the init in krun guest should handle flags like --tmpfs, not crun in host

[karuboniru]

When trying to workaround containers/libkrun#510, I wanted to mount a tmpfs so that the related UDS won't be available on the host, but I found that

$ podman --runtime=krun run -it --rm --tmpfs /test fedora:latest mount                                        
/dev/root on / type virtiofs (rw,relatime)
devtmpfs on /dev type devtmpfs (rw,relatime,size=1034632k,nr_inodes=258658,mode=755)
none on /proc type virtiofs (rw,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
tmpfs on /dev/shm type tmpfs (rw,nosuid,noexec,relatime)

Which means the tmpfs seems to be handled by host (my guess, setup a rootfs structure with the tmpfs on host and pass the tree as a whole with virtfs)

But this causes a performance loss (tmpfs now needs to go through the VMM and host not guest internal), so it would be great if the mount point information can be passed to guest and let the guest init to do the work.

[giuseppe]

@slp PTAL

[slp]

Created containers/libkrun#515 to track this from libkrun's side.

[mtjhrc]

This could certainly be a useful functionality, unfortunately I don't think this (alone) would prevent the unix domain sockets to be intercepted by TSI, currently that happens before the path is actually resolved (that means relative paths are also broken within the guest - see containers/libkrunfw#103).