Generate a random product_uuid at containerd

Signed-off-by: Quique Llorente <ellorent@redhat.com>

images/base/Dockerfile

@@ -112,6 +112,7 @@ RUN echo "Installing Packages ..." \
       libseccomp2 pigz \
       bash ca-certificates curl rsync \
       nfs-common fuse-overlayfs \
+      jq \
     && find /lib/systemd/system/sysinit.target.wants/ -name "systemd-tmpfiles-setup.service" -delete \
     && rm -f /lib/systemd/system/multi-user.target.wants/* \
     && rm -f /etc/systemd/system/*.wants/* \
@@ -144,6 +145,7 @@ RUN echo "Installing containerd ..." \
     && chmod 755 /usr/local/sbin/runc \
     && containerd --version \
     && runc --version \
+    && ctr oci spec |jq '.mounts[.mounts | length] |= . + {"destination": "/sys/class/dmi/id/product_uuid", "source": "/proc/sys/kernel/random/uuid", "options": ["bind"]}'> /etc/containerd/cri-base.json \
     && systemctl enable containerd 
 
 RUN echo "Installing crictl ..." \

images/base/files/etc/containerd/config.toml

@@ -17,6 +17,12 @@ version = 2
 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
   # set default runtime handler to v2, which has a per-pod shim
   runtime_type = "io.containerd.runc.v2"
+  # base_runtime_spec is a file path to a JSON file with the OCI spec that will be used as the base spec that all
+  # container's are created from.
+  # Use containerd's `ctr oci spec > /etc/containerd/cri-base.json` to output initial spec file.
+  # Spec files are loaded at launch, so containerd daemon must be restarted on any changes to refresh default specs.
+  # Still running containers and restarted containers will still be using the original spec from which that container was created.
+  base_runtime_spec = "/etc/containerd/cri-base.json"
 
 # Setup a runtime with the magic name ("test-handler") used for Kubernetes
 # runtime class tests ...