containerd rootless + nerdctl

setup.md

• wget https://github.com/containerd/nerdctl/releases/download/v2.2.0/nerdctl-full-2.2.0-linux-amd64.tar.gz
• tar Cxzvvf ~/.local/ nerdctl-full-2.2.0-linux-amd64.tar.gz
• fish_add_path $HOME/.local/bin/
• https://rootlesscontaine.rs/getting-started/common/
• sudo loginctl enable-linger $(whoami)
• systemctl --user start dbus
• sudo apt install uidmap
• sudo nvim /etc/apparmor.d/usr.local.bin.rootlesskit

abi <abi/4.0>,
include <tunables/global>

/home/fpv/.local/bin/rootlesskit flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/usr.local.bin.rootlesskit>
}

• sudo systemctl restart apparmor.service
• sudo nvim /etc/sysctl.d/99-rootless.conf

kernel.unprivileged_userns_clone=1
net.ipv4.ping_group_range = 0 2147483647
net.ipv4.ip_unprivileged_port_start=0

• sudo sysctl --system
• containerd-rootless-setuptool.sh install
• nerdctl run hello-world