Inconsistency in mutability of read-only maps with persistence

[maleadt]

Taking the basic example from the README, but adding persistence:

julia> config = SandboxConfig(
           Dict("/" => Sandbox.debian_rootfs());
           stdin, stdout, stderr, persist=true
       )

julia> exe = UnprivilegedUserNamespacesExecutor()

With this configuration, I can freely modify everything in the rootfs, and it'll end up in my persistence directory:

julia> run(exe, config, `/bin/bash -l`)
root@taurus:/# touch /usr/foo

julia> exe.persistence_dir
"/tmp/jl_zClJUk"

shell> ls /tmp/jl_zClJUk/upper/rootfs/usr/foo
/tmp/jl_zClJUk/upper/rootfs/usr/foo

However, if I add other read-only mounts into the mix, the same does not apply to those folders:

julia> config = SandboxConfig(
           Dict("/" => Sandbox.debian_rootfs(), "/tmp" => "/tmp");
           stdin, stdout, stderr, persist=true
       )

julia> exe = UnprivilegedUserNamespacesExecutor()

julia> run(exe, config, `/bin/bash -l`)
root@taurus:/# touch /tmp/bar
touch: cannot touch '/tmp/bar': Read-only file system
root@taurus:/# touch /usr/foo    <-- still works

That seems like a strange inconsistency. Furthermore, the ability to do so would make it possible to cleanly fix a PkgEval issue, where we want to mount a package cache to ~/.julia/packages but only sync changes to the cache after testing (eliminating concurrent writes, but also making it possibly to verify contents before caching). I'd do so by peeking into the persistence dir, which isn't great, but there aren't many alternatives (see JuliaCI/PkgEval.jl#158).

[maleadt]

I guess the inconsistency is intended, given how this is also how docker works.