Single file mount support

[dcantah]

It would be nice to support sharing in single files instead of being bound by it being a directory.

Virtiofs doesn't support sharing in single files, so we'd need to get a bit smart. One option is to share in the parent directory of the file, and then bind mount the single file into the containers mount ns. The mount setup code would need to start doing a stat on every mount to ensure it's a file and not a directory and take appropriate action, but that's not too worrying. This approach is concerning as the container may have access (via the parent dir) to a LOT more files than the user actually asked for. It's trivial to call mount(2) in our containers as we don't do any sort of syscall filtering or otherwise, so the container could mount the parent virtiofs dir directly into their container.

A second approach would be to make a tempdir somewhere and hardlink in the single file into this and share that in. This has the downside that it would only work on the same volume however.

Ideally this supports ro and rw. A common case would be to inject host ~/.gradle/init.gradle and ~/.gradle/gradle.properties into a Java build container without mounting the host Gradle cache.

[elijah-wright]

I can't think of another way to do this. to be specific I think we can share the parent directory, generate a tag from the parent directory (probably with hashing), create an internal mount point in the container's namespace using the tag, mount it, and then bind mount the file

[dcantah]

I agree, although the parent directory I think will need to be mounted somewhere outside of the containers mount ns/rootfs in the guest. Only the single file should be bind mounted in from wherever that location is in the guest, but the tricky part is the mount code isn't super setup for something like this, and we make the VMs rootfs read only also 😅.

[Sunsvea]

Unsure if this is a priority but I created a PR for it here: #250