podman - for running OCI-based containers in Pods

libpod provides a library for applications looking to use the Container Pod
concept popularized by Kubernetes. libpod also contains a tool called podman
for managing Pods, Containers, and Container Images.

At a high level, the scope of libpod and podman is the following:
* Support multiple image formats including the existing Docker/OCI image formats.
* Support for multiple means to download images including trust & image verification.
* Container image management (managing image layers, overlay filesystems, etc).
* Full management of container lifecycle
* Support for pods to manage groups of containers together
* Resource isolation of containers and pods.

These container runtimes can run as non-root, but require sub-uid/gid mappings

To run podman as a user:

    echo 'user.max_user_namespaces=30111' >> /etc/sysctl.conf
    echo '<YOUR_USER>:100000:65536' >> /etc/subuid
    echo '<YOUR_USER>:100000:65536' >> /etc/subgid