[djmetzle]

I hear all of your complaints and empathize with them. Containerized workflows are in fact more complex, and it does hurt a little.

But consider this. You can mount the entire host fs, say under `/var/host` or the likes, and you're tied back to Code on the machine. You can use the host network stack with `--net=host`. And you can even skip user and process space segmentation. And so what would that get you?

Containers are just threads with good default isolation. By default, the system capabilities are greatly reduced in a container (PTRACE for example, though sometimes that one hurts a little too). Systemd does the exact same things with it's units, careful segmenting out it's units into process groups with constrained capabilities.

The point being that containers are just processes with good default isolation. That's a win for versioning and security, at the cost of complexity.