[$] System call interception for unprivileged containers

On the first day of the 2022 LinuxSecurity Summit North America (LSSNA) in Austin, Texas, Stephane Graberand Christian Brauner gave a presentation on using system-call interceptionfor container security purposes. The idea is to allow unprivilegedcontainers, those without elevated privileges on the host, to stillaccomplish their tasks, some of which require privileges. A fair amount ofwork has been done to make this viable, but there is still more to do.