The systemd-nspawn manpage lists the various mechanisms used to isolate the container, and then says "Note that even though these security precautions are taken systemd-nspawn is not suitable for secure container setups. Many of the security features may be circumvented and are hence primarily useful to avoid accidental changes to the host system from the container."
How can a process in a systemd-nspawn container circumvent the container setup? What additional steps would systemd-nspawn need to take to provide a secure container setup? - Josh Triplett _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
