Hi, While I know it's not officially part of this effort, I'd like to crosspost the announcement of a new release of my project "linux-user-chroot" here:
https://git.gnome.org/browse/linux-user-chroot/tag/?id=v2015.1 It's focused around *non-root* containers. In contrast to: http://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/ I believe it's an easy way to use Linux container features as non-root to enhance integrity and confidentiality. For example, here's a bash alias I'm using: alias make='chrt --idle 0 linux-user-chroot --unshare-ipc --unshare-net --unshare-pid --mount-devapi /dev --mount-proc /proc --seccomp-profile-version 0 --chdir $(pwd) / make' Now, whenever I'm building a project directly on my workstation and I just type my normal "make -j 4", it's sandboxed fairly well. Another intended use of linux-user-chroot is for robust build systems that run as non-root. The upstream README has some links: https://git.gnome.org/browse/linux-user-chroot/tree/README?id=v2015.1
