gVisor allows bind mounting directories at a regular file mount point

[danielnorberg]

Description

gVisor unexpectedly allows bind mounting a directory at a regular file mount point.

When attempting the same on linux mount fails with ENOTDIR. gVisor should do the same.

Steps to reproduce

$ docker run --rm --runtime=runsc --privileged -it ubuntu
root@ccaec9ede2a2:/# echo foo > foo
root@ccaec9ede2a2:/# cat foo
foo
root@ccaec9ede2a2:/# mkdir bar
root@ccaec9ede2a2:/# mount --bind bar foo

^ The above is expected to fail, but succeeds.

runsc version

runsc version release-20251215.0
spec: 1.1.0-rc.1

docker version (if using docker)

Client: Docker Engine - Community
 Version:    27.4.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.19.3
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.32.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 22
  Running: 13
  Paused: 0
  Stopped: 9
 Images: 97
 Server Version: 27.4.1
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: runsc io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 88bf19b2105c8b17560993bee28a01ddc2f97182
 runc version: v1.2.2-0-g7cb3632
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-304.171.4.3.el9uek.x86_64
 Operating System: Oracle Linux Server 9.5
 OSType: linux
 Architecture: x86_64
 CPUs: 10
 Total Memory: 377GiB
 Name: dano-dev2
 ID: f4569151-f1de-4cb0-9456-54a802c8d874
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Default Address Pools:
   Base: invalid Prefix, Size: 24

uname

Linux dano-dev2 5.15.0-304.171.4.3.el9uek.x86_64 #2 SMP Fri Jan 24 07:37:13 PST 2025 x86_64 x86_64 x86_64 GNU/Linux

kubectl (if using Kubernetes)

repo state (if built from source)

No response

runsc debug logs (if available)

[danielnorberg]

Claude:

gVisor's BindAt() in pkg/sentry/vfs/mount.go is missing the type validation that Linux performs in graft_tree() (fs/namespace.c):

if (d_is_dir(mp->mp->m_dentry) != d_is_dir(mnt->mnt.mnt_root))
    return -ENOTDIR;

[milantracy]

Thanks, I believe this is a known issue.

One can mount a directory on top of a regular file and one can mount a regular on top of a directory.

Please feel free to send your patch

cc: @avagin

[danielnorberg]

I've pushed a fix here: #12447