Support runc

[AkihiroSuda]

subuidless/README.md

Lines 25 to 74 in 6e36c0c

	## Requirements
	* crun with https://github.com/containers/crun/pull/438
	* libseccomp >= v2.5.0
	* libprotobuf-c
	**Note**: libseccomp >= v2.5.0 is not available as a dpkg/rpm package in most distros as of July 2020.
	To install libseccomp from the source onto a custom prefix (`/opt/libseccomp`):
	```console
	$ git clone https://github.com/seccomp/libseccomp.git
	$ cd libseccomp
	$ git checkout v2.5.0
	$ ./autogen.sh
	$ ./configure --prefix=/opt/seccomp && make && sudo make install
	```
	To install crun:
	```console
	$ git clone https://github.com/containers/crun.git
	$ cd crun
	$ hub checkout https://github.com/containers/crun/pull/438
	$ ./autogen.sh
	$ CFLAGS="-I/opt/libseccomp/include/" LDFLAGS="-L/opt/libseccomp/lib" ./configure && make && sudo make install
	```
	## Usage
	Terminal 1:
	```console
	$ LIBSECCOMP_PREFIX=/opt/libseccomp ./make.sh
	$ mkdir -p ./test/rootfs && docker create --name foo alpine && docker export foo | tar Cx ./test/rootfs && docker rm -f foo
	$ ./subuidless ~/.subuidless.sock
	Listening on /home/user/.subuidless.sock
	...
	```
	Terminal 2:
	```console
	$ RUN_OCI_SECCOMP_RECEIVER=~/.subuidless.sock unshare -r crun run -b ./test foo
	/ # cat /proc/self/uid_map
	0 1001 1
	/ # touch foo
	/ # chown 42:42 foo
	/ # ls -ln foo
	-rw-r--r-- 1 42 42 0 Jul 29 12:06 foo
	```
	Make sure that the `chown` command succeeds without `Invalid argument` error, even though no subuid is configured in the `uid_map` file.
	The UID ang GID are recorded to [the `user.rootlesscontainers` xattr](https://github.com/rootless-containers/proto) of the target file.

See https://github.com/opencontainers/runc/blob/v1.1.9/contrib/cmd/seccompagent/gen-seccomp-example-cfg.sh#L20 for runc's (OCI's) equivalent of RUN_OCI_SECCOMP_RECEIVER