The other thing you have not though of and is critical. If LSM is the same LSM across all containers. What happens if that is breached and tripped to disable. You only want to loss one container to a breach not the whole box and dice in one hit. Its also the reason why my design does not have a direct link between controllers. No cascade threw system to take box and dice. The more I look at it more holes I find why the current LSM model just cannot keep on existing with Containers. Its not the best option. Hacking it to work with containers is only creating risks of more problems. The LSM model as also breed that problem of not sharing security tech advantages to everyone. Ie if they don't use our LSM they don't need/deserve our defense. Different LSM per container from a security point of view appears critical. Sorry to say redesign from the ground up time everyone. Its a round peg into a square hole yes you can bash it in but it will never fit right. Peter Dolding ps sorry for going on so long I just see this as a major problem. If you have a solution to it tell me. Since a cut line has be put somewhere with containers. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers