A contentstore can be created on top of readonly path and
should not fail unless there is an attempt to write into it.
Currently this fails because new ingest directory is created
always, meaning for example that you can't create a store to
read blobs from OCI layout without it contaminating the OCI
layout files.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This functionality is not directly related to containerd and could move
to external package at some point.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Implement calls to the fsverity kernel module, allowing containerd to
enable fsverity on blob data in the content store. This causes fsverity
to veirfy the integrity of blob data when the blob is read.
Signed-off-by: James Jenkins <James.Jenkins@ibm.com>
