|
|
|
|
|
|
by falcolas
4067 days ago
|
|
|
You may want to mention that the network and disk isolation are not what someone from Docker would expect by default. It uses the docker equivalent of "net=host" (which provides better performance at the cost of isolation), and the disk is pointing at a shared "changeroot" on disk, instead of at a layered FS. Both of these can be better isolated with natted interfaces and a `btrfs` (which has its own reliability issues) layered image, but they are not what you expect by default. |
|
|