Validate the bind-propagation option to --mount

Similar to github.com/containers/buildah/pull/5761 but not
security critical as Podman does not have an expectation that
mounts are scoped (the ability to write a --mount option is
already the ability to mount arbitrary content into the container
so sneaking arbitrary options into the mount doesn't have
security implications). Still, bad practice to let users inject
anything into the mount command line so let's not do that.

Signed-off-by: Matt Heon <mheon@redhat.com>

pkg/specgenutil/volumes.go

@@ -272,6 +272,12 @@ func parseMountOptions(mountType string, args []string) (*spec.Mount, error) {
 			if !hasValue {
 				return nil, fmt.Errorf("%v: %w", name, errOptionArg)
 			}
+			switch value {
+			case "shared", "rshared", "private", "rprivate", "slave", "rslave", "unbindable", "runbindable":
+				// Do nothing, sane value
+			default:
+				return nil, fmt.Errorf("invalid value %q", arg)
+			}
 			mnt.Options = append(mnt.Options, value)
 		case "consistency":
 			// Often used on MACs and mistakenly on Linux platforms.

test/e2e/run_volume_test.go

@@ -122,6 +122,10 @@ var _ = Describe("Podman run with volumes", func() {
 		session.WaitWithDefaultTimeout()
 		Expect(session).To(ExitWithError(125, `"notmpcopyup" option not supported for "bind" mount types`))
 
+		session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=bind,src=/tmp,target=/tmp,bind-propagation=fake", ALPINE, "true"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).To(ExitWithError(125, `invalid value "bind-propagation=fake"`))
+
 		session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=tmpfs,target=/etc/ssl,notmpcopyup", ALPINE, "ls", "/etc/ssl"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(ExitCleanly())