5cb2915d8e
Use a wrapper for starting processes which can setup proper cgroups, OOMscore, and also drop capabilities for the process, then it calls `execve`. The containerd tests is also fixed to support cgroups when running tests in buildkit. It used to pass previously as we did not error if cgroup setup failed. Signed-off-by: Noel Georgi <git@frezbo.dev>