diff --git a/examples/hostmount-writeable-overlay.yml b/examples/hostmount-writeable-overlay.yml
new file mode 100644
index 000000000..b26135853
--- /dev/null
+++ b/examples/hostmount-writeable-overlay.yml
@@ -0,0 +1,47 @@
+kernel:
+  image: linuxkit/kernel:4.9.76
+  cmdline: "console=tty0 console=ttyS0 console=ttyAMA0"
+init:
+  - linuxkit/init:81fc00e879cf56fa6f058f6c891b012bc867de7f
+  - linuxkit/runc:abc3f292653e64a2fd488e9675ace19a55ec7023
+  - linuxkit/containerd:e58a382c33bb509ba3e0e8170dfaa5a100504c5b
+  - linuxkit/ca-certificates:de21b84d9b055ad9dcecc57965b654a7a24ef8e0
+onboot:
+  - name: sysctl
+    image: linuxkit/sysctl:4c1ef93bb5eb1a877318db4b2daa6768ed002e21
+  - name: dhcpcd
+    image: linuxkit/dhcpcd:0d59a6cc03412289ef4313f2491ec666c1715cc9
+    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
+onshutdown:
+  - name: shutdown
+    image: busybox:latest
+    command: ["/bin/echo", "so long and thanks for all the fish"]
+services:
+  - name: getty
+    image: linuxkit/getty:22e27189b6b354e1d5d38fc0536a5af3f2adb79f
+    env:
+     - INSECURE=true
+    runtime:
+      mounts:
+        # Makes a writeable (but private and non-persistent) mount of the
+        # host etc into the container.
+        - type: overlay
+          source: overlay
+          destination: writeable-host-etc
+          options: ["rw", "lowerdir=/etc", "upperdir=/run/hostetc/upper", "workdir=/run/hostetc/work"]
+  - name: rngd
+    image: linuxkit/rngd:94e01a4b16fadb053455cdc2269c4eb0b39199cd
+  - name: nginx
+    image: nginx:alpine
+    capabilities:
+     - CAP_NET_BIND_SERVICE
+     - CAP_CHOWN
+     - CAP_SETUID
+     - CAP_SETGID
+     - CAP_DAC_OVERRIDE
+    binds:
+     - /etc/resolv.conf:/etc/resolv.conf
+trust:
+  org:
+    - linuxkit
+    - library