[docs] Running rootlesskit inside docker with few permissions

[michaelzangl]

We want to run rootlesskit inside a docker container, to be able to run a docker daemon there (for integreation tests)

I know that I can run the container that is starting rootlesskit with seccomp=unconfined apparmor=unconfined systempaths=unconfined

This is removing a lot of docker security functionality. It should be documented on how to run the container with the least privileges required, especially which system calls it acutally needs / a custom seccomp profile.

[AkihiroSuda]

We want to run rootlesskit inside a docker container, to be able to run a docker daemon there (for integreation tests)

You need full --privileged for rootless docker-in-docker.

For other use cases (e.g. rootless buildkit in docker), seccomp=unconfined apparmor=unconfined should be enough.