Generate a random product_uuid at containerd

Signed-off-by: Quique Llorente <ellorent@redhat.com>

images/base/Dockerfile

@@ -112,6 +112,7 @@ RUN echo "Installing Packages ..." \
       libseccomp2 pigz \
       bash ca-certificates curl rsync \
       nfs-common fuse-overlayfs \
+      jq \
     && find /lib/systemd/system/sysinit.target.wants/ -name "systemd-tmpfiles-setup.service" -delete \
     && rm -f /lib/systemd/system/multi-user.target.wants/* \
     && rm -f /etc/systemd/system/*.wants/* \
@@ -142,8 +143,10 @@ RUN echo "Installing containerd ..." \
     && sha256sum --ignore-missing -c /tmp/runc.sha256 \
     && mv /tmp/runc.${TARGETARCH} /usr/local/sbin/runc \
     && chmod 755 /usr/local/sbin/runc \
+    && ctr oci spec |jq '.mounts[.mounts | length] |= . + {"destination": "/sys/class/dmi/id/product_uuid", "source": "/sys/class/dmi/id/product_uuid", "options": ["ro", "bind"]}'> /etc/containerd/cri-base.json \
     && containerd --version \
     && runc --version \
+    && apt-get remove jq \
     && systemctl enable containerd 
 
 RUN echo "Installing crictl ..." \

images/base/files/etc/containerd/config.toml

@@ -17,6 +17,8 @@ version = 2
 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
   # set default runtime handler to v2, which has a per-pod shim
   runtime_type = "io.containerd.runc.v2"
+  # Generated by "ctr oci spec" and modified at base container to mount poduct_uuid
+  base_runtime_spec = "/etc/containerd/cri-base.json"
 
 # Setup a runtime with the magic name ("test-handler") used for Kubernetes
 # runtime class tests ...