Fix working directory for Docker images without home directories

[ivo1116]

• Read the Contributing document.

Summary

Fixes cloudfoundry/diego-release#1089 - Intermittent create-workdir-failed for Docker images using system users with no home directory.

Docker images using adduser --no-create-home crash when Guardian tries to set a non-existent home directory as the working directory. This causes diego-sshd and launcher processes to fail with exit status 2 and error message create-workdir-failed.

Root Cause:
When DesiredLRP doesn't explicitly set a Dir property, Guardian defaults to the home directory from /etc/passwd. For system users created with --no-create-home, this directory doesn't exist in the container's rootFS, causing the process creation to fail.

Solution:
Added getRootDir() function in rundmc/processes/builder.go that:

• Checks if the working directory exists in the container's rootFS using os.Stat()
• Falls back to / (which always exists) if the directory doesn't exist
• Preserves existing behavior for containers with valid home directories

Backward Compatibility

Breaking Change? No

This change is backwards compatible. It only affects containers where the working directory doesn't exist (which currently crash). Containers with existing home directories continue to work as before.

[ameowlia]

Unit tests please! Other than that it looks fine.

[ameowlia]

I am getting a failure in one of the unit tests that were already there:

• [FAILED] [0.000 seconds]
ProcBuilder the built process when the bundle has no mappings for host root (container is privileged) when a TTY is specified [It] passes the working dir
/home/pivotal/workspace/garden-runc-release/src/guardian/rundmc/processes/builder_test.go:198

  [FAILED] Expected
      <string>: /
  to equal
      <string>: dir
  In [It] at: /home/pivotal/workspace/garden-runc-release/src/guardian/rundmc/processes/builder_test.go:199 @ 03/12/26 15:23:50.968