Lines Matching refs:containers

52    Dropping `CAP_MKNOD` for containers is hence generally not advisable, but
55 4. `systemd-udevd` is not available in containers (and refuses to start), and
76    alteration from inside the containers. Or to turn this around: only the
154    container. Make it a relative symlink to the containers's zoneinfo dir, as
173    Containers](http://0pointer.de/blog/projects/socket-activated-containers.html)
284    wholesale. (Also see the section about fully unprivileged containers below.)
295    section about fully unprivileged containers below.)
307 5. Don't pretend that passing arbitrary devices to containers could really work
324    device model is not virtualized for containers on Linux and thus the
325    containers and the host would try to manage the same devices, fighting for
341    containers, and passing these credentials is pointless hence, given the
353 First things first, to make this clear: Linux containers are not a security
359 affect the host and other containers, and vice versa. This is a major security
375 `struct user` issue described above goes away, and containers can keep
392 out-of-the-box in containers. In fact we are interested to ensure that the same