[derobert]

It looks like systemd-nspawn is gaining rootless support, see https://github.com/systemd/systemd/issues/30239

Until then, I'm not sure if there is anything lightweight. If you don't need lightweight, there is Podman.

[NekkoDroid]

Do note that the current support is limited to signed disk images, while it was recently (still not in a release) gained the ability to use any directory that resides inside a signed disk image (instead of just the entire disk image).

[Imustaskforhelp]

Podman requires one time root for installation though.

I am on a completely rootless client at one of my servers.

[tobwen]

Nope, you can compile/download and run it completely from unprivileged userspace.