|
|
|
|
|
|
by sbrivio
1337 days ago
|
|
|
On top of that, you usually want to isolate the container workload with an observable network abstraction instead of granting it full (albeit non-root) access to host network facilities (including sockets). See https://medium.com/nttlabs/dont-use-host-network-namespace-f... for just an example of what can go wrong otherwise. |
|
|