client, ctr: allow specifying unmanaged rootfs dir

e.g. ctr run -t --rm --rootfs /tmp/busybox-rootfs foo /bin/sh
(--rm removes the container but does not remove rootfs dir, of course)

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>

spec_unix.go

@@ -30,6 +30,12 @@ const (
 	defaultRootfsPath = "rootfs"
 )
 
+var (
+	defaultEnv = []string{
+		"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+	}
+)
+
 func defaltCaps() []string {
 	return []string{
 		"CAP_CHOWN",
@@ -76,6 +82,7 @@ func createDefaultSpec() (*specs.Spec, error) {
 			Path: defaultRootfsPath,
 		},
 		Process: &specs.Process{
+			Env:             defaultEnv,
 			Cwd:             "/",
 			NoNewPrivileges: true,
 			User: specs.User{
@@ -220,10 +227,7 @@ func WithImageConfig(ctx context.Context, i Image) SpecOpts {
 		default:
 			return fmt.Errorf("unknown image config media type %s", ic.MediaType)
 		}
-		env := []string{
-			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
-		}
-		s.Process.Env = append(env, config.Env...)
+		s.Process.Env = append(s.Process.Env, config.Env...)
 		var (
 			uid, gid uint32
 		)
@@ -262,6 +266,18 @@ func WithImageConfig(ctx context.Context, i Image) SpecOpts {
 	}
 }
 
+// WithRootFSPath specifies unmanaged rootfs path.
+func WithRootFSPath(path string, readonly bool) SpecOpts {
+	return func(s *specs.Spec) error {
+		s.Root = &specs.Root{
+			Path:     path,
+			Readonly: readonly,
+		}
+		// Entrypoint is not set here (it's up to caller)
+		return nil
+	}
+}
+
 // WithSpec sets the provided spec for a new container
 func WithSpec(spec *specs.Spec) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {