vfs: validate source/target type match in BindAt

[danielnorberg]

Fix a bug where gVisor allows bind mounting a directory at a regular file mount point (and vice versa). Linux's mount fails with ENOTDIR in this case, but gVisor was not performing this validation.

Add IsDir() method to DentryImpl interface to check if a dentry represents a directory. BindAt now validates that source and target have matching types (both directories or both non-directories) after resolving the paths with GetDentryAt.

Fixes #12444

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[ayushr2]

Thanks for the fix!

[ayushr2]

We don't need to extend DentryImpl. The information about whether an Dentry is a Dir or not is available via vfsObj.StatAt. You can find an example here:

gvisor/pkg/sentry/vfs/opath.go

Lines 149 to 160 in 826b78e

	stat, err := vfs.StatAt(ctx, creds, &PathOperation{
	Root: vd,
	Start: vd,
	}, &StatOptions{
	Mask: linux.STATX_MODE,
	})
	if err != nil {
	return nil, err
	}
	if stat.Mode&linux.S_IFDIR == 0 {
	return nil, linuxerr.ENOTDIR
	}

In vfs.BindAt, we already have the VDs from GetDentryAt, so should be easy to call vfs.StatAt() with that directly, as shown above.

[danielnorberg]

@ayushr2 ptal again 🙏