Linux containers on FreeBSD

Obtained from:	https://github.com/containerd/containerd/pull/7000
--- oci/spec_opts.go.orig	2022-06-06 17:19:23 UTC
+++ oci/spec_opts.go
@@ -365,6 +365,7 @@ func WithImageConfigArgs(image Image, args []string) S
 			return fmt.Errorf("unknown image config media type %s", ic.MediaType)
 		}
 
+		appendOSMounts(s, ociimage.OS)
 		setProcess(s)
 		if s.Linux != nil {
 			defaults := config.Env
--- oci/spec_opts_darwin.go.orig	2022-06-11 11:16:33 UTC
+++ oci/spec_opts_darwin.go
@@ -0,0 +1,21 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package oci
+
+func appendOSMounts(s *Spec, os string) error {
+	return nil
+}
--- oci/spec_opts_freebsd.go.orig	2022-06-11 11:16:33 UTC
+++ oci/spec_opts_freebsd.go
@@ -0,0 +1,50 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package oci
+
+import (
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+// appendOSMounts modifies the mount spec to mount emulated Linux filesystems on FreeBSD,
+// as per: https://wiki.freebsd.org/LinuxJails
+func appendOSMounts(s *Spec, os string) error {
+	// No-op for FreeBSD containers
+	if os != "linux" {
+		return nil
+	}
+	/* The nosuid noexec options are for consistency with Linux mounts: on FreeBSD it is
+	   by default impossible to execute anything from these filesystems.
+	*/
+	var mounts = []specs.Mount{
+		{
+			Destination: "/proc",
+			Type:        "linprocfs",
+			Source:      "linprocfs",
+			Options:     []string{"nosuid", "noexec"},
+		},
+		{
+			Destination: "/sys",
+			Type:        "linsysfs",
+			Source:      "linsysfs",
+			Options:     []string{"nosuid", "noexec", "nodev"},
+		},
+	}
+
+	s.Mounts = append(mounts, s.Mounts...)
+	return nil
+}
--- oci/spec_opts_linux.go.orig	2022-06-06 17:19:23 UTC
+++ oci/spec_opts_linux.go
@@ -153,3 +153,7 @@ func WithRdt(closID, l3CacheSchema, memBwSchema string
 		return nil
 	}
 }
+
+func appendOSMounts(s *Spec, os string) error {
+	return nil
+}
--- platforms/defaults_freebsd.go.orig	2022-06-11 11:16:33 UTC
+++ platforms/defaults_freebsd.go
@@ -0,0 +1,42 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package platforms
+
+import (
+	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"runtime"
+)
+
+// DefaultSpec returns the current platform's default platform specification.
+func DefaultSpec() specs.Platform {
+	return specs.Platform{
+		OS:           runtime.GOOS,
+		Architecture: runtime.GOARCH,
+		// The Variant field will be empty if arch != ARM.
+		Variant: cpuVariant(),
+	}
+}
+
+// Default returns the default matcher for the platform.
+func Default() MatchComparer {
+	return Ordered(DefaultSpec(), specs.Platform{
+		OS:           "linux",
+		Architecture: runtime.GOARCH,
+		// The Variant field will be empty if arch != ARM.
+		Variant: cpuVariant(),
+	})
+}
--- platforms/defaults_unix.go.orig	2022-06-06 17:19:23 UTC
+++ platforms/defaults_unix.go
@@ -1,5 +1,5 @@
-//go:build !windows && !darwin
-// +build !windows,!darwin
+//go:build !windows && !darwin && !freebsd
+// +build !windows,!darwin,!freebsd
 
 /*
    Copyright The containerd Authors.
