[1.1] rootfs: fix 'can we mount on top of /proc' check

[cyphar]

(Backport of a patch from #3985.)

---

(This is a cherry-pick of cdff09ab875159d004035990c0d45e8bdf20ed35 but modified so that changes like 8e8b136c4923a and a60933bb24565 don't also need to be backported. Ideally we would backport the entire "remove all mount logic from nsexec" series, but that would be a bit too much.)

Our previous test for whether we can mount on top of /proc incorrectly assumed that it would only be called with bind-mount sources. This meant that having a non bind-mount entry for a pseudo-filesystem (like overlayfs) with a dummy source set to /proc on the host would let you bypass the check, which could easily lead to security issues.

In addition, the check should be applied more uniformly to all mount types, so fix that as well. And add some tests for some of the tricky cases to make sure we protect against them properly.

Fixes: 331692baa7af ("Only allow proc mount if it is procfs") Signed-off-by: Aleksa Sarai [email protected]