As an unprivileged user, it is disappointing that buildah mount, a major part of what makes buildah interesting for building images, is only useful inside of a buildah unshare context, which is pretty clunky.

buildah unshare's -m flag can be used to mount a container's filesystem for the duration of the buildah unshare command, and spawn the command or shell it runs with the location of that container set in the environment, allowing it to be referenced using that variable in a shell command.

If the command we spawned inside of buildah unshare exported that filesystem in such a way that it could be mounted from outside of that context, for example using fuse, we'd regain some flexibility.

One example using dpipe (from vde-2) to fire up the host's openssh-server and sshfs packages, inspired by an example from the sshfs(1) man page:

mountpoint=$(mktemp -d)
ctr=$(buildah from ubi8)
dpipe buildah unshare --mount root=$ctr sh -c '/usr/libexec/openssh/sftp-server -d $root' = sshfs -o passive :. $mountpoint &
...
umount $mountpoint

We'd want to handle the pipe fitting ourselves, and this doesn't handle ID mappings correctly, but those are things we should be able to fix if we want to fix them. We're not limited to using sftp-server and sshfs, either, and we should explore other options.