The only cases where we really need to be privileged with respect
to the host is when we are trying to mknod, and in some cases
to do with a physical network device. This patch leaves the
detection of the network device cases as a TODO.
This should fix the currently broken case of starting a privileged
container with at least one veth nic, nested inside an unprivileged
container.