diff --git a/runc-rootless/Dockerfile b/runc-rootless/Dockerfile
new file mode 100644
index 0000000..2fc921c
--- /dev/null
+++ b/runc-rootless/Dockerfile
@@ -0,0 +1,33 @@
+FROM golang:1.9-alpine AS runc
+ARG RUNC_VERSION=9f9c96235cc97674e935002fc3d78361b696a69e
+RUN apk add --no-cache \
+	bash \
+	curl \
+	g++ \
+	git \
+	libseccomp-dev \
+	linux-headers \
+	make
+RUN git clone https://github.com/jessfraz/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git checkout -q "demo-rootless" \
+	&& make static BUILDTAGS="seccomp" EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS="-extldflags \\\"-fno-PIC -static\\\"" \
+	&& mv runc /usr/bin/runc
+
+FROM alpine
+MAINTAINER Jessica Frazelle <jess@linux.com>
+RUN apk add --no-cache \
+	bash \
+	shadow \
+	shadow-uidmap \
+	strace
+COPY --from=runc /usr/bin/runc /usr/bin/runc
+COPY start.sh /usr/bin/start.sh
+ENV HOME /home/user
+RUN useradd --create-home --home-dir $HOME user
+COPY busybox.tar /home/user/busybox.tar
+RUN chown -R user:user $HOME /run /tmp
+USER user
+WORKDIR $HOME
+
+CMD ["start.sh"]
diff --git a/runc-rootless/busybox.tar b/runc-rootless/busybox.tar
new file mode 100644
index 0000000..a5a7370
Binary files /dev/null and b/runc-rootless/busybox.tar differ
diff --git a/runc-rootless/start.sh b/runc-rootless/start.sh
new file mode 100755
index 0000000..7170221
--- /dev/null
+++ b/runc-rootless/start.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+set -o pipefail
+
+mkdir -p "${HOME}/rootfs"
+mkdir -p "${HOME}/containerroot"
+
+# untar the rootfs
+tar -C "${HOME}/rootfs" -xf "${HOME}/busybox.tar"
+
+# create the spec
+runc spec --rootless
+
+# run the container
+runc --root "${HOME}/containerroot" run mycontainer