10 lines
350 B
Plaintext
10 lines
350 B
Plaintext
Bubblewrap
|
|
|
|
Many container runtime tools like systemd-nspawn, docker,
|
|
etc. focus on providing infrastructure for system administrators and
|
|
orchestration tools (e.g. Kubernetes) to run containers.
|
|
|
|
These tools are not suitable to give to unprivileged users, because it
|
|
is trivial to turn such access into to a fully privileged root shell
|
|
on the host.
|