Using runc inside a pod in kubernetes with least privileges

[ashokponkumar]

I am currently able to run a container within a Openshift/Kubernetes pod, with the below security context for the container.

  securityContext:
    privileged: true
    runAsUser: 0

When I remove either of them, I am running into multiple errors. Currently I am using ubi8 as the base image.

Just wondering what would be the minimum permissions I need to grand to the container for me to be able to successfully execute runc inside the container. I have read multiple blog posts and issues, but could not find a single simple list. From this PR, I understand that running rootless should be possible. But want to know the bare minimum mandatory permissions.