Implement the repository namesake (buildbox-run-bubblewrap)

Background

This is a continuation of buildbox-worker#5 (closed), though I'd like to re-open the issue here for completeness' sake. As part of BuildStream/buildstream#1226 (closed) we'll need an implementation of buildbox-run with bubblewrap, and this should live in this repository.

Task description

We should implement buildbox-run with bwrap, an unprivileged sandboxing tool for Linux.

Implementation can closely follow that of BuildGrid/buildbox/buildbox-run-userchroot, although it will likely be significantly simpler. Some of it can also be moved from BuildGrid/buildbox/buildbox-fuse (buildbox-fuse#33 (closed)).

Acceptance Criteria

We have an implementation of buildbox-run that uses bwrap as a sandboxing backend that can be used to successfully run the BuildStream test suite.

Edited Dec 09, 2019 by Tristan Maat