[$] Progress for unprivileged containers

Over the past few years, there has been quite a bit of progress in variouskernel features that can be used to create containers without requiringprivileges. Most of the containers these days run as root, whichmeans that a vulnerability leading to an escape from the container canresult in system compromise. Stephane Graber gave a talk at the 2022 LinuxSecurity Summit Europe (LSS EU) to fill in some of the details of workthat he and others have been doing to run containers as unprivileged code.