cbuildrt implements a minimal unprivileged container runtime for use in
xbstrap.
It tries to isolate the containerized process from the host environment
in order to achieve reproducible builds.
Note that in contrast to runtimes such as runc,
cbuildrt does not try to protect against malicious sandbox escapes.