hst/fsbind: optional autoetc behaviour

This generalises the special field allowing any special behaviour to be matched from target.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/app/container_linux.go

@@ -40,9 +40,13 @@ func newContainer(s *hst.ContainerConfig, os sys.State, prefix string, uid, gid
 		ForwardCancel: s.WaitDelay >= 0,
 	}
 
+	as := &hst.ApplyState{
+		AutoEtcPrefix: prefix,
+	}
 	{
 		ops := make(container.Ops, 0, preallocateOpsCount+len(s.Filesystem)+len(s.Link))
 		params.Ops = &ops
+		as.Ops = &ops
 	}
 
 	if s.Multiarch {
@@ -81,10 +85,10 @@ func newContainer(s *hst.ContainerConfig, os sys.State, prefix string, uid, gid
 		// if the first element targets /, it is inserted early and excluded from path hiding
 		rootfs := filesystem[0].FilesystemConfig
 		filesystem = filesystem[1:]
-		rootfs.Apply(params.Ops)
+		rootfs.Apply(as)
 
 		// autoroot requires special handling during path hiding
-		if b, ok := rootfs.(*hst.FSBind); ok && b.Valid() && b.AutoRoot {
+		if b, ok := rootfs.(*hst.FSBind); ok && b.IsAutoRoot() {
 			autoroot = b
 		}
 	}
@@ -143,7 +147,7 @@ func newContainer(s *hst.ContainerConfig, os sys.State, prefix string, uid, gid
 		if !c.Valid() {
 			return nil, nil, fmt.Errorf("invalid filesystem at index %d", i)
 		}
-		c.Apply(params.Ops)
+		c.Apply(as)
 
 		// fs counter
 		hidePathSourceCount += len(c.Host())

internal/app/seal_linux.go

@@ -246,10 +246,10 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 
 			Filesystem: []hst.FilesystemConfigJSON{
 				{&hst.FSBind{
-					Target:   container.AbsFHSRoot,
-					Source:   container.AbsFHSRoot,
-					Write:    true,
-					AutoRoot: true,
+					Target:  container.AbsFHSRoot,
+					Source:  container.AbsFHSRoot,
+					Write:   true,
+					Special: true,
 				}},
 			},
 		}