libpod: Fix building the pause image rootfs on FreeBSD

[dfr]

On FreeBSD, we don't have support for RootfsOverlay so make this part platform-specific.

An alternative to this might be to set the root filesystem to be readonly in the OCI config which is supported on FreeBSD and should give similar protection in the pause image.

Does this PR introduce a user-facing change?

None

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dfr
Once this PR has been reviewed and has the lgtm label, please assign tomsweeneyredhat for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Luap99]

An alternative to this might be to set the root filesystem to be readonly in the OCI config which is supported on FreeBSD and should give similar protection in the pause image.

The problem is (not sure about freebsd) that we must manually pre create all mount points such as /proc, /sys, /dev, etc...
Certainly something we should look into overall, I think it would be an overall win if we could have a rootfs read only dir so we could safe one overlay mount per pod.

I am not sure that if we should dp that without the read only part, multiple infra containers using the same rw rootfs does not sound to great to me even though it should not be problem as catatonit should not do any writes at all. But I wonder if this would open up the door for more compromises somehow.