ACRN: dm: Modify the runC.json for NUC.

The path modify the configuration for the runC container. There have
three changes for the configuration.
1、args [ "sh" ]: this is an example parameter and when the VM is started,
the parameter will be replaced by the launch_UOS script.
2、The linux capabilities will guarantee the Acrn-dm have enough capabilities
to run in container. For more infomation about the capalility you can refer
http://man7.org/linux/man-pages/man7/capabilities.7.htm
3、Move the rootfs to the parent directory, so all the container can share
the same rootfs.

Tracked-On: projectacrn#2020
Signed-off-by: Long Liu <long.liu@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>

devicemodel/samples/nuc/runC.json

@@ -7,9 +7,7 @@
 			"gid": 0
 		},
 		"args": [
-			"/usr/share/acrn/samples/apl-mrb/launch_uos.sh",
+			"sh"
-			"-V",
-			"2"
 		],
 		"env": [
 			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
@@ -18,40 +16,215 @@
 		"cwd": "/",
 		"capabilities": {
 			"bounding": [
+				"CAP_AUDIT_WRITE",
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_DAC_READ_SEARCH",
+				"CAP_FOWNER",
+				"CAP_FSETID",
+				"CAP_KILL",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETPCAP",
+				"CAP_LINUX_IMMUTABLE",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_NET_BROADCAST",
+				"CAP_NET_ADMIN",
+				"CAP_NET_RAW",
+				"CAP_IPC_LOCK",
+				"CAP_IPC_OWNER",
+				"CAP_SYS_MODULE",
+				"CAP_SYS_RAWIO",
+				"CAP_SYS_CHROOT",
+				"CAP_SYS_PTRACE",
+				"CAP_SYS_PACCT",
 				"CAP_SYS_ADMIN",
+				"CAP_SYS_BOOT",
+				"CAP_SYS_NICE",
 				"CAP_SYS_RESOURCE",
+				"CAP_SYS_TIME",
+				"CAP_SYS_TTY_CONFIG",
+				"CAP_MKNOD",
+				"CAP_LEASE",
+				"CAP_AUDIT_WRITE",
+				"CAP_AUDIT_CONTROL",
+				"CAP_SETFCAP",
+				"CAP_MAC_OVERRIDE",
+				"CAP_MAC_ADMIN",
+				"CAP_SYSLOG",
 				"CAP_WAKE_ALARM",
-				"CAP_SYS_MODULE"
+				"CAP_BLOCK_SUSPEND",
+				"CAP_AUDIT_READ"
 
 			],
 			"effective": [
+				"CAP_AUDIT_WRITE",
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_DAC_READ_SEARCH",
+				"CAP_FOWNER",
+				"CAP_FSETID",
+				"CAP_KILL",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETPCAP",
+				"CAP_LINUX_IMMUTABLE",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_NET_BROADCAST",
+				"CAP_NET_ADMIN",
+				"CAP_NET_RAW",
+				"CAP_IPC_LOCK",
+				"CAP_IPC_OWNER",
+				"CAP_SYS_MODULE",
+				"CAP_SYS_RAWIO",
+				"CAP_SYS_CHROOT",
+				"CAP_SYS_PTRACE",
+				"CAP_SYS_PACCT",
 				"CAP_SYS_ADMIN",
+				"CAP_SYS_BOOT",
+				"CAP_SYS_NICE",
 				"CAP_SYS_RESOURCE",
+				"CAP_SYS_TIME",
+				"CAP_SYS_TTY_CONFIG",
+				"CAP_MKNOD",
+				"CAP_LEASE",
+				"CAP_AUDIT_WRITE",
+				"CAP_AUDIT_CONTROL",
+				"CAP_SETFCAP",
+				"CAP_MAC_OVERRIDE",
+				"CAP_MAC_ADMIN",
+				"CAP_SYSLOG",
 				"CAP_WAKE_ALARM",
-				"CAP_SYS_MODULE"
+				"CAP_BLOCK_SUSPEND",
+				"CAP_AUDIT_READ"
 			],
 			"inheritable": [
+				"CAP_AUDIT_WRITE",
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_DAC_READ_SEARCH",
+				"CAP_FOWNER",
+				"CAP_FSETID",
+				"CAP_KILL",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETPCAP",
+				"CAP_LINUX_IMMUTABLE",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_NET_BROADCAST",
+				"CAP_NET_ADMIN",
+				"CAP_NET_RAW",
+				"CAP_IPC_LOCK",
+				"CAP_IPC_OWNER",
+				"CAP_SYS_MODULE",
+				"CAP_SYS_RAWIO",
+				"CAP_SYS_CHROOT",
+				"CAP_SYS_PTRACE",
+				"CAP_SYS_PACCT",
 				"CAP_SYS_ADMIN",
+				"CAP_SYS_BOOT",
+				"CAP_SYS_NICE",
 				"CAP_SYS_RESOURCE",
+				"CAP_SYS_TIME",
+				"CAP_SYS_TTY_CONFIG",
+				"CAP_MKNOD",
+				"CAP_LEASE",
+				"CAP_AUDIT_WRITE",
+				"CAP_AUDIT_CONTROL",
+				"CAP_SETFCAP",
+				"CAP_MAC_OVERRIDE",
+				"CAP_MAC_ADMIN",
+				"CAP_SYSLOG",
 				"CAP_WAKE_ALARM",
-				"CAP_SYS_MODULE"
+				"CAP_BLOCK_SUSPEND",
+				"CAP_AUDIT_READ"
 			],
 			"permitted": [
+				"CAP_AUDIT_WRITE",
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_DAC_READ_SEARCH",
+				"CAP_FOWNER",
+				"CAP_FSETID",
+				"CAP_KILL",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETPCAP",
+				"CAP_LINUX_IMMUTABLE",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_NET_BROADCAST",
+				"CAP_NET_ADMIN",
+				"CAP_NET_RAW",
+				"CAP_IPC_LOCK",
+				"CAP_IPC_OWNER",
+				"CAP_SYS_MODULE",
+				"CAP_SYS_RAWIO",
+				"CAP_SYS_CHROOT",
+				"CAP_SYS_PTRACE",
+				"CAP_SYS_PACCT",
 				"CAP_SYS_ADMIN",
+				"CAP_SYS_BOOT",
+				"CAP_SYS_NICE",
 				"CAP_SYS_RESOURCE",
+				"CAP_SYS_TIME",
+				"CAP_SYS_TTY_CONFIG",
+				"CAP_MKNOD",
+				"CAP_LEASE",
+				"CAP_AUDIT_WRITE",
+				"CAP_AUDIT_CONTROL",
+				"CAP_SETFCAP",
+				"CAP_MAC_OVERRIDE",
+				"CAP_MAC_ADMIN",
+				"CAP_SYSLOG",
 				"CAP_WAKE_ALARM",
-				"CAP_SYS_MODULE"
+				"CAP_BLOCK_SUSPEND",
+				"CAP_AUDIT_READ"
 			],
 			"ambient": [
+				"CAP_AUDIT_WRITE",
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_DAC_READ_SEARCH",
+				"CAP_FOWNER",
+				"CAP_FSETID",
+				"CAP_KILL",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETPCAP",
+				"CAP_LINUX_IMMUTABLE",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_NET_BROADCAST",
+				"CAP_NET_ADMIN",
+				"CAP_NET_RAW",
+				"CAP_IPC_LOCK",
+				"CAP_IPC_OWNER",
+				"CAP_SYS_MODULE",
+				"CAP_SYS_RAWIO",
+				"CAP_SYS_CHROOT",
+				"CAP_SYS_PTRACE",
+				"CAP_SYS_PACCT",
 				"CAP_SYS_ADMIN",
+				"CAP_SYS_BOOT",
+				"CAP_SYS_NICE",
 				"CAP_SYS_RESOURCE",
+				"CAP_SYS_TIME",
+				"CAP_SYS_TTY_CONFIG",
+				"CAP_MKNOD",
+				"CAP_LEASE",
+				"CAP_AUDIT_WRITE",
+				"CAP_AUDIT_CONTROL",
+				"CAP_SETFCAP",
+				"CAP_MAC_OVERRIDE",
+				"CAP_MAC_ADMIN",
+				"CAP_SYSLOG",
 				"CAP_WAKE_ALARM",
-				"CAP_SYS_MODULE"
+				"CAP_BLOCK_SUSPEND",
+				"CAP_AUDIT_READ"
 			]
 		}
 	},
 	"root": {
-		"path": "rootfs",
+		"path": "../rootfs",
 		"readonly": false
 	},
 	"hostname": "runc",
@@ -92,6 +265,9 @@
 			},
 			{
 				"type": "uts"
+			},
+			{
+				"type": "mount"
 			}
 		]
 	}