Currently, the overlayfs upperdir is not included in any disk quota accounting. This means that a task can write arbitrary amounts of data to /tmp and will escape the sandbox disk quota.
Propose that we propagate the overlayfs upperdir directory to the disk isolators so that they can manage this storage, and include it in the total sandbox usage quota. This would need to be supported by both disk/du and disk/xfs isolators. We should be able to propagate the additional information out of the provisioner in ProvisionInfo and then into ContainerConfig.
The proposed semantics would be that both the sandbox and overlayfs upperdir usage would count towards the ephemeral disk quota.