In confid.md:
We should clarify the readonlyRootfs flag. My interpretation is that when true, writes to that file system from within the container would result in copy on write and when false they would actually modify the underlying file system. Is that an accurate understanding of the intent?