Add testcase

tests/integration/mounts_nodev_nosuid_noexec.bats

@@ -0,0 +1,44 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function setup() {
+	# Create a ro fuse-sshfs mount; skip the test if it's not working.
+	local sshfs="sshfs
+		-o UserKnownHostsFile=/dev/null
+		-o StrictHostKeyChecking=no
+		-o PasswordAuthentication=no"
+
+	DIR="$BATS_RUN_TMPDIR/fuse-sshfs"
+	mkdir -p "$DIR"
+
+	if ! $sshfs -o nodev,nosuid,noexec rootless@localhost: "$DIR"; then
+		skip "test requires working sshfs mounts"
+	fi
+
+	setup_busybox
+	update_config '.process.args = ["/bin/echo", "Hello World"]'
+}
+
+function teardown() {
+	# New distros (Fedora 35) do not have fusermount installed
+	# as a dependency of fuse-sshfs, and good ol' umount works.
+	fusermount -u "$DIR" || umount "$DIR"
+
+	teardown_bundle
+}
+
+@test "runc run [dev,exec,suid bind mount of a nodev,nosuid,noexec fuse sshfs mount]" {
+	# The "sync" option is used to trigger a remount with the below options.
+	# It serves no further purpose. Otherwise only a bind mount without
+	# applying the below options will be done.
+	update_config '	  .mounts += [{
+					type: "bind",
+					source: "'"$DIR"'",
+					destination: "/mnt",
+					options: ["dev", "suid", "exec", "rprivate", "rbind", "sync"]
+				}]'
+
+	runc run test_busybox
+	[ "$status" -eq 0 ]
+}