Fix bind mounts of filesystems with nodev, nosuid, noexec options set

Currently bind mounts of filesystems with nodev, nosuid, noexec options
set fail in rootless mode if the same options are not set for the bind
mount. For ro filesystems this was resolved by opencontainers#2570 by remounting again
with ro set. Follow the same approach for nodev, nosuid, noexec.

Signed-off-by: Ruediger Pluem <ruediger.pluem@vodafone.com>

libcontainer/rootfs_linux.go

@@ -1071,16 +1071,16 @@ func remount(m *configs.Mount, rootfs string, mountFd *int) error {
 		if err == nil {
 			return nil
 		}
-		// Check if the source has ro flag...
+		// Check if the source has ro, nodev, noexec, nosuid flag...
 		var s unix.Statfs_t
 		if err := unix.Statfs(source, &s); err != nil {
 			return &os.PathError{Op: "statfs", Path: source, Err: err}
 		}
-		if s.Flags&unix.MS_RDONLY != unix.MS_RDONLY {
+		if s.Flags&(unix.MS_RDONLY|unix.MS_NODEV|unix.MS_NOEXEC|unix.MS_NOSUID) == 0 {
 			return err
 		}
-		// ... and retry the mount with ro flag set.
-		flags |= unix.MS_RDONLY
+		// ... and retry the mount with flags found above.
+		flags |= uintptr(s.Flags & (unix.MS_RDONLY | unix.MS_NODEV | unix.MS_NOEXEC | unix.MS_NOSUID))
 		return mount(source, m.Destination, procfd, m.Device, flags, "")
 	})
 }