I would like to create a feature that is an option to disable the masked paths and read-only paths for /proc.

The purpose is for nesting user namespaced rootless containers inside a docker container without setting --privileged

It would solve the following bug:
opencontainers/runc#1658 (comment)

Reproducible here (the dockerfile lives here: https://github.com/jessfraz/dockerfiles/tree/master/runc-rootless):

$ docker run --rm -it --security-opt seccomp=unconfined --security-opt apparmor=unconfined r.j3ss.co/runc-rootless
container_linux.go:297: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/home/user/rootfs\\\" at \\\"/proc\\\" caused \\\"operation not permitted\\\"\""

If I turn off the masked paths and readonly paths then this will work and I can fulfill my use case and sleep at night. I am more than happy to write it in a way that you choose and file a PR.