container: Add export --format=tar command

Some people want to use container build tools, but for compatibility
with older systems export a tar format of the OS state e.g.
Anaconda liveimg expects this.

Basically this is only *slightly* more than just `tar cf`; we need
to handle SELinux labeling and move the kernel.

Ref: #1957

Assisted-by: OpenCode (Sonnet 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>

Author: cgwalters

Cargo.lock

@@ -101,7 +101,7 @@ test-tmt *ARGS: build
 [group('core')]
 test-container: build build-units
     podman run --rm --read-only localhost/bootc-units /usr/bin/bootc-units
-    podman run --rm --env=BOOTC_variant={{variant}} --env=BOOTC_base={{base}} {{base_img}} bootc-integration-tests container
+    podman run --rm --env=BOOTC_variant={{variant}} --env=BOOTC_base={{base}} --mount=type=image,source={{base_img}},target=/run/target {{base_img}} bootc-integration-tests container
 
 # Build and test sealed composefs images
 [group('core')]

Justfile

@@ -415,6 +415,40 @@ pub(crate) enum ContainerOpts {
         #[clap(last = true)]
         args: Vec<OsString>,
     },
+    /// Export container filesystem as a tar archive.
+    ///
+    /// This command exports the container filesystem in a bootable format with proper
+    /// SELinux labeling. The output is written to stdout by default or to a specified file.
+    ///
+    /// Example:
+    ///   bootc container export /target > output.tar
+    Export {
+        /// Format for export output
+        #[clap(long, default_value = "tar")]
+        format: ExportFormat,
+
+        /// Output file (defaults to stdout)
+        #[clap(long, short = 'o')]
+        output: Option<Utf8PathBuf>,
+
+        /// Copy kernel and initramfs from /usr/lib/modules to /boot for legacy compatibility.
+        /// This is useful for installers that expect the kernel in /boot.
+        #[clap(long)]
+        kernel_in_boot: bool,
+
+        /// Disable SELinux labeling in the exported archive.
+        #[clap(long)]
+        disable_selinux: bool,
+
+        /// Path to the container filesystem root
+        target: Utf8PathBuf,
+    },
+}
+
+#[derive(Debug, Clone, ValueEnum, PartialEq, Eq)]
+pub(crate) enum ExportFormat {
+    /// Export as tar archive
+    Tar,
 }
 
 /// Subcommands which operate on images.
@@ -1626,6 +1660,22 @@ async fn run_from_opt(opt: Opt) -> Result<()> {
                 kargs,
                 args,
             } => crate::ukify::build_ukify(&rootfs, &kargs, &args),
+            ContainerOpts::Export {
+                format,
+                target,
+                output,
+                kernel_in_boot,
+                disable_selinux,
+            } => {
+                crate::container_export::export(
+                    &format,
+                    &target,
+                    output.as_deref(),
+                    kernel_in_boot,
+                    disable_selinux,
+                )
+                .await
+            }
         },
         Opt::Completion { shell } => {
             use clap_complete::aot::generate;