The first version uses
LD_PRELOAD to inject code to execve and overwrite the runc binary.
runc is statically compiled and required a different trick. When doing a
restore runc will try to execute
criu to get it's version, we can use this point to hijack the flow and perform the same overwrite.