internal/pkg: automatic overlay mount on root

This makes it possible to use an Artifact as root without arranging for directory creation in the Artifact ahead of time.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/pkg/exec.go

@@ -91,6 +91,13 @@ func (a *execNetArtifact) Cure(c *CureContext) error {
 // The working and temporary directories are both created and mounted writable
 // on /work and /tmp respectively.
 //
+// If the first path targets [fhs.AbsRoot], it is made writable via an overlay
+// mount with writes going to an ephemeral tmpfs bound to the lifetime of the
+// container. This is primarily to make it possible for [container] to set up
+// mount points targeting paths not available in the [Artifact] backing root,
+// and to accommodate poorly written programs that insist on writing to awkward
+// paths, it must not be used as scratch space.
+//
 // If checksum is non-nil, the resulting [Artifact] implements [KnownChecksum]
 // and its container runs in the host net namespace.
 //
@@ -262,6 +269,10 @@ func (a *execArtifact) cure(c *CureContext, hostNet bool) (err error) {
 
 	z.Dir, z.Env, z.Path, z.Args = a.dir, a.env, a.path, a.args
 	z.Grow(len(paths) + 4)
+	if len(paths) > 0 && paths[0][1].Is(fhs.AbsRoot) {
+		z.OverlayEphemeral(fhs.AbsRoot, paths[0][0])
+		paths = paths[1:]
+	}
 	for _, b := range paths {
 		z.Bind(b[0], b[1], 0)
 	}