[$] Another runc container breakout

Once again, runc-a toolfor spawning and running OCI containers-is drawing attention due to a highseverity container breakout attack. This vulnerability is interesting forseveral reasons: its potential for widespread impact, the continued difficultyin actually containing containers, the dangers of running containersas a privileged user, and the fact that this vulnerability is made possiblein part by a response to a previouscontainer breakout flaw in runc.