I notice that a lot of docker images are lean and mean as they should be. However I’d like to be able, when things go wrong, to get into the container and have access, e.g. “mount”, to a richer set of tools.

One idea would be to use a union filesystem of /usr. There would be a /usr filesystem branch that has the tools. Normally it could be read only. On occasion I might want to update it, and initially I have to create it. So in those cases I would want to mount read-only.

Has anyone done this already? Is this possible, and if so how?

(I read about running docker inside docker, but it feels to me that this can be lighter weight as it only involves the filesystem, generally