Support Sysbox #30
Description
Motivation
Sysbox is a container runtime that effectively allows running privileged containers without sacrificing security (for example, it exposes writable cgroupfs). Since invoker works pretty bad without root, and running invoker as privileged container is potential security threat, using sysbox can improve overall security.
Tasks
- Verify that invoker works under sysbox
- Figure out which flags are required for invoker
- Add docs page about sysbox
- Add tests, run them in CI