> > > The direction of this statement is correct, but the magnitude is not. The > kernel is still provided by the host. Getting a crash report can be > frustrating when the guest's behavior hinges on /proc features that the > host OS has configured appropriately for the host, not the guest. > Configurable security restrictions can make the debugging experience > different from one installation to another. Et cetera. >
Yes it's true that containers are not completely safe from host configurations, but I didn't think talking about the 1% would help this discussion. If you think it makes pursuing this idea a waste of time then fair enough. David K doesn't like it either so I think it's time to let it go. >