --git a/runsc/specutils/seccomp/BUILD b/runsc/specutils/seccomp/BUILD
index e9e647d82..c5f5b863e 100644
--- a/runsc/specutils/seccomp/BUILD
+++ b/runsc/specutils/seccomp/BUILD
@@ -28,8 +28,10 @@ go_test(
     srcs = ["seccomp_test.go"],
     library = ":seccomp",
     deps = [
-        "//pkg/binary",
+        "//pkg/abi/linux",
         "//pkg/bpf",
+        "//pkg/hostarch",
+        "//pkg/marshal",
         "@com_github_opencontainers_runtime_spec//specs-go:go_default_library",
         "@org_golang_x_sys//unix:go_default_library",
     ],
diff --git a/runsc/specutils/seccomp/seccomp_test.go b/runsc/specutils/seccomp/seccomp_test.go
index 11a6c8daa..20796bf14 100644
--- a/runsc/specutils/seccomp/seccomp_test.go
+++ b/runsc/specutils/seccomp/seccomp_test.go
@@ -20,20 +20,15 @@ import (
 
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"golang.org/x/sys/unix"
-	"gvisor.dev/gvisor/pkg/binary"
+	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/bpf"
+	"gvisor.dev/gvisor/pkg/hostarch"
+	"gvisor.dev/gvisor/pkg/marshal"
 )
 
-type seccompData struct {
-	nr                 uint32
-	arch               uint32
-	instructionPointer uint64
-	args               [6]uint64
-}
-
-// asInput converts a seccompData to a bpf.Input.
-func asInput(d seccompData) bpf.Input {
-	return bpf.InputBytes{binary.Marshal(nil, binary.LittleEndian, d), binary.LittleEndian}
+// asInput converts a linux.SeccompData to a bpf.Input.
+func asInput(d *linux.SeccompData) bpf.Input {
+	return bpf.InputBytes{marshal.Marshal(d), hostarch.ByteOrder}
 }
 
 // testInput creates an Input struct with given seccomp input values.
@@ -49,13 +44,13 @@ func testInput(arch uint32, syscallName string, args *[6]uint64) bpf.Input {
 		args = &argArray
 	}
 
-	data := seccompData{
-		nr:   syscallNo,
-		arch: arch,
-		args: *args,
+	data := linux.SeccompData{
+		Nr:   int32(syscallNo),
+		Arch: arch,
+		Args: *args,
 	}
 
-	return asInput(data)
+	return asInput(&data)
 }
 
 // testCase holds a seccomp test case.
@@ -100,7 +95,7 @@ var (
 			},
 			// Syscall matches but the arch is AUDIT_ARCH_X86 so the return
 			// value is the bad arch action.
-			input:    asInput(seccompData{nr: 183, arch: 0x40000003}), //
+			input:    asInput(&linux.SeccompData{Nr: 183, Arch: 0x40000003}), //
 			expected: uint32(killThreadAction),
 		},
 		{
diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go
index e5e66546c..11b476690 100644
--- a/runsc/specutils/specutils.go
+++ b/runsc/specutils/specutils.go
@@ -335,9 +335,27 @@ func capsFromNames(names []string, skipSet map[linux.Capability]struct{}) (auth.
 // Is9PMount returns true if the given mount can be mounted as an external
 // gofer.
 func Is9PMount(m specs.Mount, vfs2Enabled bool) bool {
+	MaybeConvertToBindMount(&m)
 	return m.Type == "bind" && m.Source != "" && IsSupportedDevMount(m, vfs2Enabled)
 }
 
+// MaybeConvertToBindMount converts mount type to "bind" in case any of the
+// mount options are either "bind" or "rbind" as required by the OCI spec.
+//
+// "For bind mounts (when options include either bind or rbind), the type is a
+// dummy, often "none" (not listed in /proc/filesystems)."
+func MaybeConvertToBindMount(m *specs.Mount) {
+	if m.Type == "bind" {
+		return
+	}
+	for _, opt := range m.Options {
+		if opt == "bind" || opt == "rbind" {
+			m.Type = "bind"
+			return
+		}
+	}
+}
+
 // IsSupportedDevMount returns true if m.Destination does not specify a
 // path that is hardcoded by VFS1's implementation of /dev.
 func IsSupportedDevMount(m specs.Mount, vfs2Enabled bool) bool {