Add support for a privileged rootless container that is sufficient to run libvirt and carthage.
we discovered several things that we need to do to make a container suitable for WHS-mitigation. Put together a suitable libvirtd base container that
has setgroups LD_PRELOAD
properly configures qemu.conf (user=root, group=root, remember_owner = 0
dynamic_ownership = 0
Documents what volumes are needed
Documents how to gain access to /dev/kvm --group-add=keep
Add support for a privileged rootless container that is sufficient to run libvirt and carthage.
we discovered several things that we need to do to make a container suitable for WHS-mitigation. Put together a suitable libvirtd base container that
dynamic_ownership = 0