You seem to have forgotten the work of your forefathers. When appealing to history you must understand it first. What about using netfilter (with extensions)? We already have iptables module to match on uid or gid. It wouldn't be hard to extend this to other bits of meta data like originating and target containers. You could also use this to restrict access to ports and hosts on a per container basis. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
