Fix tests that fail with true read only

Mounting a directory inside a read only container requires that to be
created in advance, but `runc` worked around that if the rootfs was not
originally read only.

You cannot even bind mount a file that does not exist into a
read only container.

The containerd test is given a disk, as running on an overlay does
not work; however it is also disabled as one of the parts of the test
is failing, needs investigation.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>

test/pkg/containerd/Dockerfile

@@ -31,4 +31,4 @@ RUN git checkout $CONTAINERD_COMMIT
 ADD run.sh ./run.sh
 
 ENTRYPOINT ["/bin/sh", "run.sh"]
-LABEL org.mobyproject.config='{"net": "host", "capabilities": ["all"], "tmpfs": ["/tmp:exec"], "binds": ["/dev:/dev", "/etc/resolv.conf:/etc/resolv.conf", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/containerd:/usr/bin/containerd", "/usr/bin/containerd-shim:/usr/bin/containerd-shim"], "mounts": [{"type": "cgroup", "options": ["rw","nosuid","noexec","nodev","relatime"]}],}'
+LABEL org.mobyproject.config='{"net": "host", "capabilities": ["all"], "tmpfs": ["/tmp:exec"], "binds": ["/dev:/dev", "/var:/var", "/etc/resolv.conf:/etc/resolv.conf", "/usr/bin/runc:/usr/bin/runc", "/usr/bin/containerd:/usr/bin/containerd", "/usr/bin/containerd-shim:/usr/bin/containerd-shim"], "mounts": [{"type": "cgroup", "options": ["rw","nosuid","noexec","nodev","relatime"]}],}'

test/pkg/kernel-config/Dockerfile

@@ -7,6 +7,8 @@ ENV DOCKER_CHECK_CONFIG_COMMIT=72cda6a6c2f25854bea2d69168082684f2c9feca
 ADD https://raw.githubusercontent.com/docker/docker/${DOCKER_CHECK_CONFIG_COMMIT}/contrib/check-config.sh /out/check-config.sh
 ADD . ./out
 
+RUN mkdir -p /out/lib/modules
+
 FROM scratch
 COPY --from=mirror /out /
 ENTRYPOINT ["/bin/sh", "/check.sh"]