Hi, tldr: add early-docker daemon (a la coreos) to support running
I need to connect bare-metal atomic hosts via ipsec. That works (with minor quirks) using the privileged ibotty/ipsec-libreswan container. Unfortunately, because it is using docker, it starts pretty late in the boot process. Fortunately I drop sensitive traffic before ipsec is up. But: I can't use firewalld to do that, because any firewalld container would start as late as ipsec. I understand, that in order to keep the image minimal, not every software can and should be installed. Running an early docker without network (all containers use host-net) would enable that. What do you think? Cheers, Tobias Florek
