app: integrate container autoroot

Doing this instead of mounting directly on / because it's impossible to ensure a parent is available for every path hakurei wants to mount to. This situation is similar to autoetc hence the similar name, however a symlink mirror will not work in this case.

Signed-off-by: Ophestra <cat@gensokyo.uk>

hst/template.go

@@ -1,6 +1,7 @@
 package hst
 
 import (
+	"hakurei.app/container"
 	"hakurei.app/container/seccomp"
 	"hakurei.app/system"
 	"hakurei.app/system/dbus"
@@ -85,10 +86,12 @@ func Template() *Config {
 					Dst: "/data/data/org.chromium.Chromium", Write: true, Must: true},
 				{Src: "/dev/dri", Device: true},
 			},
-			Link:    [][2]string{{"/run/user/65534", "/run/user/150"}},
-			Etc:     "/etc",
-			AutoEtc: true,
-			Cover:   []string{"/var/run/nscd"},
+			Link:      [][2]string{{"/run/user/65534", "/run/user/150"}},
+			AutoRoot:  "/var/lib/hakurei/base/org.debian",
+			RootFlags: container.BindWritable,
+			Etc:       "/etc",
+			AutoEtc:   true,
+			Cover:     []string{"/var/run/nscd"},
 		},
 	}
 }