Add `runc --version-json` and print the implemented mount option strings

[AkihiroSuda]

A high-level container application may want to obtain the list of the mount option strings supported by runc, because runc just ignores unimplemented mount option strings.

However, there is no way to obtain the list of the implemented mount option strings other than manually inspecting the code:

runc/libcontainer/specconv/spec_linux.go

Lines 771 to 824 in c1103d9

	flags := map[string]struct {
	clear bool
	flag int
	}{
	"acl": {false, unix.MS_POSIXACL},
	"async": {true, unix.MS_SYNCHRONOUS},
	"atime": {true, unix.MS_NOATIME},
	"bind": {false, unix.MS_BIND},
	"defaults": {false, 0},
	"dev": {true, unix.MS_NODEV},
	"diratime": {true, unix.MS_NODIRATIME},
	"dirsync": {false, unix.MS_DIRSYNC},
	"exec": {true, unix.MS_NOEXEC},
	"iversion": {false, unix.MS_I_VERSION},
	"lazytime": {false, unix.MS_LAZYTIME},
	"loud": {true, unix.MS_SILENT},
	"mand": {false, unix.MS_MANDLOCK},
	"noacl": {true, unix.MS_POSIXACL},
	"noatime": {false, unix.MS_NOATIME},
	"nodev": {false, unix.MS_NODEV},
	"nodiratime": {false, unix.MS_NODIRATIME},
	"noexec": {false, unix.MS_NOEXEC},
	"noiversion": {true, unix.MS_I_VERSION},
	"nolazytime": {true, unix.MS_LAZYTIME},
	"nomand": {true, unix.MS_MANDLOCK},
	"norelatime": {true, unix.MS_RELATIME},
	"nostrictatime": {true, unix.MS_STRICTATIME},
	"nosuid": {false, unix.MS_NOSUID},
	"rbind": {false, unix.MS_BIND | unix.MS_REC},
	"relatime": {false, unix.MS_RELATIME},
	"remount": {false, unix.MS_REMOUNT},
	"ro": {false, unix.MS_RDONLY},
	"rw": {true, unix.MS_RDONLY},
	"silent": {false, unix.MS_SILENT},
	"strictatime": {false, unix.MS_STRICTATIME},
	"suid": {true, unix.MS_NOSUID},
	"sync": {false, unix.MS_SYNCHRONOUS},
	}
	propagationFlags := map[string]int{
	"private": unix.MS_PRIVATE,
	"shared": unix.MS_SHARED,
	"slave": unix.MS_SLAVE,
	"unbindable": unix.MS_UNBINDABLE,
	"rprivate": unix.MS_PRIVATE | unix.MS_REC,
	"rshared": unix.MS_SHARED | unix.MS_REC,
	"rslave": unix.MS_SLAVE | unix.MS_REC,
	"runbindable": unix.MS_UNBINDABLE | unix.MS_REC,
	}
	extensionFlags := map[string]struct {
	clear bool
	flag int
	}{
	"tmpcopyup": {false, configs.EXT_COPYUP},
	}

I suggest adding runc --version-json command to print the machine-readable list of the implemented mount option strings.
We can put other info in this JSON eventually, too.

$ runc --version-json
{
  "version": "X.Y.Z+dev",
  "commit": "vX.Y.Z-XXX-gXXXXXXXX",
  "spec": "X.Y.Z",
  "go": "goX.Y.Z",
  "libseccomp": "X.Y.Z",
  "supportedMountOptions": ["ro", "rw", "private", "rprivate", ..., "tmpcopyup"]
}

Relates to :

• Support recursive mount attrs ("rro", "rnosuid", "rnodev", ...) #3272

[AkihiroSuda]

cc @giuseppe (runc and crun should share the same convention for this)

[kolyshkin]

The --version-json seems to be misleading, as it does not really shows version info.

Can we have something like runc features instead, which will produce output similar to the above, maybe slightly more generalized. For example

$ runc features
{
  "version": "X.Y.Z+dev",
  "commit": "vX.Y.Z-XXX-gXXXXXXXX",
  .....
  "features": [
     "seccomp",
     .....
     "mount-rro"
  ]
}

JSON can certainly be different, I'm mostly talking about the command name (and command vs option).

[AkihiroSuda]

We should also print the known cap names in the json
containerd/nerdctl#567 (comment)

[AkihiroSuda]

PR: #3296