===== Overview =====

General observations ...

===== Observations =====

  * Is there a market for a book on underlying container technology?
  * Works with context outside of Docker? podman? cgroups v2?
  * "system containers" such as LXC and LXD?
  * technologies:
    * cgroups
    * namespaces
    * chroot
  * scanning images
  * rootfull versus rootless images
  * too much setuid stuff, need to assume a lot of that
  * emphasize ephemeral images

===== CHECK OUT =====

  * "sidecar" containers
  * Docker daemon needs to run as root, podman has no daemon
  * "runc" and JSON bundle